Date   

Re: Curious why CF UAA uses DNS

Filip Hanik
 

hi Anna,

Can you elaborate a little bit about what you are referring to?
I'm not quite sure what you are asking.

Filip


On Wed, Sep 23, 2015 at 8:23 AM, Anna Muravieva <ana-mur21s(a)yandex.ru>
wrote:

Hello,

We are using cf product in development. The question relates to uaa, if
you coordinate in research will be very appreciated. What are the benefits
why CF UAA uses DNS in routes management in opposite to checking this
identity for instance in request header.

Thanks in advance,
Anna


Curious why CF UAA uses DNS

Anna Muravieva
 

Hello,
We are using cf product in development. The question relates to uaa, if you coordinate in research will be very appreciated. What are the benefits why CF UAA uses DNS in routes management in opposite to checking this identity for instance in request header.
Thanks in advance, Anna


Curious why CF UAA uses DNS

Anna Muravieva
 

Hello,

We are using cf product in development. The question relates to uaa, if you coordinate in research will be very appreciated. What are the benefits why CF UAA uses DNS in routes management in opposite to checking this identity for instance in request header.

Thanks in advance,
Anna


RSA Security Analytics Users List

Mary Lopez <mary.lopez@...>
 

Hi,



Would you be interested in acquiring the list of users using RSA Security
Analytics?

We also have some authentic data of other Cloud Computing, ERP, PLM,
Analytics software users too.

Job Titles - CIO, CTO, Data Center Managers, CSO, Director of IT, IT
Security Head, Network Engineer etc.



Information Fields - Name, Title, Email, Phone Numbers, Company Name and
Company Details like Physical Address, Web Address, Revenue Size, Employee
Size and Industry.



Reach out with your specific requirement and get a set of free samples.



If you are not the right person to discuss this, please forward this email
to the right person in your organization.



I look forward to hearing from you.



Kind Regards,



Mary Lopez

Business Development Coordinator

Dynamics IT Solutions

7800 Shoal Creek Blvd.

Suite 230-S

Austin, TX 78757



If you do not wish to receive an email from us, please reply "Remove" in the
subject line.


Re: Security Question --- Securely wipe data on warden container removal / destruction???

Will Pragnell <wpragnell@...>
 

Guillaume, I'm not aware of any plans for secure memory wiping
specifically, but I can say that another track of security work is one of
several candidates for the next phase of work on Garden after OCS/runC
integration is completed.

That said, such a change may fall outside the remit of the Garden team; it
may be a platform wide change that involves changes to the stemcell.

On 23 September 2015 at 13:28, Guillaume Berche <bercheg(a)gmail.com> wrote:

Chris, thanks for bringing up this important security topic.

In terms of secrets an app is handling and carrying, I'd think its code
has generally limited sensitivity (e.g credentials or API key secrets are
rather stored in env vars). I'd expect memory to be much more sensitive
(e.g. holding user data), as well as state handed over to data services (12
factor apps are unlikely to store much state on their ephemeral file
system).

So related to your question about securely wipping data upon app instance
deletion, it may be interesting to consider secure RAM wiping when an app
container exits (sometimes killed by the oomkiller leaving few opportunity
for the app itself to wipe out RAM before exit). See related discussions in
[1] [2] [3] [4]. Quickly searching the bosh stemcell builder, and bosh
tracker I could not find mention of gresec or pax linux kernel
packages/patches that could strengthen RAM wiping after an app instance
exits.

Will, do you know if is there plans to tackle such kernel hardening ?

Related to secrets stored on disk in data services (p-mysql, p-redis), the
services should be designed to not provide access to previous deleted
service instances when normally functionning. The secured data wiping might
be useful if ever the data service itself would get compromised so that an
attacker would not be able to access data from deleted service instances
after hand.

Guillaume.

[1]
http://security.stackexchange.com/questions/42179/is-there-any-linux-distro-or-kernel-patch-that-wipes-a-process-memory-space-afte
[2] https://github.com/coreos/bugs/issues/332#issuecomment-109293958
[3]
https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Sanitize_all_freed_memory
[4]
https://blog.docker.com/2013/08/containers-docker-how-secure-are-they/#other-kernel-security-features


On Thu, Sep 17, 2015 at 1:38 PM, Will Pragnell <wpragnell(a)pivotal.io>
wrote:

In Diego/Garden, container files are stored on btrfs subvolumes. When a
container is destroyed, the subvolume is removed with btrfs subvolume
delete. I don’t think this does anything particularly fancy, and I don’t
think it classifies as “secure deletion”.


On 17 September 2015 at 11:53, Chris K <christopherkugler2(a)yahoo.de>
wrote:

Hello again,

I'm sorry for having to revive this topic, but I'm still unaware about
the deletion process.

[... ] i believe with standard removal tools.
Could you please specify the term "standard removal tool". What's the
standard? Is standard just the deletion of the pointer pointing on files /
segments, or is secure deletion state of the art?
I'd be thankful for any reference on documentation regarding this topic.

Thanks in advance.

Cheers Chris


Re: Security group rules to allow HTTP communication between 2 apps deployed on CF

Naveen Asapu
 

I'm using cf version 6.12.1


Re: Security Question --- Securely wipe data on warden container removal / destruction???

Guillaume Berche
 

Chris, thanks for bringing up this important security topic.

In terms of secrets an app is handling and carrying, I'd think its code has
generally limited sensitivity (e.g credentials or API key secrets are
rather stored in env vars). I'd expect memory to be much more sensitive
(e.g. holding user data), as well as state handed over to data services (12
factor apps are unlikely to store much state on their ephemeral file
system).

So related to your question about securely wipping data upon app instance
deletion, it may be interesting to consider secure RAM wiping when an app
container exits (sometimes killed by the oomkiller leaving few opportunity
for the app itself to wipe out RAM before exit). See related discussions in
[1] [2] [3] [4]. Quickly searching the bosh stemcell builder, and bosh
tracker I could not find mention of gresec or pax linux kernel
packages/patches that could strengthen RAM wiping after an app instance
exits.

Will, do you know if is there plans to tackle such kernel hardening ?

Related to secrets stored on disk in data services (p-mysql, p-redis), the
services should be designed to not provide access to previous deleted
service instances when normally functionning. The secured data wiping might
be useful if ever the data service itself would get compromised so that an
attacker would not be able to access data from deleted service instances
after hand.

Guillaume.

[1]
http://security.stackexchange.com/questions/42179/is-there-any-linux-distro-or-kernel-patch-that-wipes-a-process-memory-space-afte
[2] https://github.com/coreos/bugs/issues/332#issuecomment-109293958
[3]
https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Sanitize_all_freed_memory
[4]
https://blog.docker.com/2013/08/containers-docker-how-secure-are-they/#other-kernel-security-features

On Thu, Sep 17, 2015 at 1:38 PM, Will Pragnell <wpragnell(a)pivotal.io> wrote:

In Diego/Garden, container files are stored on btrfs subvolumes. When a
container is destroyed, the subvolume is removed with btrfs subvolume
delete. I don’t think this does anything particularly fancy, and I don’t
think it classifies as “secure deletion”.


On 17 September 2015 at 11:53, Chris K <christopherkugler2(a)yahoo.de>
wrote:

Hello again,

I'm sorry for having to revive this topic, but I'm still unaware about
the deletion process.

[... ] i believe with standard removal tools.
Could you please specify the term "standard removal tool". What's the
standard? Is standard just the deletion of the pointer pointing on files /
segments, or is secure deletion state of the art?
I'd be thankful for any reference on documentation regarding this topic.

Thanks in advance.

Cheers Chris


Re: How to deploy a Web application using HTTPs

Juan Antonio Breña Moral <bren at juanantonio.info...>
 

@James,

who add the headers?

"x-forwarded-for":"CLIENT_REAL_IP, CLOUD_FOUNDRY_IP",
"x-forwarded-proto":"https"

the load balancer or the GoRouter?


Re: Security group rules to allow HTTP communication between 2 apps deployed on CF

Denilson Nastacio <dnastacio@...>
 

The message indicates this problem is unrelated to security groups. You
would get something like "host not found" instead of "connection refused".

Which version of CF are you using?
Can you curl a url from app2 at all?

On Wed, Sep 23, 2015, 3:27 AM Naveen Asapu <asapu.naveen(a)gmail.com> wrote:

Hi Matthew Sykes,

Actually I'm trying to monitor usage of app in bluemix. for that i'm using
cf-abacus in the example steps this command also there.

can u suggest how to monitor app usage using curl and cloudfoundary

--
Thanks
Naveen Asapu


Re: How to deploy a Web application using HTTPs

Juan Antonio Breña Moral <bren at juanantonio.info...>
 

Hi James,

Now, understood your technical explanation:

"the standard way to do this is to terminate SSL at a load balancer, which then forwards to the CF routing tier. the hop between the load balancer and the cf router may be done with SSL. the network path from gorouter to the DEA / Diego Cell backend is only supported with http today."

"app client ---HTTPS---> LB ---HTTPS---> GoRouter ---HTTP---> DEA/DiegoCell"

Cloud foundry supports SSL connections, but currently GoRouter only handle http.

I checked the idea and I noticed that when I deploy an application, the platform add the following http headers:

"x-forwarded-for":"CLIENT_REAL_IP, CLOUD_FOUNDRY_IP",
"x-forwarded-proto":"https"

So, if you only want to execute an API for example with https, it is necessary to filter with this header:

"x-forwarded-proto":"https" (The idea from Matthew Sykes)

I think that it is necessary to create another issue to add the support for http2 I checked, but if fails, the same reason:

https://github.com/jabrena/CloudFoundryLab/blob/master/Node_HelloWorld_http2/index.js


Re: Avoid some folder or files using the command cf push

Juan Antonio Breña Moral <bren at juanantonio.info...>
 

Many thanks for the info, I will check the file: .cfignore

http://docs.pivotal.io/pivotalcf/devguide/deploy-apps/prepare-to-deploy.html

Juan Antonio


Re: Avoid some folder or files using the command cf push

Chunhua Zhang <chzhang@...>
 

please ref to :
https://docs.cloudfoundry.org/devguide/deploy-apps/manifest.htmlHow cf push
Finds the Application

By default, cf push recursively pushes the contents of the current working
directory. Alternatively, you can provide a path using either a manifest or
a command line option.

- If the path is to a directory, cf push recursively pushes the contents
of that directory instead of the current working directory.
- If the path is to a file, cf push pushes only that file.

*Note*: If you want to push more than a single file, but not the entire
contents of a directory, consider using a .cfignore file to tell cf push what
to exclude.

2015-09-23 16:08 GMT+08:00 Juan Antonio Breña Moral <bren(a)juanantonio.info>:

Hi,

sometimes, I deploy applications using CLI with the command cf push. This
command uploads the content of a folder and it uses the manifest file. I
would like to know if exist some way in the manifest.yml or another file to
avoid uploading some folder.

For example, if any developer create Node.js Application, the folder
node_modules is not necessary to upload because Node.js buildpack is able
to read and download the required dependencies described in the file
package.json

Does exist some way to do it?

Many thanks in advance.

Juan Antonio
--
Thanks & Best Regards,
chunhua, zhang(张春华)
M: +86 187 5198 6615
Department: CONSULTING
Manager: Leon Cheng
IT issue? Mail to: ask(a)pivotal.io


Avoid some folder or files using the command cf push

Juan Antonio Breña Moral <bren at juanantonio.info...>
 

Hi,

sometimes, I deploy applications using CLI with the command cf push. This command uploads the content of a folder and it uses the manifest file. I would like to know if exist some way in the manifest.yml or another file to avoid uploading some folder.

For example, if any developer create Node.js Application, the folder node_modules is not necessary to upload because Node.js buildpack is able to read and download the required dependencies described in the file package.json

Does exist some way to do it?

Many thanks in advance.

Juan Antonio


Re: Security group rules to allow HTTP communication between 2 apps deployed on CF

Naveen Asapu
 

Hi Matthew Sykes,

Actually I'm trying to monitor usage of app in bluemix. for that i'm using cf-abacus in the example steps this command also there.

can u suggest how to monitor app usage using curl and cloudfoundary

--
Thanks
Naveen Asapu


Re: Removing support for v1 service brokers

Dieu Cao <dcao@...>
 

We've found NATS to be unstable under certain conditions, temporary network
interruptions or network instability, around the client reconnection logic.
We've seen that it could take anywhere from a few seconds to half an hour
to reconnect properly. We spent a fair amount of time investigating ways to
improve the reconnection logic and have made some improvements but believe
that it's best to work towards not having this dependency.
You can find more about this in the stories in this epic [1].

Mike, in addition to removing the NATS dependency, this will remove the
burden on the team, almost a weekly fight, in terms of maintaining
backwards compatibility for the v1 broker spec any time we work on adding
functionality to the service broker api.
I'll work with the team in the next couple of weeks on specific stories and
I'll link to it here.

[1] https://www.pivotaltracker.com/epic/show/1440790

On Tue, Sep 22, 2015 at 10:07 PM, Mike Youngstrom <youngm(a)gmail.com> wrote:

Thanks for the announcement.

To be clear is this announcement to cease support for the old v1 brokers
or is this to eliminate support for the v1 api in the CC? Does the v1 CC
code depend on NATS? None of my custom v1 brokers depend on NATS.

Mike

On Tue, Sep 22, 2015 at 6:01 PM, Dieu Cao <dcao(a)pivotal.io> wrote:

Hello all,

We plan to remove support for v1 service brokers in about 3 months, in a
cf-release following 12/31/2015.
We are working towards removing CF's dependency on NATS and the v1
service brokers are still dependent on NATS.
Please let me know if you have questions/concerns about this timeline.

I'll be working on verifying a set of steps that you can find here [1]
that document how to migrate your service broker from v1 to v2 and what is
required in order to persist user data and will get that posted to the
service broker api docs officially.

-Dieu
CF CAPI PM

[1]
https://docs.google.com/document/d/1Pl1o7mxtn3Iayq2STcMArT1cJsKkvi4Ey1-d3TB_Nhs/edit?usp=sharing




Re: Error 400007: `stats_z1/0' is not running after update

iamflying
 

It frequently logs the message below. It seems not helpful.

{"timestamp":1442987404.9433253,"message":"collector.started","log_level":"info","source":"collector","data":{},"thread_id":70132569199380,"fiber_id":70132570371720,"process_id":19392,"file":"/var/vcap/packages/collector/lib/collector/config.rb","lineno":45,"method":"setup_logging"}

the only possible error message from the bosh debug log is
"ntp":{"message":"bad ntp server"}

But I don't think, it is related to the failure of stats_z1 updating.

I, [2015-09-23 04:55:59 #2392] [canary_update(stats_z1/0)] INFO --
DirectorJobRunner: Checking if stats_z1/0 has been updated after
63.333333333333336 seconds
D, [2015-09-23 04:55:59 #2392] [canary_update(stats_z1/0)] DEBUG --
DirectorJobRunner: SENT: agent.7d3452bd-679e-4a97-8514-63a373a54ffd
{"method":"get_state","arguments":[],"reply_to":"director.c5b97fc1-b972-47ec-9412-a83ad240823b.473fda64-6ac3-4a53-9ebc-321fc7eabd7a"}
D, [2015-09-23 04:55:59 #2392] [] DEBUG -- DirectorJobRunner: RECEIVED:
director.c5b97fc1-b972-47ec-9412-a83ad240823b.473fda64-6ac3-4a53-9ebc-321fc7eabd7a
{"value":{"properties":{"logging":{"max_log_file_size":""}},"job":{"name":"stats_z1","release":"","template":"fluentd","version":"4c71c87bbf0144428afacd470e2a5e32b91932fc","sha1":"b141c6037d429d732bf3d67f7b79f8d7d80aac5d","blobstore_id":"d8451d63-2e4f-4664-93a8-a77e5419621d","templates":[{"name":"fluentd","version":"4c71c87bbf0144428afacd470e2a5e32b91932fc","sha1":"b141c6037d429d732bf3d67f7b79f8d7d80aac5d","blobstore_id":"d8451d63-2e4f-4664-93a8-a77e5419621d"},{"name":"collector","version":"889b187e2f6adc453c61fd8f706525b60e4b85ed","sha1":"f5ae15a8fa2417bf984513e5c4269f8407a274dc","blobstore_id":"3eeb0166-a75c-49fb-9f28-c29788dbf64d"},{"name":"metron_agent","version":"e6df4c316b71af68dfc4ca476c8d1a4885e82f5b","sha1":"42b6d84ad9368eba0508015d780922a43a86047d","blobstore_id":"e578bfb0-9726-4754-87ae-b54c8940e41a"},{"name":"apaas_collector","version":"8808f0ae627a54706896a784dba47570c92e0c8b","sha1":"b9a63da925b40910445d592c70abcf4d23ffe84d","blobstore_id":"3e6fa71a-07f7-446a-96f4-3caceea02f2f"}]},"packages":{"apaas_collector":{"name":"apaas_collector","version":"f294704d51d4517e4df3d8417a3d7c71699bc04d.1","sha1":"5af77ceb01b7995926dbd4ad7481dcb7c3d94faf","blobstore_id":"fa0e96b9-71a6-4828-416e-dde3427a73a9"},"collector":{"name":"collector","version":"ba47450ce83b8f2249b75c79b38397db249df48b.1","sha1":"0bf8ee0d69b3f21cf1878a43a9616cb7e14f6f25","blobstore_id":"722a5455-f7f7-427d-7e8d-e562552857bc"},"common":{"name":"common","version":"99c756b71550530632e393f5189220f170a69647.1","sha1":"90159de912c9bfc71740324f431ddce1a5fede00","blobstore_id":"37be6f28-c340-4899-7fd3-3517606491bb"},"fluentd-0.12.13":{"name":"fluentd-0.12.13","version":"71d8decbba6c863bff6c325f1f8df621a91eb45f.1","sha1":"2bd32b3d3de59e5dbdd77021417359bb5754b1cf","blobstore_id":"7bc81ac6-7c24-4a94-74d1-bb9930b07751"},"metron_agent":{"name":"metron_agent","version":"997d87534f57cad148d56c5b8362b72e726424e4.1","sha1":"a21404c50562de75000d285a02cd43bf098bfdb9","blobstore_id":"6c7cf72c-9ace-40a1-4632-c27946bf631e"},"ruby-2.1.6":{"name":"ruby-2.1.6","version":"41d0100ffa4b21267bceef055bc84dc37527fa35.1","sha1":"8a9867197682cabf2bc784f71c4d904bc479c898","blobstore_id":"536bc527-3225-43f6-7aad-71f36addec80"}},"configuration_hash":"a73c7d06b0257746e95aaa2ca994c11629cbd324","networks":{"private_cf_subnet":{"cloud_properties":{"name":"random","net_id":"1e1c9aca-0b5a-4a8f-836a-54c18c21c9b9","security_groups":["az1_cf_management_secgroup_bosh_cf_ssh_cf2","az1_cf_management_secgroup_cf_private_cf2","az1_cf_management_secgroup_cf_public_cf2"]},"default":["dns","gateway"],"dns":["192.168.110.8","133.162.193.10","133.162.193.9","192.168.110.10"],"dns_record_name":"0.stats-z1.private-cf-subnet.cf-apaas.microbosh","gateway":"192.168.110.11","ip":"192.168.110.204","netmask":"255.255.255.0"}},"resource_pool":{"cloud_properties":{"instance_type":"S-1"},"name":"small_z1","stemcell":{"name":"bosh-openstack-kvm-ubuntu-trusty-go_agent","version":"2989"}},"deployment":"cf-apaas","index":0,"persistent_disk":0,"persistent_disk_pool":null,"rendered_templates_archive":{"sha1":"0ffd89fa41e02888c9f9b09c6af52ea58265a8ec","blobstore_id":"4bd01ae7-a69a-4fe5-932b-d98137585a3b"},"agent_id":"7d3452bd-679e-4a97-8514-63a373a54ffd","bosh_protocol":"1","job_state":"failing","vm":{"name":"vm-12d45510-096d-4b8b-9547-73ea5fda00c2"},"ntp":{"message":"bad
ntp server"}}}

On Wed, Sep 23, 2015 at 5:13 PM, Amit Gupta <agupta(a)pivotal.io> wrote:

Please check the file collector/collector.log, it's in a subdirectory of
the unpacked log tarball.

On Wed, Sep 23, 2015 at 12:01 AM, Guangcai Wang <guangcai.wang(a)gmail.com>
wrote:

Actually, I checked the two files in status_z1 job VM. I did not find any
clues. Attached for reference.

On Wed, Sep 23, 2015 at 4:54 PM, Amit Gupta <agupta(a)pivotal.io> wrote:

If you do "bosh logs stats_z1 0 --job" you will get a tarball of all
the logs for the relevant processes running on the stats_z1/0 VM. You will
likely find some error messages in the collectors stdout or stderr logs.

On Tue, Sep 22, 2015 at 11:30 PM, Guangcai Wang <guangcai.wang(a)gmail.com
wrote:
It does not help.

I always see the "collector" process bouncing between "running" and
"does not exit" when I use "monit summary" in a while loop.

Who knows how to get the real error when the "collector" process is not
failed? Thanks.

On Wed, Sep 23, 2015 at 4:11 PM, Tony <Tonyl(a)fast.au.fujitsu.com>
wrote:

My approach is to login on the stats vm and sudo, then
run "monit status" and restart the failed processes or simply restart
all
processes by running "monit restart all"

wait for a while(5~10 minutes at most)
If there is still some failed process, e.g. collector
then run ps -ef | grep collector
and kill the processes in the list(may be you need to run kill -9
sometimes)

then "monit restart all"

Normally, it will fix the issue "Failed: `XXX' is not running after
update"



--
View this message in context:
http://cf-dev.70369.x6.nabble.com/cf-dev-Error-400007-stats-z1-0-is-not-running-after-update-tp1901p1902.html
Sent from the CF Dev mailing list archive at Nabble.com.


Re: Error 400007: `stats_z1/0' is not running after update

Amit Kumar Gupta
 

Please check the file collector/collector.log, it's in a subdirectory of
the unpacked log tarball.

On Wed, Sep 23, 2015 at 12:01 AM, Guangcai Wang <guangcai.wang(a)gmail.com>
wrote:

Actually, I checked the two files in status_z1 job VM. I did not find any
clues. Attached for reference.

On Wed, Sep 23, 2015 at 4:54 PM, Amit Gupta <agupta(a)pivotal.io> wrote:

If you do "bosh logs stats_z1 0 --job" you will get a tarball of all the
logs for the relevant processes running on the stats_z1/0 VM. You will
likely find some error messages in the collectors stdout or stderr logs.

On Tue, Sep 22, 2015 at 11:30 PM, Guangcai Wang <guangcai.wang(a)gmail.com>
wrote:

It does not help.

I always see the "collector" process bouncing between "running" and
"does not exit" when I use "monit summary" in a while loop.

Who knows how to get the real error when the "collector" process is not
failed? Thanks.

On Wed, Sep 23, 2015 at 4:11 PM, Tony <Tonyl(a)fast.au.fujitsu.com> wrote:

My approach is to login on the stats vm and sudo, then
run "monit status" and restart the failed processes or simply restart
all
processes by running "monit restart all"

wait for a while(5~10 minutes at most)
If there is still some failed process, e.g. collector
then run ps -ef | grep collector
and kill the processes in the list(may be you need to run kill -9
sometimes)

then "monit restart all"

Normally, it will fix the issue "Failed: `XXX' is not running after
update"



--
View this message in context:
http://cf-dev.70369.x6.nabble.com/cf-dev-Error-400007-stats-z1-0-is-not-running-after-update-tp1901p1902.html
Sent from the CF Dev mailing list archive at Nabble.com.


Re: Error 400007: `stats_z1/0' is not running after update

iamflying
 

Actually, I checked the two files in status_z1 job VM. I did not find any
clues. Attached for reference.

On Wed, Sep 23, 2015 at 4:54 PM, Amit Gupta <agupta(a)pivotal.io> wrote:

If you do "bosh logs stats_z1 0 --job" you will get a tarball of all the
logs for the relevant processes running on the stats_z1/0 VM. You will
likely find some error messages in the collectors stdout or stderr logs.

On Tue, Sep 22, 2015 at 11:30 PM, Guangcai Wang <guangcai.wang(a)gmail.com>
wrote:

It does not help.

I always see the "collector" process bouncing between "running" and "does
not exit" when I use "monit summary" in a while loop.

Who knows how to get the real error when the "collector" process is not
failed? Thanks.

On Wed, Sep 23, 2015 at 4:11 PM, Tony <Tonyl(a)fast.au.fujitsu.com> wrote:

My approach is to login on the stats vm and sudo, then
run "monit status" and restart the failed processes or simply restart all
processes by running "monit restart all"

wait for a while(5~10 minutes at most)
If there is still some failed process, e.g. collector
then run ps -ef | grep collector
and kill the processes in the list(may be you need to run kill -9
sometimes)

then "monit restart all"

Normally, it will fix the issue "Failed: `XXX' is not running after
update"



--
View this message in context:
http://cf-dev.70369.x6.nabble.com/cf-dev-Error-400007-stats-z1-0-is-not-running-after-update-tp1901p1902.html
Sent from the CF Dev mailing list archive at Nabble.com.


Re: Error 400007: `stats_z1/0' is not running after update

Amit Kumar Gupta
 

If you do "bosh logs stats_z1 0 --job" you will get a tarball of all the
logs for the relevant processes running on the stats_z1/0 VM. You will
likely find some error messages in the collectors stdout or stderr logs.

On Tue, Sep 22, 2015 at 11:30 PM, Guangcai Wang <guangcai.wang(a)gmail.com>
wrote:

It does not help.

I always see the "collector" process bouncing between "running" and "does
not exit" when I use "monit summary" in a while loop.

Who knows how to get the real error when the "collector" process is not
failed? Thanks.

On Wed, Sep 23, 2015 at 4:11 PM, Tony <Tonyl(a)fast.au.fujitsu.com> wrote:

My approach is to login on the stats vm and sudo, then
run "monit status" and restart the failed processes or simply restart all
processes by running "monit restart all"

wait for a while(5~10 minutes at most)
If there is still some failed process, e.g. collector
then run ps -ef | grep collector
and kill the processes in the list(may be you need to run kill -9
sometimes)

then "monit restart all"

Normally, it will fix the issue "Failed: `XXX' is not running after
update"



--
View this message in context:
http://cf-dev.70369.x6.nabble.com/cf-dev-Error-400007-stats-z1-0-is-not-running-after-update-tp1901p1902.html
Sent from the CF Dev mailing list archive at Nabble.com.


Re: Introducing CF-Swagger

Guillaume Berche
 

Thanks Mohamed and Max for sharing this great work. Besides the supporting
an official TCK, the cf-swagger repo seems great to ease the delivery of
acceptance tests as part of a a service broker release (e.g. scheduled
through bosh errands).

+1 for formal description of CF APIs allowing partly? automated client
generation, and lowering the maintenance burden w.r.t; existing CC API v2
manually maintained clients (e.g. cf-java-client, go-cfclient, nodejs, php
clients...). I had also suggested swagger for consideration in the CC API
v3 [1].

It seems the CAPI team was initially considering Swagger as a documentation
media for CC API v3 into [2] . Dieu, would it be possible to share the "Doc
of comparisons of pros and cons of different options" at [3] which does not
yet seem public ?

Thanks,

Guillaume.

[1] https://github.com/cloudfoundry/cc-api-v3-style-guide/issues/46
[2] https://www.pivotaltracker.com/n/projects/966314/stories/99237980
[3]
https://docs.google.com/a/pivotal.io/document/d/1aVOZfd0n7BOLuJvK0_Sgie9Y3D7GT6NUF4V-bVG-BCs/edit?usp=sharing

On Tue, Sep 22, 2015 at 9:12 PM, Michael Maximilien <maxim(a)us.ibm.com>
wrote:

Since I know various folks are looking at better API docs. I went ahead
and did some quick investigation on what other kind of docs formats could
be generated from Swagger.

Found a bunch, but experimented with Swagger2Markup
<https://github.com/Swagger2Markup/swagger2markup> and was able to
generate the following from the Service Broker Swagger definition here:
https://github.com/maximilien/cf-swagger/blob/master/descriptions/cloudfoundry/service_broker/service_broker.json

1. ASSCIIDoc:
https://github.com/maximilien/cf-swagger/tree/master/markup/cloudfoundry/service_broker/assciidoc
2. GitHub Markdown:
https://github.com/maximilien/cf-swagger/tree/master/markup/cloudfoundry/service_broker/markdown

These are generated from the JSON above without any customization or
changes.

Best,

------
dr.max
ibm cloud labs
silicon valley, ca
maximilien.org


*Michael Maximilien/Almaden/IBM*

09/18/2015 04:51 PM
To
cf-dev(a)lists.cloudfoundry.org
cc
Mohamed Mohamed/Almaden/IBM(a)ibmus, Christopher B Ferris/Waltham/IBM(a)ibmus,
Alex Tarpinian/Austin/IBM(a)ibmus, Heiko Ludwig/Watson/IBM(a)ibmus
Subject
Introducing CF-Swagger




Hi, all,

This email serves two purposes: 1) introduce CF-Swagger, and 2) shares the
results of the CF service broker compliance survey I sent out a couple of
weeks ago.

------
My IBM Research colleague, Mohamed (on cc:), and I have been working on
creating Swagger descriptions for some CF APIs.

Our main goal was to explore what useful tools or utilities we could build
with these Swagger descriptions once created.

The initial results of this exploratory research is CF-Swagger which is
included in the following:

See presentation here: *https://goo.gl/Y16plT* <https://goo.gl/Y16plT>
Video demo here: *http://goo.gl/C8Nz5p* <http://goo.gl/C8Nz5p>
Temp repo here: *https://github.com/maximilien/cf-swagger*
<https://github.com/maximilien/cf-swagger>

The gist of of our work and results are:

1. We created a full Swagger description of the CF service broker
2. Using this description you can use the Swagger editor to create a neat
API docs that is browsable and even callable
3. Using the description you can create client and server stubs for
service brokers in a variety of languages, e.g., JS, Java, Ruby, etc.
4. We've extended go-swagger to generate workable client and server stubs
for service brokers in Golang. We plan to submit all changes to go-swagger
back to that project
5. We've extended go-swagger to generate prototypes of working Ginkgo
tests to service brokers
6. We've extended go-swagger to generate a CF service broker Ginkgo Test
Compliance Kit (TCK) that anyone could use to validate their broker's
compliance with any Swagger-described version of spec
7. We've created a custom Ginkgo reporter that when ran with TCK will give
you a summary of your compliance, e.g., 100% compliant with v2.5 but 90%
compliant with v2.6 due to failing test X, Y, Z... (in Ginkgo fashion)
8. The survey results (all included in the presentation) indicate that
over 50% of respondants believe TCK tests for service broker would be
valuable to them. Many (over 50%) are using custom proprietary tests, and
this project maybe a way to get everyone to converge to a common set of
tests we could all use and improve...

------
We plan to propose this work to become a CF incubator at the next CAB and
PMC calls, especially the TCK part for service brokers. The overall
approach and project could be useful for other parts of the CF APIs but we
will start with CF Service Brokers.

The actual Swagger descriptions should ideally come from the teams who own
the APIs. So for service brokers, the CAPI team. We are engaging them as
they have also been looking at improving APIs docs and descriptions. Maybe
there are potential for synergies and at a minimum making sure what we
generate ends up becoming useful to their pipelines.

Finally, while the repo is temporary and will change, I welcome you to
take a look at presentation and video and code and let us know your
thoughts and feedback.

Thanks for your time and interest.

Mohamed and Max
IBM

7481 - 7500 of 9422