Re: REST API endpoint for accessing application logs
Rohit Kumar
You should use the value coming from "doppler_logging_endpoint" not the
toggle quoted messageShow quoted text
"logging_endpoint". What version of cf-release are you using? Alternatively if you don't have a "doppler_logging_endpoint" in the response from /v2/info , then use the URL from "logging_endpoint" but replace "loggregator" with "doppler". Rohit
On Tue, Oct 13, 2015 at 7:47 AM, Ponraj E <ponraj.e(a)gmail.com> wrote:
Hi Rohit,
|
|
Re: Initialization script for SSHFS
Daniel Mikusa
Awesome! Any chance you could share the final product? Sounds like it
toggle quoted messageShow quoted text
could be useful to others. Dan
On Tue, Oct 13, 2015 at 3:52 PM, Cory Jett <cory.jett(a)gmail.com> wrote:
Perfect, thanks! I had to do a little hacking to make it work right since
|
|
Re: [abacus] End-to-end test coverage for secured Abacus
Michael Maximilien
+1 as well.
toggle quoted messageShow quoted text
Please make sure to publish the results of the perf tests (overtime) and let's discuss adding stories that anyone who cares can follow. Various teams in CF have also been looking to add performance goals and tests as part of their pipelines, e.g., Diego and MEGA, so might be good to chat with them if that makes sense. Best, max
On Mon, Oct 12, 2015 at 8:08 AM, Jean-Sebastien Delfino <jsdelfino(a)gmail.com
wrote: +1 to your proposal. That'll also help us test the performance impacts of
|
|
Re: [abacus] Accepting delayed usage within a slack window
Michael Maximilien
+1
toggle quoted messageShow quoted text
So long this does not prevent DBs from being sharded. Even if the penalty for queries of distant past is higher (e.g., slow). And, as we discussed last Friday, this slack value can be fixed for now and be made configurable later in future stories. I am hoping others who hare interested in this feature chime here as well. Best, max
On Mon, Oct 12, 2015 at 7:53 PM, Jean-Sebastien Delfino <jsdelfino(a)gmail.com
wrote: The benefit in having the year window allows only having to go to asingle database as opposed to a potential 12 databases with month windows
|
|
Re: Initialization script for SSHFS
Cory Jett
Perfect, thanks! I had to do a little hacking to make it work right since it is using the SSHFS service (which we arent using) and it is setup to use credentials (and not keys) but otherwise it worked great.
|
|
CF CAB call for October is Wednesday Oct. 14th, 2015 - final reminder
Michael Maximilien
fyi...
Final reminder. Please join us tomorrow at 8AM PDT. Call info [1]. If you are Pivotal we have Scorpius reserved on the 4th floor.
Product managers, please update the agenda [1] with highlights from your team since the last CAB call.
All the best,
Chip, James, and Max
----- Original message -----
|
|
Re: CF v205 / Pushing an app
Dieu Cao <dcao@...>
I'll look into getting that page updated.
toggle quoted messageShow quoted text
One known issue is that CC doesn't have a concept of a default shared domain when pushing apps. The CLI assumes it's the first shared domain that comes back in the list. Depending how you're splitting your domain, you may need to create a new shared domain, delete any other shared domains until your desired shared domain for apps is first in the `cf domains` list and create/map routes with your new shared app domain to existing apps. -Dieu
On Tue, Oct 13, 2015 at 8:03 AM, Sylvain Gibier <sylvain(a)munichconsulting.de
wrote: Hi,
|
|
Re: CF v205 / Pushing an app
Sylvain Gibier
Hi,
Thanks for the clarification - it should be worth to update the documentation (http://docs.cloudfoundry.org/deploying/ec2/bootstrap-aws-vpc.html) - as I followed this one, and this setting is not even mentioned anywhere. Any known issues should I be aware before trying to split an existing CF deployment ? Does it mean that both application and system domain go through the same ELB (cfrouter) ? Quid of existing application deployed ? Sylvain
|
|
Re: [abacus] authorization needed to call APIs defined in account management stub
Jean-Sebastien Delfino
Hi Bharath,
toggle quoted messageShow quoted text
You decide the scopes yourself as an implementor of that account API, and a server for the account and org info resources it returns. We've been having a related discussion of scopes with Piotr [1], where he'd like the client to decide the scopes and I'm saying that the resource owner and server should decide them instead. Well, here you're on the resource server side so you get to decide :) Quoting the OAuth spec for a bit more background [2]: --- Tokens represent specific scopes and durations of access, granted by the resource owner, and enforced by the resource server and authorization server --- In terms of end to end flow, your account service is called by the Abacus reporting service to retrieve the account and org info needed to generate usage reports, and is passed the same token passed in to the reporting service by the client requesting a report. So you need to have that client pass a token with an identity and scopes that you can check in your account service to protect the account and org info that you'll serve. You can decide how you want to implement this, but if the client presents a user token for example, you could check for some scopes in that token but you may also want to check the roles assigned to that user in the requested org to control whether or not she's allowed to access the org info. HTH [1] http://cf-dev.70369.x6.nabble.com/cf-dev-Re-abacus-Usage-submission-authorization-tt2115.html#none [2] https://tools.ietf.org/html/rfc6749#section-1.4 - Jean-Sebastien - Jean-Sebastien
On Mon, Oct 12, 2015 at 8:32 PM, Bharath Sekar <bsekar14(a)gmail.com> wrote:
Sebastien, the account management stubs define APIs that will retrieve a
|
|
Re: REST API endpoint for accessing application logs
Ponraj E
Hi Rohit,
Thanks for the reply. I tried this : curl -k -H "Authorization: $(cf oauth-token | grep bearer)" https://doppler.bosh-lite.com:443/apps/$(cf app appName --guid)/recentlogs with my logging_endpoint that i got from cf curl /v2/info (for ex: "https://xxxx:443") .But it says host could not be resolved. Ponraj
|
|
Re: REST API endpoint for accessing application logs
Rohit Kumar
The API endpoint to get recent logs is present on the loggregator
toggle quoted messageShow quoted text
trafficontroller. You can get the URL for your traffic controller by running: cf curl /v2/info | jq .doppler_logging_endpoint Note that, the URL which you get back will have a "wss" spec, but you will need to use "https" when you issue a recentlogs request. To get the recent logs for your application, you should issue a GET request to https://<trafficontroller URL>/apps/<appid>/recentlogs . You will also need to provide your CF oauth token as part of the "Authorization" header for this request. For example: curl -k -H "Authorization: $(cf oauth-token | grep bearer)" https://doppler.bosh-lite.com:443/apps/$(cf app appName --guid)/recentlogs The response body will contain the log messages in the dropsonde-protocol <https://github.com/cloudfoundry/dropsonde-protocol>format, so you will need to parse them. If you are using Go to do this an easier way would be to use the NOAA library to get recentlogs <https://github.com/cloudfoundry/noaa/blob/master/sample/main.go#L17-L29>. Rohit
On Tue, Oct 13, 2015 at 6:11 AM, Ponraj E <ponraj.e(a)gmail.com> wrote:
Hi,
|
|
REST API endpoint for accessing application logs
Ponraj E
Hi,
I want to get the application's dumped logs from the loggregator and not the tailing logs. CLI provides me a command to do it: cf logs APP_NAME --recent displays all the lines in the Loggregator buffer. But how do I do it via REST API endpoint? I had set the CF_TRACE=true to see the REST calls thats been fired to get the application log, but I see only the GET call to get the application details, but after that it just dumps the log. Thanks for the help. Regards, Ponraj
|
|
Re: Unable to set CF api endpoint
CF Runtime
Did you run the "bin/add-route" script from the bosh-lite repo? By default
toggle quoted messageShow quoted text
that subnet does not have a route for it. Joseph CF Release Integration Team
On Mon, Oct 12, 2015 at 9:23 AM, Deepak Arn <arn.deepak1(a)gmail.com> wrote:
Hi,
|
|
Unable to deliver your item, #00194201
FedEx International Ground <leslie.parker@...>
Dear Customer,
We could not deliver your item. You can review complete details of your order in the find attached. Yours faithfully, Leslie Parker, Sr. Operation Manager.
|
|
[abacus] authorization needed to call APIs defined in account management stub
Bharath Sekar
Sebastien, the account management stubs define APIs that will retrieve a list of orgs given an account, use an org to get the corresponding account it belongs to. The APIs implemented by an account management service will be authorized by a bearer token. What scopes are required in the token to use this API?
|
|
Re: [abacus] Accepting delayed usage within a slack window
Jean-Sebastien Delfino
The benefit in having the year window allows only having to go to asingle database as opposed to a potential 12 databases with month windows Correct, if your resource instance has incurred usage in the last month, but if no usage has been submitted for a resource instance since Jan for example, then we still need to run a descending query back to Jan, giving us a max of 12 database partitions to scan for old/inactive resource instances when we do that in Dec (which is typically when people start to get more interested in their yearly usage.) but I think that probably doesn't outweigh having to duplicate the yearlydata on every document. +1, that's what I was thinking. - Jean-Sebastien On Mon, Oct 12, 2015 at 5:57 PM, Benjamin Cheng <bscheng(a)us.ibm.com> wrote: I'm leaning towards agreeing with you in terms of reducing the number of
|
|
Re: [abacus] Usage submission authorization
Jean-Sebastien Delfino
Also, resource id is an arbitrary identifier, making it part of the scopemay create quite complex names e.g. 'abacus.runtimes/node/v12-07.revision-2-buildpack-guid-a3d7ff4d-3cb1-4cc3-a855-fae98e20cf57.write. Do you have a specific issue in mind with putting the resource uuid in the scope name? We have uuids all over the place in CF, in most of the APIs, the usage docs etc so I'm not sure why it'd be a problem to have one here. Any naming convention may not be generic enough, for example for my UAAinstance requires the scope names to start with component using it, followed by proper name - 'bss.runtimes.abacus.<resource id>.write'. Like I said before, if you can't or don't want to use a specific scope per resource, then you can use abacus.usage.write (with the same disclaimers/warnings I gave in my previous post.) I must be missing something though :) ... aren't you happily using cloud_controller.write for example (or similar other CF scopes) without renaming it to <your client component>.cloud_controller.write? Why would you treat abacus.usage.write different? Also, I must admit to find a bit surprising a naming convention that will tie the scope name to the client that presents it. Isn't the scope typically defined by the owner of the resource it protects instead of the client? In that case the owner of the resource is not the client component... it is the CF abacus project, hence <abacus>.usage.write. Wouldn't that make more sense? Finally, I'm also not quite sure how this will work at all if for example Abacus needs to authorize resource access from multiple clients. That would have to be really dynamic then, as each new client would require Abacus to know about a new client specific naming convention (or client component name prefix in the example you gave...) Now, all that being said, looks like I'm not really following how you're envisioning this to work, so do you think you could maybe submit a pull request with how you concretely propose to make that dynamic scope naming work when it includes client component names, or follows client component specific naming conventions? Thanks! - Jean-Sebastien On Mon, Oct 12, 2015 at 5:22 PM, Piotr Przybylski <piotrp(a)us.ibm.com> wrote: Hi Sebastien,
|
|
Re: Multi-Line Loggregator events and the new Splunk "HTTP Event Collector" API
Rohit Kumar
We have thrown around one approach which solves the problem but would
toggle quoted messageShow quoted text
require changes in the runtime. That solution would expose a socket to the container where the application could emit logs. The application would now have control over what delimits a message. The implementation of this solution though would need coordination with the runtime, as the socket would need to be plumbed from the container all the way to metron. The messages would also need to be associated with the application ID when they reach metron. Rohit
On Fri, Oct 9, 2015 at 1:53 PM, Mike Youngstrom <youngm(a)gmail.com> wrote:
Another possible idea. Allow an application to send a single log line
|
|
Re: Unable to set CF api endpoint
Yitao Jiang
Making CF_TRACE to true and paste the details logs here will be more
toggle quoted messageShow quoted text
helpful. BTW, have you enable the route to the bosh-lite vms?
On Tue, Oct 13, 2015 at 12:23 AM, Deepak Arn <arn.deepak1(a)gmail.com> wrote:
Hi, --
Regards, Yitao jiangyt.github.io
|
|
Re: [abacus] Accepting delayed usage within a slack window
Benjamin Cheng
I'm leaning towards agreeing with you in terms of reducing the number of windows. I agree with what you've said on forever. The only case I can point out is in years. The benefit in having the year window allows only having to go to a single database as opposed to a potential 12 databases with month windows, but I think that probably doesn't outweigh having to duplicate the yearly data on every document.
|
|