Date   

Re: How to listen to space deletion events?

Nicholas Calugar
 

Hi Padma,

We currently don't broadcast any events from the Cloud Controller.

Could you describe the use-case a bit more? What sort of task do you want
to do? What application / process would listen for these events?


Thanks,

Nick

On Fri, Jun 10, 2016 at 2:16 AM, Padmashree B <padmashree.b(a)sap.com> wrote:

Hi,

Is there any way to listen and react to space deletion events?
Any hook available to do some tasks before the space is deleted?

Thanks,
Kind Regards,
Padma


Re: Cloud Foundry release version for Diego

Ronak Banka
 

Hi Vinod,

you can check the compatibility versions here
<https://github.com/cloudfoundry-incubator/diego-cf-compatibility>

Thanks
Ronak

On Sat, Jun 11, 2016 at 1:45 AM, Vinod Singh <vinoddandy(a)gmail.com> wrote:

Friends,

What is first version of CF release which supports Diego architecture?
Sorry for asking basic question, but I am picking up again..

Thx, Singh


Re: Reg executing sudo commands in DEA vm

Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM@Cisco) <ngnanase at cisco.com...>
 

Hi
Now I understand the use of the PORT env in the warden. I am using the same for nginx whichis offered by CF.

But what port should I specify for gunicorn running in the same app... CF offers only one port /app. Can I use any unused port listed by netstat –lntl for gunicorn.


Regards
Nithiaysri



From: Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM at Cisco)
Sent: Saturday, June 11, 2016 12:15 AM
To: 'Eric Malm' <emalm(a)pivotal.io>
Cc: 'Discussions about Cloud Foundry projects and the system overall.' <cf-dev(a)lists.cloudfoundry.org>
Subject: RE: [cf-dev] Re: Reg executing sudo commands in DEA vm

Hi

I have started nginx in 8010 and gunicorn in 8000.
Though the processes are running in ps –ef cmd, curl to localhost:8000 & 8010 are connection refusing..

Even the ports used by the DEA vm doesn’t show 8000 & 8010

I selected 8010, as it is not listed in netstat –lntl command. Does this method apply to DEA vm?
Is there any specific way to find out the port number offered by CF to DEA , as you had mentioned in the below mail..

From: Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM at Cisco)
Sent: Friday, June 10, 2016 12:39 AM
To: 'Eric Malm' <emalm(a)pivotal.io<mailto:emalm(a)pivotal.io>>
Cc: 'Discussions about Cloud Foundry projects and the system overall.' <cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org>>
Subject: RE: [cf-dev] Re: Reg executing sudo commands in DEA vm

It worked!

We are not using PORT env variable..We have directly hardcoded only the port number.
I thought the permission issue is due to non-nginx user and it dint strike me its below 1024

Thanks Much!!!

Regards
Nithiyasri

From: Eric Malm [mailto:emalm(a)pivotal.io]
Sent: Friday, June 10, 2016 12:00 AM
To: Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM at Cisco) <ngnanase(a)cisco.com<mailto:ngnanase(a)cisco.com>>; cf-dev <cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org>>
Subject: Re: [cf-dev] Re: Reg executing sudo commands in DEA vm

On Thu, Jun 9, 2016 at 11:23 AM, Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM at Cisco) <ngnanase(a)cisco.com<mailto:ngnanase(a)cisco.com>> wrote:
Hi Eric

The error is “Permission Denied” on the port..
As you told, I tried with port 90.. Again the same error Permission Denied..

I didn't tell you to use port 90. I said to use whatever CF provides to your process in the PORT environment variable. The process isn't running as root, so it won't be able to bind any port below 1024.


From: Eric Malm [mailto:emalm(a)pivotal.io<mailto:emalm(a)pivotal.io>]
Sent: Thursday, June 09, 2016 10:59 PM
To: Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM at Cisco) <ngnanase(a)cisco.com<mailto:ngnanase(a)cisco.com>>
Cc: Discussions about Cloud Foundry projects and the system overall. <cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org>>; Jayarajan Ramapurath Kozhummal (jayark) <jayark(a)cisco.com<mailto:jayark(a)cisco.com>>

Subject: Re: [cf-dev] Re: Reg executing sudo commands in DEA vm

Hi, Nithiyasri,

As Amit already mentioned on another thread, you need to make sure nginx is binding to the port conveyed in the PORT environment variable. It will not be able to bind port 80 because it's not running as root. This seems to be how the PHP buildpack accomplishes that for its nginx config: https://github.com/cloudfoundry/php-buildpack/blob/d9b1f27af8d5083401f0ac5e81f9578fc19b619f/defaults/config/nginx/server-defaults.conf#L2

Best,
Eric


Re: Reg executing sudo commands in DEA vm

Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM@Cisco) <ngnanase at cisco.com...>
 

Hi

I have started nginx in 8010 and gunicorn in 8000.
Though the processes are running in ps –ef cmd, curl to localhost:8000 & 8010 are connection refusing..

Even the ports used by the DEA vm doesn’t show 8000 & 8010

I selected 8010, as it is not listed in netstat –lntl command. Does this method apply to DEA vm?
Is there any specific way to find out the port number offered by CF to DEA , as you had mentioned in the below mail..

From: Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM at Cisco)
Sent: Friday, June 10, 2016 12:39 AM
To: 'Eric Malm' <emalm(a)pivotal.io>
Cc: 'Discussions about Cloud Foundry projects and the system overall.' <cf-dev(a)lists.cloudfoundry.org>
Subject: RE: [cf-dev] Re: Reg executing sudo commands in DEA vm

It worked!

We are not using PORT env variable..We have directly hardcoded only the port number.
I thought the permission issue is due to non-nginx user and it dint strike me its below 1024

Thanks Much!!!

Regards
Nithiyasri

From: Eric Malm [mailto:emalm(a)pivotal.io]
Sent: Friday, June 10, 2016 12:00 AM
To: Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM at Cisco) <ngnanase(a)cisco.com<mailto:ngnanase(a)cisco.com>>; cf-dev <cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org>>
Subject: Re: [cf-dev] Re: Reg executing sudo commands in DEA vm

On Thu, Jun 9, 2016 at 11:23 AM, Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM at Cisco) <ngnanase(a)cisco.com<mailto:ngnanase(a)cisco.com>> wrote:
Hi Eric

The error is “Permission Denied” on the port..
As you told, I tried with port 90.. Again the same error Permission Denied..

I didn't tell you to use port 90. I said to use whatever CF provides to your process in the PORT environment variable. The process isn't running as root, so it won't be able to bind any port below 1024.


From: Eric Malm [mailto:emalm(a)pivotal.io<mailto:emalm(a)pivotal.io>]
Sent: Thursday, June 09, 2016 10:59 PM
To: Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM at Cisco) <ngnanase(a)cisco.com<mailto:ngnanase(a)cisco.com>>
Cc: Discussions about Cloud Foundry projects and the system overall. <cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org>>; Jayarajan Ramapurath Kozhummal (jayark) <jayark(a)cisco.com<mailto:jayark(a)cisco.com>>

Subject: Re: [cf-dev] Re: Reg executing sudo commands in DEA vm

Hi, Nithiyasri,

As Amit already mentioned on another thread, you need to make sure nginx is binding to the port conveyed in the PORT environment variable. It will not be able to bind port 80 because it's not running as root. This seems to be how the PHP buildpack accomplishes that for its nginx config: https://github.com/cloudfoundry/php-buildpack/blob/d9b1f27af8d5083401f0ac5e81f9578fc19b619f/defaults/config/nginx/server-defaults.conf#L2

Best,
Eric


Cloud Foundry release version for Diego

Vinod Singh <vinoddandy@...>
 

Friends,

What is first version of CF release which supports Diego architecture?
Sorry for asking basic question, but I am picking up again..

Thx, Singh


UAA Returning 500 - The targeted API endpoint could not be reached

Henry Knott
 

Hi,

During our CloudFoundry acceptance tests we encountered the following error:

```
[2016-06-07 11:38:28.36 (UTC)]> cf auth admin [REDACTED]
API endpoint: [REDACTED]
Authenticating...
FAILED
The targeted API endpoint could not be reached.
```

The error has only occurred twice in the last few days, after tens of test runs. Access log on the VM on which UAA was running indicated an HTTP code of 500 was returned in response to the oauth token being POSTed:

`"POST /oauth/token HTTP/1.1" 500 137`

We can't find anything in the UAA application logs which indicate an error occurred (even with debug enabled).
We are struggling to replicate this error and determine the conditions which generate it.

Any ideas?

Thanks,


How to listen to space deletion events?

Padmashree B
 

Hi,

Is there any way to listen and react to space deletion events?
Any hook available to do some tasks before the space is deleted?

Thanks,
Kind Regards,
Padma


Re: Exposing Multiple Ports from an Application

Isuru Haththotuwa <isurulucky@...>
 

Hi Shannon,

On Thu, Jun 9, 2016 at 2:22 AM, Shannon Coen <scoen(a)pivotal.io> wrote:

On Wed, Jun 8, 2016 at 5:03 AM, Isuru Haththotuwa <isurulucky(a)gmail.com>
wrote:

Hi Shannon,

Thanks for the reply.

On Wed, Jun 8, 2016 at 4:36 AM, Shannon Coen <scoen(a)pivotal.io> wrote:

If I understand you correctly, you would like your application to
receive requests on multiple ports. Is that correct? Does it matter what
ports your application clients send requests to? Could you please share the
details of your use cases for this functionality?
The usecase is that an application listening to multiple types of traffic
(http, tcp, binary, etc.) from multiple ports exposed in the container.
Therefore I guess we would need to have multiple ports open from the host
side as well.
If your application receives http traffic on more than one port, you would
not need another port opened, only another route. For non-HTTP traffic, you
would need a TCP route (with a reserved port) for each app port. The route
ports will not match your application ports. Does this sound like it would
fulfill your needs?
Maybe I might have misunderstood this. My current understanding is, if the
application instance needs to listen with multiple ports (from the
container side) for multiple types of traffic, there should be multiple
ports opened (from the host node/VM side), which should forward traffic to
the relevant container port:

host port 1 (5005) -----------------> container port 1 (9080)

host port 2 (5006) -----------------> container port 2 (9081)

As I understood, its possible to define a route with a non-standard port
(5005/5006 as shown in the sketch above). But currently the application
instance will listen on 8080 only, hence CF will only forward the traffic
to same container port (8080) for both the routes. Please correct me if I'm
wrong.




Currently HTTP requests may only be sent to 80 or 443. Your app may
receive requests on one port only. On DEAs, this port is randomized and can
be discovered from the $PORT env var. On Diego, this env var is also
present but is always 8080.

This isn't a limitation of Diego; Diego will open whatever container
ports a client tells it to. However, we have not yet added the business
logic to Cloud Controller to expose management of these ports to
application developers.

You discovered that two ports are already opened on the container. The
second port is opened automatically in support of the feature that enables
a developer to SSH into the container. The env var you identified, CF_INSTANCE_PORTS,
is a list of all ports opened on the container. This env var should be
considered an internal implementation detail as it contains ports used by
internal system components to which an app should not bind. The env var is
documented as there are a few use cases where an app needs to know what the
host port is.

We do plan to enable applications to listen on multiple ports. Clients
will still make HTTP requests to 80 or 443, but a developer will be able to
specify the application port when mapping a route to an application.

E.g.
myapp.cf.com -> myapp listening on 8080
myapp.cf.com/admin -> myapp listening on 6000

I'm currently drafting a proposal for this feature and will share it
soon for feedback.
This is indeed great news!


If your clients must call your application on a port besides 80 or 443,
I would recommend exploring our support for TCP routing (see the CLI help
file for create-route). Developers can reserve non-standard ports for a
route, like tcp.cf.com:6000, and CF will route requests for it to your
application port on 8080. After we deliver support for custom app ports, as
described above, you would be able to specify both the route port and the
app port.





Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

On Tue, Jun 7, 2016 at 1:18 AM, Isuru Haththotuwa <isurulucky(a)gmail.com>
wrote:

Hi all,

Is it possible to expose two ports of an Application via from CF to
external traffic, via an externally routable address and multiple ports?

While going through the documentation, came across [1], which suggests
that requests are served from port 80 and 443 only. However, while trying
out the sample spring application [2] on CF (using the hosted CF in pivotal
web services), I could actually see that there are multiple port mappings
defined by invoking the rest API [3]. Additionally, in pivotal.io
docs, I see the definition of CF-INSTANCE-PORTS, which seems to support
multiple port mappings from host to container.

I'm curios to know if exposing multiple ports from the host and
container side is possible.

Thanks in advance.

[1].
https://docs.cloudfoundry.org/devguide/deploy-apps/prepare-to-deploy.html#ports

[2]. https://github.com/cloudfoundry-samples/spring-music

[3].
{
"0": {
"state": "RUNNING",
"stats": {
"name": "spring-music",
"uris": [
"spring-music-moonlit-melioration.cfapps.io"
],
"host": "10.10.115.53",
"port": 64248,
"net_info": {
"address": "10.10.115.53",
* "ports": [*
* {*
* "container_port": 8080,*
* "host_port": 64248*
* },*
* {*
* "container_port": 2222,*
* "host_port": 64249*
* }*
* ]*
},
"uptime": 9484,
"mem_quota": 536870912,
"disk_quota": 1073741824,
"fds_quota": 16384,
"usage": {
"time": "2016-05-20T11:12:38.944471672Z",
"cpu": 0.0010850797743361504,
"mem": 460423168,
"disk": 166739968
}
}
}
}

[4].
http://docs.run.pivotal.io/devguide/deploy-apps/environment-variable.html#CF-INSTANCE-PORTS


--
Thanks and Regards,
Isuru

--
Thanks and Regards,
Isuru


Re: Reg executing sudo commands in DEA vm

Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM@Cisco) <ngnanase at cisco.com...>
 

It worked!

We are not using PORT env variable..We have directly hardcoded only the port number.
I thought the permission issue is due to non-nginx user and it dint strike me its below 1024

Thanks Much!!!

Regards
Nithiyasri

From: Eric Malm [mailto:emalm(a)pivotal.io]
Sent: Friday, June 10, 2016 12:00 AM
To: Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM at Cisco) <ngnanase(a)cisco.com>; cf-dev <cf-dev(a)lists.cloudfoundry.org>
Subject: Re: [cf-dev] Re: Reg executing sudo commands in DEA vm

On Thu, Jun 9, 2016 at 11:23 AM, Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM at Cisco) <ngnanase(a)cisco.com<mailto:ngnanase(a)cisco.com>> wrote:
Hi Eric

The error is “Permission Denied” on the port..
As you told, I tried with port 90.. Again the same error Permission Denied..

I didn't tell you to use port 90. I said to use whatever CF provides to your process in the PORT environment variable. The process isn't running as root, so it won't be able to bind any port below 1024.


From: Eric Malm [mailto:emalm(a)pivotal.io<mailto:emalm(a)pivotal.io>]
Sent: Thursday, June 09, 2016 10:59 PM
To: Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM at Cisco) <ngnanase(a)cisco.com<mailto:ngnanase(a)cisco.com>>
Cc: Discussions about Cloud Foundry projects and the system overall. <cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org>>; Jayarajan Ramapurath Kozhummal (jayark) <jayark(a)cisco.com<mailto:jayark(a)cisco.com>>

Subject: Re: [cf-dev] Re: Reg executing sudo commands in DEA vm

Hi, Nithiyasri,

As Amit already mentioned on another thread, you need to make sure nginx is binding to the port conveyed in the PORT environment variable. It will not be able to bind port 80 because it's not running as root. This seems to be how the PHP buildpack accomplishes that for its nginx config: https://github.com/cloudfoundry/php-buildpack/blob/d9b1f27af8d5083401f0ac5e81f9578fc19b619f/defaults/config/nginx/server-defaults.conf#L2

Best,
Eric


Re: Reg executing sudo commands in DEA vm

Eric Malm <emalm@...>
 

On Thu, Jun 9, 2016 at 11:23 AM, Nithiyasri Gnanasekaran -X (ngnanase -
TECH MAHINDRA LIM at Cisco) <ngnanase(a)cisco.com> wrote:

Hi Eric



The error is “Permission Denied” on the port..

As you told, I tried with port 90.. Again the same error Permission
Denied..

I didn't tell you to use port 90. I said to use whatever CF provides to
your process in the PORT environment variable. The process isn't running as
root, so it won't be able to bind any port below 1024.



*From:* Eric Malm [mailto:emalm(a)pivotal.io]
*Sent:* Thursday, June 09, 2016 10:59 PM
*To:* Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM at Cisco) <
ngnanase(a)cisco.com>
*Cc:* Discussions about Cloud Foundry projects and the system overall. <
cf-dev(a)lists.cloudfoundry.org>; Jayarajan Ramapurath Kozhummal (jayark) <
jayark(a)cisco.com>

*Subject:* Re: [cf-dev] Re: Reg executing sudo commands in DEA vm



Hi, Nithiyasri,



As Amit already mentioned on another thread, you need to make sure nginx
is binding to the port conveyed in the PORT environment variable. It will
not be able to bind port 80 because it's not running as root. This seems to
be how the PHP buildpack accomplishes that for its nginx config:
https://github.com/cloudfoundry/php-buildpack/blob/d9b1f27af8d5083401f0ac5e81f9578fc19b619f/defaults/config/nginx/server-defaults.conf#L2
Best,
Eric


Re: Looking to do user interviews with larger OSS installations, focusing on logging and metrics

Jim CF Campbell
 

Hi Felix,

We'd love to work with you on understanding this. Could you drop a message
in the Loggregator OSS Slack
<https://cloudfoundry.slack.com/messages/loggregator/> channel so we can
have a conversation about this?

Danke schön!

Jim

On Thu, Jun 9, 2016 at 8:04 AM, Felix Friedrich <felix(a)fri.edri.ch> wrote:

Hello Jim,

I am working for Springer Nature in Berlin. As of now our experience
with the loggregator-trafficcontroller is is that it behaves like it has
a memory leak :-) We are actually wondering if anyone else has this
problem. We're running version 231 with 80 runners and 4
loggregator-trafficcontrollers and 8 dopplers.

As of now we're using the loggregator-trafficcontroller only to fetch
the logs from and send them into our ELK. In the future we'll also
consume metrics from it and I would be happy to share our experience
about that.

Please let me know if you have any information on other parties running
OSS installations with the same kind of problems on the loggregators.


Felix



On Thu, 5 May 2016, at 18:20, Jim CF Campbell wrote:
Hi cf-dev,

I'm the product manager for Loggregator. I'm looking for users on the
larger side to interview about your experiences, needs and wants for
logging and metrics in Cloud Foundry. I can also inform you of what we're
planning on doing in the future
<
https://docs.google.com/spreadsheets/d/1QOCUIlTkhGzVwfRji7Q14vczqkBbFGkiDWrJSKdRLRg/edit#gid=0

.

When you reply, please also indicate where you are, and if you would be
open to an onsite visit.

It's potentially a great benefit to get your input in - based on user
interviews with LDS and SAP, they both got features they want in the
roadmap. (but no promises :-)


--
Jim Campbell | Product Manager | Cloud Foundry | Pivotal.io |
303.618.0963
--
Jim Campbell | Product Manager | Cloud Foundry | Pivotal.io | 303.618.0963


Re: Reg executing sudo commands in DEA vm

Eric Malm <emalm@...>
 

Hi, Nithiyasri,

As Amit already mentioned on another thread, you need to make sure nginx is
binding to the port conveyed in the PORT environment variable. It will not
be able to bind port 80 because it's not running as root. This seems to be
how the PHP buildpack accomplishes that for its nginx config:
https://github.com/cloudfoundry/php-buildpack/blob/d9b1f27af8d5083401f0ac5e81f9578fc19b619f/defaults/config/nginx/server-defaults.conf#L2

Best,
Eric

On Thu, Jun 9, 2016 at 10:20 AM, Nithiyasri Gnanasekaran -X (ngnanase -
TECH MAHINDRA LIM at Cisco) <ngnanase(a)cisco.com> wrote:

Hi



Please let me know how can I bind the port 80 to a non root user.

Currently after starting nginx as a non root user, I cannot bind port 80
due to permission issue.



ERR nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)



Please let me know if non-portRootBinding can be done in the DEA/warden
container



Regards

Nithiyasri



*From:* Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM at
Cisco)
*Sent:* Wednesday, June 08, 2016 7:57 AM
*To:* 'Eric Malm' <emalm(a)pivotal.io>
*Cc:* Jayarajan Ramapurath Kozhummal (jayark) <jayark(a)cisco.com>
*Subject:* RE: [cf-dev] Re: Reg executing sudo commands in DEA vm



Hi Eric



Thanks much for the detailed explanation..

So when I do cf push, it happens in the container and that vcap user
cannot get sudo privileges.



So Please suggest me on how can I handle this. Now CF is restricting me
not to install Nginx, but which needs sudo privileges..

So can I not push an application, which uses Nginx in cloud foundry….



*ERR 2016/06/07 05:59:29 [warn] 34#0: the "user" directive makes sense
only if the master process runs with super-user privileges, ignored in
/home/vcap/app/nginx/conf/nginx.conf:5*





Regards

Nithiyasri



*From:* Eric Malm [mailto:emalm(a)pivotal.io <emalm(a)pivotal.io>]
*Sent:* Wednesday, June 08, 2016 2:23 AM
*To:* Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM at Cisco) <
ngnanase(a)cisco.com>
*Subject:* Re: [cf-dev] Re: Reg executing sudo commands in DEA vm



Responses inline.



On Tue, Jun 7, 2016 at 3:00 AM, Nithiyasri Gnanasekaran -X (ngnanase -
TECH MAHINDRA LIM at Cisco) <ngnanase(a)cisco.com> wrote:

1. vcap(a)e3da8039-ff08-4b9e-9492-922b0f4b30f4:/var/vcap/data/warden/depot/19k1kejlrto$
echo "c1oudc0w" | sudo -S ./test2.sh

[sudo] password for vcap: I am running test2.sh

In this case, you're running your script as the vcap user on the host VM,
not inside the container. You're able to use sudo as above because BOSH has
provisioned the vcap user with the default 'c1oudc0w' password and included
it in the admin group, which has sudo privileges. The vcap user inside the
container has a different configuration that comes from the filesystem that
applies inside the container.

2. Logging into wsh: If I do wsh , I cannot access the
depot/19k1kejlrto folder, because there is where the scripts are placed

vcap(a)e3da8039-ff08-4b9e-9492-922b0f4b30f4:/var/vcap/data/warden/depot/19k1kejlrto#
sudo ./bin/wsh

root(a)19k1kejlrto:~# ls

firstboot.sh

root(a)19k1kejlrto:~# pwd

/root

root(a)19k1kejlrto:~# cd /var/vcap/data/warden/depot/19k1kejlrto

bash: cd: /var/vcap/data/warden/depot/19k1kejlrto: No such file or
directory

root(a)19k1kejlrto:~# cd /var/vcap/data/warden/depot

bash: cd: /var/vcap/data/warden/depot: No such file or directory

root(a)19k1kejlrto:~# cd /var/vcap/data/

root(a)19k1kejlrto:/var/vcap/data# ls

dea_next



sudo su lands in the same location but via wsh, it lands in a different
folder and not accessible to the depot/19k1kejlrto .. But in both the
cases, they land in as root user only..

I could not decipher the difference..





One way in which warden (and garden-linux/garden-runc) containers are
isolated from the host is that they have a different root filesystem.
That's why you don't see the script files you wrote on the host inside the
container. As I mentioned above, that's also why the vcap user behaves
differently between the host VM and the container.



Thanks,

Eric


Re: Reg executing sudo commands in DEA vm

Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM@Cisco) <ngnanase at cisco.com...>
 

Hi

Please let me know how can I bind the port 80 to a non root user.
Currently after starting nginx as a non root user, I cannot bind port 80 due to permission issue.

ERR nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)

Please let me know if non-portRootBinding can be done in the DEA/warden container

Regards
Nithiyasri

From: Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM at Cisco)
Sent: Wednesday, June 08, 2016 7:57 AM
To: 'Eric Malm' <emalm(a)pivotal.io>
Cc: Jayarajan Ramapurath Kozhummal (jayark) <jayark(a)cisco.com>
Subject: RE: [cf-dev] Re: Reg executing sudo commands in DEA vm

Hi Eric

Thanks much for the detailed explanation..
So when I do cf push, it happens in the container and that vcap user cannot get sudo privileges.

So Please suggest me on how can I handle this. Now CF is restricting me not to install Nginx, but which needs sudo privileges..
So can I not push an application, which uses Nginx in cloud foundry….

ERR 2016/06/07 05:59:29 [warn] 34#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /home/vcap/app/nginx/conf/nginx.conf:5


Regards
Nithiyasri

From: Eric Malm [mailto:emalm(a)pivotal.io]
Sent: Wednesday, June 08, 2016 2:23 AM
To: Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM at Cisco) <ngnanase(a)cisco.com<mailto:ngnanase(a)cisco.com>>
Subject: Re: [cf-dev] Re: Reg executing sudo commands in DEA vm

Responses inline.

On Tue, Jun 7, 2016 at 3:00 AM, Nithiyasri Gnanasekaran -X (ngnanase - TECH MAHINDRA LIM at Cisco) <ngnanase(a)cisco.com<mailto:ngnanase(a)cisco.com>> wrote:
1. vcap(a)e3da8039-ff08-4b9e-9492-922b0f4b30f4:/var/vcap/data/warden/depot/19k1kejlrto$ echo "c1oudc0w" | sudo -S ./test2.sh

[sudo] password for vcap: I am running test2.sh
In this case, you're running your script as the vcap user on the host VM, not inside the container. You're able to use sudo as above because BOSH has provisioned the vcap user with the default 'c1oudc0w' password and included it in the admin group, which has sudo privileges. The vcap user inside the container has a different configuration that comes from the filesystem that applies inside the container.

2. Logging into wsh: If I do wsh , I cannot access the depot/19k1kejlrto folder, because there is where the scripts are placed
vcap(a)e3da8039-ff08-4b9e-9492-922b0f4b30f4:/var/vcap/data/warden/depot/19k1kejlrto# sudo ./bin/wsh
root(a)19k1kejlrto:~# ls
firstboot.sh
root(a)19k1kejlrto:~# pwd
/root
root(a)19k1kejlrto:~# cd /var/vcap/data/warden/depot/19k1kejlrto
bash: cd: /var/vcap/data/warden/depot/19k1kejlrto: No such file or directory
root(a)19k1kejlrto:~# cd /var/vcap/data/warden/depot
bash: cd: /var/vcap/data/warden/depot: No such file or directory
root(a)19k1kejlrto:~# cd /var/vcap/data/
root(a)19k1kejlrto:/var/vcap/data# ls
dea_next

sudo su lands in the same location but via wsh, it lands in a different folder and not accessible to the depot/19k1kejlrto .. But in both the cases, they land in as root user only..
I could not decipher the difference..


One way in which warden (and garden-linux/garden-runc) containers are isolated from the host is that they have a different root filesystem. That's why you don't see the script files you wrote on the host inside the container. As I mentioned above, that's also why the vcap user behaves differently between the host VM and the container.

Thanks,
Eric


Re: Looking to do user interviews with larger OSS installations, focusing on logging and metrics

Felix Friedrich
 

Hello Jim,

I am working for Springer Nature in Berlin. As of now our experience
with the loggregator-trafficcontroller is is that it behaves like it has
a memory leak :-) We are actually wondering if anyone else has this
problem. We're running version 231 with 80 runners and 4
loggregator-trafficcontrollers and 8 dopplers.

As of now we're using the loggregator-trafficcontroller only to fetch
the logs from and send them into our ELK. In the future we'll also
consume metrics from it and I would be happy to share our experience
about that.

Please let me know if you have any information on other parties running
OSS installations with the same kind of problems on the loggregators.


Felix

On Thu, 5 May 2016, at 18:20, Jim CF Campbell wrote:
Hi cf-dev,

I'm the product manager for Loggregator. I'm looking for users on the
larger side to interview about your experiences, needs and wants for
logging and metrics in Cloud Foundry. I can also inform you of what we're
planning on doing in the future
<https://docs.google.com/spreadsheets/d/1QOCUIlTkhGzVwfRji7Q14vczqkBbFGkiDWrJSKdRLRg/edit#gid=0>
.

When you reply, please also indicate where you are, and if you would be
open to an onsite visit.

It's potentially a great benefit to get your input in - based on user
interviews with LDS and SAP, they both got features they want in the
roadmap. (but no promises :-)


--
Jim Campbell | Product Manager | Cloud Foundry | Pivotal.io |
303.618.0963


Re: cf-plex: Run commands against multiple Cloud Foundry instances

Daniel Jones
 

Hi all,

Based on user feedback, cf-plex <https://github.com/EngineerBetter/cf-plex>
now has group management. This allows you to add CloudController APIs to
named groups, and then run a command against all APIs in that group as
follows:

cf-plex add-api -g nonprod https://api.np.dc1.example.com username password
cf-plex add-api -g nonprod https://api.np.dc2.example.com username password
cf-plex add-api -g prod https://api.dc1.example.com username password
cf-plex add-api -g prod https://api.dc2.example.com username password
# some time later...
cf-plex -g nonprod update-security-group off-paas-dbs dbs-nonprod.json
cf-plex -g prod update-security-group off-paas-dbs dbs-prod.json

Additionally compiled binaries for OSX, Linux and Windows are now available
<https://github.com/EngineerBetter/cf-plex/releases/tag/v1.3.0> for those
of you who don't have a Go development environment.

Feedback would be most gratefully received, and we're always keen to hear
use cases and pain points from people operating multiple CFs.

Regards,
Daniel Jones - CTO
+44 (0)79 8000 9153
@DanielJonesEB <https://twitter.com/DanielJonesEB>
*EngineerBetter* Ltd <http://www.engineerbetter.com> - UK Cloud Foundry
Specialists

On Tue, May 31, 2016 at 4:17 PM, Daniel Jones <
daniel.jones(a)engineerbetter.com> wrote:

Hi all,

Operating multiple Cloud Foundry instances can be a hassle, so I made
cf-plex:

https://github.com/EngineerBetter/cf-plex

It's a shim that manages a list of Cloud Controllers, and runs the given
command against each of them. There's also a batch mode that uses
environment variables to specify a list of Cloud Controllers, for when you
don't want to have to manage them manually.

Some users have asked for group management - ie being able to create a
group called things like "dev" and "non-prod", associate API details with
each group, and be able to switch between them easily. I'm keen to get more
feedback on usage before adding that feature, so please get in touch if you
think you might benefit from that.

This clearly isn't the right architectural solution to the problem, but it
*will* help the lives of those manually operating multiple Cloud Foundry
instances, and it'll help reduce the likelihood of human error too.

Feedback and bug reports would be most welcome.

Regards,
Daniel Jones - CTO
+44 (0)79 8000 9153
@DanielJonesEB <https://twitter.com/DanielJonesEB>
*EngineerBetter* Ltd <http://www.engineerbetter.com> - UK Cloud Foundry
Specialists


CF CLI v6.19.0 Released Today

Koper, Dies <diesk@...>
 

The CF CLI team just cut 6.19.0. Binaries and link to release notes are available at:

https://github.com/cloudfoundry/cli#downloads

Space Quota for Reserved Route Ports

Space quota related commands have been enhanced to enable setting, updating or retrieving the limit on the total number of reserved ports that can be used to create routes within a space. This can be used to distribute a limited number of available ports over multiple spaces for use in TCP routes.
This feature requires the target CF release to be v236 (CC API v2.55.0) or higher.

Display Suggestions

When you mistype a command, e.g. cf craete-service, the cf CLI will try to display a suggestion of the command you may have meant.

Safe hostnames

Routes created with random hostnames could lead to embarrassing situations as words were picked from a bundled dictionary. The dictionary has been filtered, removing profanity, swear words and other questionable words.

App Start Hang

Fixed an issue where the cf CLI could hang while attempting to start an app due to an issue in the loggregator_consumer and noaa libraries.

Fixed Regressions

* Linux 64 bit release Some users reported panics with the Linux 64 bit binaries since cf CLI 6.18.0. We fixed a build issue that resolves these issues. (#848<https://github.com/cloudfoundry/cli/issues/848>, #843<https://github.com/cloudfoundry/cli/issues/843>)
* cf org, cf space A regression in cf CLI 6.18.0 caused most values for the fields displayed by cf org and cf space to not appear.
* cf disable-service-access A change in cf CLI 6.18.1 to improve this command's performance caused a regression.

Updated Commands

* create-space-quota, update-space-quota, space-quotas, space-quota, space and org now take an argument to set/update the reserved route port quota, or display it.
* set-env now displays the app name in the restage tip (#832<https://github.com/cloudfoundry/cli/issues/832>)
* push no longer interweaves output when pushing multiple apps while the doppler endpoint is not accessible.
* push no longer fails due to a rare race condition while tailing logs when starting an app (#850<https://github.com/cloudfoundry/cli/issues/850>)
Enjoy!

Regards,
Dies Koper
Cloud Foundry CLI PM


Re: Exposing Multiple Ports from an Application

Shannon Coen
 

On Wed, Jun 8, 2016 at 5:03 AM, Isuru Haththotuwa <isurulucky(a)gmail.com>
wrote:

Hi Shannon,

Thanks for the reply.

On Wed, Jun 8, 2016 at 4:36 AM, Shannon Coen <scoen(a)pivotal.io> wrote:

If I understand you correctly, you would like your application to receive
requests on multiple ports. Is that correct? Does it matter what ports your
application clients send requests to? Could you please share the details of
your use cases for this functionality?
The usecase is that an application listening to multiple types of traffic
(http, tcp, binary, etc.) from multiple ports exposed in the container.
Therefore I guess we would need to have multiple ports open from the host
side as well.
If your application receives http traffic on more than one port, you would
not need another port opened, only another route. For non-HTTP traffic, you
would need a TCP route (with a reserved port) for each app port. The route
ports will not match your application ports. Does this sound like it would
fulfill your needs?



Currently HTTP requests may only be sent to 80 or 443. Your app may
receive requests on one port only. On DEAs, this port is randomized and can
be discovered from the $PORT env var. On Diego, this env var is also
present but is always 8080.

This isn't a limitation of Diego; Diego will open whatever container
ports a client tells it to. However, we have not yet added the business
logic to Cloud Controller to expose management of these ports to
application developers.

You discovered that two ports are already opened on the container. The
second port is opened automatically in support of the feature that enables
a developer to SSH into the container. The env var you identified, CF_INSTANCE_PORTS,
is a list of all ports opened on the container. This env var should be
considered an internal implementation detail as it contains ports used by
internal system components to which an app should not bind. The env var is
documented as there are a few use cases where an app needs to know what the
host port is.

We do plan to enable applications to listen on multiple ports. Clients
will still make HTTP requests to 80 or 443, but a developer will be able to
specify the application port when mapping a route to an application.

E.g.
myapp.cf.com -> myapp listening on 8080
myapp.cf.com/admin -> myapp listening on 6000

I'm currently drafting a proposal for this feature and will share it soon
for feedback.
This is indeed great news!


If your clients must call your application on a port besides 80 or 443, I
would recommend exploring our support for TCP routing (see the CLI help
file for create-route). Developers can reserve non-standard ports for a
route, like tcp.cf.com:6000, and CF will route requests for it to your
application port on 8080. After we deliver support for custom app ports, as
described above, you would be able to specify both the route port and the
app port.





Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

On Tue, Jun 7, 2016 at 1:18 AM, Isuru Haththotuwa <isurulucky(a)gmail.com>
wrote:

Hi all,

Is it possible to expose two ports of an Application via from CF to
external traffic, via an externally routable address and multiple ports?

While going through the documentation, came across [1], which suggests
that requests are served from port 80 and 443 only. However, while trying
out the sample spring application [2] on CF (using the hosted CF in pivotal
web services), I could actually see that there are multiple port mappings
defined by invoking the rest API [3]. Additionally, in pivotal.io docs,
I see the definition of CF-INSTANCE-PORTS, which seems to support multiple
port mappings from host to container.

I'm curios to know if exposing multiple ports from the host and
container side is possible.

Thanks in advance.

[1].
https://docs.cloudfoundry.org/devguide/deploy-apps/prepare-to-deploy.html#ports

[2]. https://github.com/cloudfoundry-samples/spring-music

[3].
{
"0": {
"state": "RUNNING",
"stats": {
"name": "spring-music",
"uris": [
"spring-music-moonlit-melioration.cfapps.io"
],
"host": "10.10.115.53",
"port": 64248,
"net_info": {
"address": "10.10.115.53",
* "ports": [*
* {*
* "container_port": 8080,*
* "host_port": 64248*
* },*
* {*
* "container_port": 2222,*
* "host_port": 64249*
* }*
* ]*
},
"uptime": 9484,
"mem_quota": 536870912,
"disk_quota": 1073741824,
"fds_quota": 16384,
"usage": {
"time": "2016-05-20T11:12:38.944471672Z",
"cpu": 0.0010850797743361504,
"mem": 460423168,
"disk": 166739968
}
}
}
}

[4].
http://docs.run.pivotal.io/devguide/deploy-apps/environment-variable.html#CF-INSTANCE-PORTS


--
Thanks and Regards,
Isuru


Re: Why Openstack: N/A for stemcell versions in v237 release notes?

Dr Nic Williams <drnicwilliams@...>
 

A fine and worthy shameless plug. Well played!

On Thu, Jun 9, 2016 at 4:28 AM +1000, "Amit Gupta" <agupta(a)pivotal.io> wrote:










Hi Tom,
Apologies for having had several releases with "N/A" under the OpenStack stemcell.  We had a very lengthy process of obtaining a working OpenStack environment from our provider.  While waiting for the environment, the Release Integration team picked up a track of work on adding Diego to our pipelines that we're still in the middle of, and we've also had several high urgency security issues that have pre-empted other work in our backlog.  The Diego and security tracks are wrapping up, and rebooting our OpenStack environment is one of our next two tracks of work in our roadmap [0].  At our current team strength we are able to parallelize two tracks of work, so we will be getting to this soon.
I'll use this as an opportunity for a shameless plug.  If you're interested in how Cloud Foundry is integrated, released, and deployed, I welcome you to dojo [1] with Pivotal on the Release Integration team.  This team is responsible for the pipelines which fully certify and ship the Cloud Foundry release, and are building the BOSH 2.0 manifests for Cloud Foundry for the community to use.
[0] https://www.pivotaltracker.com/n/projects/1382120[1] https://www.cloudfoundry.org/community/contribute/dojos/
Cheers,Amit

On Wed, Jun 8, 2016 at 6:05 AM, Tom Sherrod <tom.sherrod(a)gmail.com> wrote:
AWS: light-bosh-stemcell-3232.3-aws-xen-hvm-ubuntu-trusty-go_agent

vSphere: bosh-stemcell-3232.3-vsphere-esxi-ubuntu-trusty-go_agent

OpenStack: N/A

BOSH-Lite: bosh-stemcell-3147-warden-boshlite-ubuntu-trusty-go_agent



What's up with the N/A?



Thanks,

Tom


Re: Why Openstack: N/A for stemcell versions in v237 release notes?

Amit Kumar Gupta
 

Hi Tom,

Apologies for having had several releases with "N/A" under the OpenStack
stemcell. We had a very lengthy process of obtaining a working OpenStack
environment from our provider. While waiting for the environment, the
Release Integration team picked up a track of work on adding Diego to our
pipelines that we're still in the middle of, and we've also had several
high urgency security issues that have pre-empted other work in our
backlog. The Diego and security tracks are wrapping up, and rebooting our
OpenStack environment is one of our next two tracks of work in our roadmap [
0 <https://www.pivotaltracker.com/n/projects/1382120>]. At our current
team strength we are able to parallelize two tracks of work, so we will be
getting to this soon.

I'll use this as an opportunity for a shameless plug. If you're interested
in how Cloud Foundry is integrated, released, and deployed, I welcome you
to dojo [1 <https://www.cloudfoundry.org/community/contribute/dojos/>] with
Pivotal on the Release Integration team. This team is responsible for the
pipelines which fully certify and ship the Cloud Foundry release, and are
building the BOSH 2.0 manifests for Cloud Foundry for the community to use.

[0] https://www.pivotaltracker.com/n/projects/1382120
[1] https://www.cloudfoundry.org/community/contribute/dojos/

Cheers,
Amit

On Wed, Jun 8, 2016 at 6:05 AM, Tom Sherrod <tom.sherrod(a)gmail.com> wrote:

AWS: light-bosh-stemcell-3232.3-aws-xen-hvm-ubuntu-trusty-go_agent
vSphere: bosh-stemcell-3232.3-vsphere-esxi-ubuntu-trusty-go_agent
OpenStack: N/A
BOSH-Lite: bosh-stemcell-3147-warden-boshlite-ubuntu-trusty-go_agent

What's up with the N/A?

Thanks,
Tom


Why Openstack: N/A for stemcell versions in v237 release notes?

Tom Sherrod <tom.sherrod@...>
 

AWS: light-bosh-stemcell-3232.3-aws-xen-hvm-ubuntu-trusty-go_agent
vSphere: bosh-stemcell-3232.3-vsphere-esxi-ubuntu-trusty-go_agent
OpenStack: N/A
BOSH-Lite: bosh-stemcell-3147-warden-boshlite-ubuntu-trusty-go_agent

What's up with the N/A?

Thanks,
Tom