Date   

Re: How to listen to space deletion events?

Piotr Przybylski <piotrp@...>
 

Hi Nicholas,
is that behavior influenced by the 'recursive' flag on the Space DELETE
request?
Also, does the CC stop and delete applications in the deleted space ? How
is that influenced by the 'recursive' flag ?

Thank you,

Piotr

Piotr Przybylski, IBM Bluemix




From: Nicholas Calugar <ncalugar(a)pivotal.io>
To: "Discussions about Cloud Foundry projects and the system
overall." <cf-dev(a)lists.cloudfoundry.org>
Date: 06/28/2016 11:51 AM
Subject: [cf-dev] Re: Re: Re: Re: How to listen to space deletion
events?



Hi Padma,

Apologies for the delay. In the case of a space with a service instance, if
the space is deleted, the Cloud Controller sends a deprovision request to
the service broker. The broker is responsible for properly handling the
deprovision, what other cleanup do you have in mind?


-Nick

On Sun, Jun 19, 2016 at 4:42 PM, Padmashree B <padmashree.b(a)sap.com> wrote:
Hi,

Any suggestion on this?

Thanks,
Padma



--
Nicholas Calugar
Product Manager - Cloud Foundry API
Pivotal Software, Inc.


Re: Emitting service instance logs to dopplr

Mike Youngstrom
 

I'm not sure I understand you're question. We have several brokers that
write to loggregator. We just use the app guid passed in when binding and
log messages using a dropsonde client library for the platform we are using.

This wouldn't work if your broker is also a CF app is that your case?

Mike

On Tue, Jun 28, 2016 at 3:10 PM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

If not via dopplr, can you please share "state of the art" for how are
your service brokers exposing backend logs to end users?

Nic





On Tue, Jun 28, 2016 at 9:41 AM +1000, "Dr Nic Williams" <
drnicwilliams(a)gmail.com> wrote:

Has anyone implemented (and has some sample code/OSS project) for a
service broker implementation to emit logs/events back into dopplr for each
service binding's app?

Nic



Re: Emitting service instance logs to dopplr

Dr Nic Williams <drnicwilliams@...>
 

If not via dopplr, can you please share "state of the art" for how are your service brokers exposing backend logs to end users?
Nic

On Tue, Jun 28, 2016 at 9:41 AM +1000, "Dr Nic Williams" <drnicwilliams(a)gmail.com> wrote:










Has anyone implemented (and has some sample code/OSS project) for a service broker implementation to emit logs/events back into dopplr for each service binding's app?
Nic


Re: How shoulld I debug a blobstore error?

Amit Kumar Gupta
 

Hi Eyal,

Some background info on routes, domains, the system domain, and apps
domains.

Cloud Foundry deployments include a component called the gorouter. It
essentially holds a routing table (actually a trie) in memory that maps
routes to IPs and ports. So "foo.mysystemdomain.com" might map to some
collection of IPs and ports, and "bar.myappsdomain.com" can map to other
IPs and ports. All publicly routable things in cloud foundry typically
have a route registered on their behalf with the gorouter. This includes
system components, like cloud controller, as well as all (routable) apps
pushed to the CF platform by developers.

The gorouter doesn't have a notion of domain ownership, but a platform
operator might want to make sure that an app developer doesn't try to claim
the same route as the Cloud Controller. And since CF is designed for
multitenancy, one organization might have their own custom app domain, and
may want to make sure other organizations can't use the same app domain for
their application routes.

A typical pattern to deal with this is to have all system components (CC,
UAA, etc.) that need to register routes to do so using routes that use a
special "system domain" that will not be accessible to user applications.
"domains" are owned by "organizations" in the cloud controller view of the
world, so typically a "dummy" system organization is created to own the
system domain, and this prevents it from being used by any other orgs that
users create. In practice, this "dummy" org is not a dummy, and actually
used for applications, e.g. if your Cloud Foundry installation has a custom
user portal, e.g. https://console.run.pivotal.io.

Separate from system components, users' applications also need routes. By
default, they will be given a route of the form
${app_name}.${default_shared_app_domain}. While it's technically possible
to use the same domain for the apps domain and system domain, it's not
recommended, because then random users could push an app called "api" for
example, and the gorouter would balance traffic intended for the CC between
the CC and this random app.

If you search http://docs.cloudfoundry.org/deploying/aws/cf-stub.html for
"system_domain" you can see editing instructions that recommend how to set
system domain and apps domains. In your case, I would recommend:

system_domain: sys.10.60.18.186.xip.io
app_domains:
- apps.10.60.18.186.xip.io

If you update your stub thusly, you then need to regenerate your manifest
and redeploy to make sure this has all been updated across the board. The
fact that your output shows "login.sysdomain.10.60.18.186.xip.io" and "
api.10.60.18.186.xip.io" suggest there's something inconsistent about how
the system domain is being used throughout your manifest. If you follow
the above recommendations, you would use

cf api api.sys.api.10.60.18.186.xip.io --skip-ssl-validation

Best,
Amit
<http://docs.cloudfoundry.org/deploying/aws/cf-stub.html>

On Tue, Jun 28, 2016 at 1:31 PM, Eyal Shalev <eshalev(a)cisco.com> wrote:

For lack of guidance I went ahead and changed all three occurances.
I still get a 404. But it seems to happen later on:
cf api api.10.60.18.186.xip.io --skip-ssl-validation
Setting api endpoint to api.10.60.18.186.xip.io...
OK


API endpoint: https://api.10.60.18.186.xip.io (API version: 2.56.0)
Not logged in. Use 'cf login' to log in.


cf login -v --skip-ssl-validation
API endpoint: https://api.10.60.18.186.xip.io

REQUEST: [2016-06-28T20:28:17Z]
GET /v2/info HTTP/1.1
Host: api.10.60.18.186.xip.io
Accept: application/json
Content-Type: application/json
User-Agent: go-cli 6.19.0+b29b4e0 / linux



RESPONSE: [2016-06-28T20:28:17Z]
HTTP/1.1 200 OK
Content-Length: 580
Content-Type: application/json;charset=utf-8
Date: Tue, 28 Jun 2016 20:28:23 GMT
Server: nginx
X-Content-Type-Options: nosniff
X-Vcap-Request-Id: 1444e97c-1562-46d4-6820-fe06d920e947
X-Vcap-Request-Id:
1444e97c-1562-46d4-6820-fe06d920e947::b7301932-6078-4334-82ff-46fa76d0032c

{"name":"","build":"","support":"http://support.cloudfoundry.com
","version":0,"description":"","authorization_endpoint":"
http://login.sysdomain.10.60.18.186.xip.io","token_endpoint":"
https://uaa.10.60.18.186.xip.io
","min_cli_version":null,"min_recommended_cli_version":null,"api_version":"2.56.0","app_ssh_endpoint":"
ssh.sysdomain.10.60.18.186.xip.io:2222
","app_ssh_host_key_fingerprint":null,"app_ssh_oauth_client":"ssh-proxy","logging_endpoint":"wss://
loggregator.sysdomain.10.60.18.186.xip.io:4443
","doppler_logging_endpoint":"wss://
doppler.sysdomain.10.60.18.186.xip.io:4443"}

REQUEST: [2016-06-28T20:28:17Z]
GET /login HTTP/1.1
Host: login.sysdomain.10.60.18.186.xip.io
Accept: application/json
Content-Type: application/json
User-Agent: go-cli 6.19.0+b29b4e0 / linux



RESPONSE: [2016-06-28T20:28:17Z]
HTTP/1.1 404 Not Found
Content-Length: 124
Cache-Control: no-store
Content-Language: en-US
Content-Type: application/json;charset=UTF-8
Date: Tue, 28 Jun 2016 20:28:24 GMT
Server: Apache-Coyote/1.1
X-Vcap-Request-Id: a43cdd2a-1c0f-4f8d-7439-8174c88c7fde

{"passwd":"https://console.10.60.18.186.xip.io/password_resets/new
","signup":"https://console.10.60.18.186.xip.io/register"}


API endpoint: https://api.10.60.18.186.xip.io (API version: 2.56.0)
Not logged in. Use 'cf login' to log in.
FAILED
Server error, status code: 404, error code: , message:


Re: How shoulld I debug a blobstore error?

Eyal Shalev
 

For lack of guidance I went ahead and changed all three occurances.
I still get a 404. But it seems to happen later on:
cf api api.10.60.18.186.xip.io --skip-ssl-validation
Setting api endpoint to api.10.60.18.186.xip.io...
OK


API endpoint: https://api.10.60.18.186.xip.io (API version: 2.56.0)
Not logged in. Use 'cf login' to log in.


cf login -v --skip-ssl-validation
API endpoint: https://api.10.60.18.186.xip.io

REQUEST: [2016-06-28T20:28:17Z]
GET /v2/info HTTP/1.1
Host: api.10.60.18.186.xip.io
Accept: application/json
Content-Type: application/json
User-Agent: go-cli 6.19.0+b29b4e0 / linux



RESPONSE: [2016-06-28T20:28:17Z]
HTTP/1.1 200 OK
Content-Length: 580
Content-Type: application/json;charset=utf-8
Date: Tue, 28 Jun 2016 20:28:23 GMT
Server: nginx
X-Content-Type-Options: nosniff
X-Vcap-Request-Id: 1444e97c-1562-46d4-6820-fe06d920e947
X-Vcap-Request-Id: 1444e97c-1562-46d4-6820-fe06d920e947::b7301932-6078-4334-82ff-46fa76d0032c

{"name":"","build":"","support":"http://support.cloudfoundry.com","version":0,"description":"","authorization_endpoint":"http://login.sysdomain.10.60.18.186.xip.io","token_endpoint":"https://uaa.10.60.18.186.xip.io","min_cli_version":null,"min_recommended_cli_version":null,"api_version":"2.56.0","app_ssh_endpoint":"ssh.sysdomain.10.60.18.186.xip.io:2222","app_ssh_host_key_fingerprint":null,"app_ssh_oauth_client":"ssh-proxy","logging_endpoint":"wss://loggregator.sysdomain.10.60.18.186.xip.io:4443","doppler_logging_endpoint":"wss://doppler.sysdomain.10.60.18.186.xip.io:4443"}

REQUEST: [2016-06-28T20:28:17Z]
GET /login HTTP/1.1
Host: login.sysdomain.10.60.18.186.xip.io
Accept: application/json
Content-Type: application/json
User-Agent: go-cli 6.19.0+b29b4e0 / linux



RESPONSE: [2016-06-28T20:28:17Z]
HTTP/1.1 404 Not Found
Content-Length: 124
Cache-Control: no-store
Content-Language: en-US
Content-Type: application/json;charset=UTF-8
Date: Tue, 28 Jun 2016 20:28:24 GMT
Server: Apache-Coyote/1.1
X-Vcap-Request-Id: a43cdd2a-1c0f-4f8d-7439-8174c88c7fde

{"passwd":"https://console.10.60.18.186.xip.io/password_resets/new","signup":"https://console.10.60.18.186.xip.io/register"}


API endpoint: https://api.10.60.18.186.xip.io (API version: 2.56.0)
Not logged in. Use 'cf login' to log in.
FAILED
Server error, status code: 404, error code: , message:


Re: How to listen to space deletion events?

Nicholas Calugar
 

Hi Padma,

Apologies for the delay. In the case of a space with a service instance, if
the space is deleted, the Cloud Controller sends a deprovision request to
the service broker. The broker is responsible for properly handling the
deprovision, what other cleanup do you have in mind?


-Nick

On Sun, Jun 19, 2016 at 4:42 PM, Padmashree B <padmashree.b(a)sap.com> wrote:

Hi,

Any suggestion on this?

Thanks,
Padma
--
Nicholas Calugar
Product Manager - Cloud Foundry API
Pivotal Software, Inc.


Re: UAA Multi-Tenant Hierarchical Groups

Sree Tummidi
 

Hello Brian,

UAA supports hierarchical groups in any given Identity Zone (aka UAA Tenant)
The Groups in a given UAA Identity Zone are unique.

Please refer to the documentation here :
http://docs.cloudfoundry.org/api/uaa/#add-member
The Type in your case will be 'GROUP'


Thanks,
Sree Tummidi
Sr. Product Manager
Identity - Pivotal Cloud Foundry


On Tue, Jun 28, 2016 at 9:16 AM, Bryan Perino <Bryan.Perino(a)gmail.com>
wrote:

Hello All,

Does UAA support Multi-Tenant Hierarchical groups? By this I mean can I
have a GroupParent -> GroupChild relationship? The documentation mentioned
that the groupName is unique per UAA as well, so I would have to have some
sort of prefix for a tenant. Each tenant would want to model their groups
based on their organization's internal structure. So, I could have
coke.GroupParent -> coke.groupChild, or something like that.

Is there out of the box support for this in UAA?

Thank you for any guidance.


Re: Spring OAuth not retrieving scopes from UAA

Madhura Bhave
 

Ok, so the oauth-client that is registered with the UAA for this
application (app) only has the openid scope. If you want this client to be
able to request other scopes on behalf of the user you would need to add
them to the list of scopes on this client in the uaa.yml.

This is where you would add them:
https://gist.github.com/bryantp/2bfc4538f36f28ba285fda84c59b89f8#file-uaa-yml-L17

On Tue, Jun 28, 2016 at 9:13 AM, Bryan Perino <Bryan.Perino(a)gmail.com>
wrote:

It's a custom client that I wrote (Just a Spring Application). Here is the
YAML file that configures the client:

https://gist.github.com/bryantp/82111bbcbc0db8be701b389fd0f490e9


UAA Multi-Tenant Hierarchical Groups

Bryan Perino
 

Hello All,

Does UAA support Multi-Tenant Hierarchical groups? By this I mean can I have a GroupParent -> GroupChild relationship? The documentation mentioned that the groupName is unique per UAA as well, so I would have to have some sort of prefix for a tenant. Each tenant would want to model their groups based on their organization's internal structure. So, I could have coke.GroupParent -> coke.groupChild, or something like that.

Is there out of the box support for this in UAA?

Thank you for any guidance.


Re: Spring OAuth not retrieving scopes from UAA

Bryan Perino
 

It's a custom client that I wrote (Just a Spring Application). Here is the YAML file that configures the client:

https://gist.github.com/bryantp/82111bbcbc0db8be701b389fd0f490e9


Buildpack creators and maintainers wanted!

Danny Rosen
 

The CF Buildpacks team will be conducting user research in July and would
like to speak to community members who have experience:

- Creating new buildpacks
- Maintaining buildpacks bits
- Managing buildpacks within a CF environment

If you're interested in providing your opinion and are open to a 30 minute
conversation please fill out this short form <https://goo.gl/YCzALr>.

Thanks!

-Cloud Foundry Buildpacks team


Re: How shoulld I debug a blobstore error?

Eyal Shalev
 

PS with regards to above comment the login.10.60.18.186.xip.io literal appears not only under the route_registrar, but also here (should it be changed as well?):

login:
authorities: oauth.login,scim.write,clients.read,notifications.write,critical_notifications.write,emails.write,scim.userids,password.write
authorized-grant-types: authorization_code,client_credentials,refresh_token
autoapprove: true
override: true
redirect-uri: https://login.10.60.18.186.xip.io


Re: Retrieve __VCAP__ID from instance_ID

Vinod A
 

I did CF push and push is successful but the app is not starting and in the logs I see the errors the I pasted.

API endpoint: https://api.ng.bluemix.net (API version: 2.44.0)
User: vinod_app(a)in.ibm.com

Not sure if its supported or now. Can I verify using a quick test ?.

Thanks,
Vinod


Re: How shoulld I debug a blobstore error?

Eyal Shalev
 

Thanks for replying, but I'm not sure I understand your instructions.
I'm not sure what "check the route registrar merge" means.

Do you mean that I should change the last 2 lines in cf-deployment.yml as such:

- instances: 1
name: uaa_z1
...
properties:
.....
route_registrar:
routes:
........
uris:
- uaa.10.60.18.186.xip.io
- '*.uaa.10.60.18.186.xip.io'
- login.sysdomain.10.60.18.186.xip.io
- '*.login.sysdomain.10.60.18.186.xip.io'


Re: How shoulld I debug a blobstore error?

Ronak Banka
 

Regarding z2 number of instances are 0 so it is same as having just 1 zone.

For login route error , route registrar on uaa job is adding
login.10.60.18.186.xip.io to routes but from cloud controller config login
endpoint is http://login.sysdomain.10.60.18.186.xip.io" which is why you
are not able to login.

Can you check the route registrar merge , and replace with system domain
instead of domain.

On Tue, Jun 28, 2016 at 2:28 PM, Eyal Shalev <eshalev(a)cisco.com> wrote:

It seems to have generated two of them even through I am not using 2 zones.
Also I see port 8080 mentioned somewhere in there, as mentioned before
port 8080 is only opened internally in the security group (between the CF
nodes). Should it also be opened up for the client? (what are the ports
that the the client needs to function [I have identified ports 80 and 443]
).

Here is the config:

- instances: 1
name: uaa_z1
networks:
- name: cf1
properties:
consul:
agent:
services:
uaa: {}
metron_agent:
zone: z1
route_registrar:
routes:
- health_check:
name: uaa-healthcheck
script_path: /var/vcap/jobs/uaa/bin/health_check
name: uaa
port: 8080
registration_interval: 4s
tags:
component: uaa
uris:
- uaa.10.60.18.186.xip.io
- '*.uaa.10.60.18.186.xip.io'
- login.10.60.18.186.xip.io
- '*.login.10.60.18.186.xip.io'
uaa:
proxy:
servers:
- 192.168.10.69
resource_pool: medium_z1
templates:
- name: uaa
release: cf
- name: metron_agent
release: cf
- name: consul_agent
release: cf
- name: route_registrar
release: cf
- name: statsd-injector
release: cf
update: {}
- instances: 0
name: uaa_z2
networks:
- name: cf2
properties:
consul:
agent:
services:
uaa: {}
metron_agent:
zone: z2
route_registrar:
routes:
- health_check:
name: uaa-healthcheck
script_path: /var/vcap/jobs/uaa/bin/health_check
name: uaa
port: 8080
registration_interval: 4s
tags:
component: uaa
uris:
- uaa.10.60.18.186.xip.io
- '*.uaa.10.60.18.186.xip.io'
- login.10.60.18.186.xip.io
- '*.login.10.60.18.186.xip.io'
uaa:
proxy:
servers:
- 192.168.10.69
resource_pool: medium_z2
templates:
- name: uaa
release: cf
- name: metron_agent
release: cf
- name: consul_agent
release: cf
- name: route_registrar
release: cf
- name: statsd-injector
release: cf
update: {}


Re: Spring OAuth not retrieving scopes from UAA

Madhura Bhave
 

Hi Brian,

The scopes that end up in the access token are the intersection of the client scopes and the user scopes. Which oauth client have you configured your spring cloud application with?

Thanks,
Madhura

On Jun 27, 2016, at 2:57 PM, Bryan Perino <Bryan.Perino(a)gmail.com> wrote:

Hello All,

Brand new to Cloud Foundry. I have hooked up a Spring Cloud Application to a UAA server and gotten it to authenticate properly. However, I noticed that none of the scopes that I defined in uaa.yml for the user are showing up in the resource server backend.

Here is a link to the debugging session of what I can see: http://imgur.com/6wTYpQD
Here is the code I am debugging:

@RequestMapping("/")
public Message home(OAuth2Authentication principal) {
System.out.println(principal.getName());
return new Message("Hello World");
}

The screenshot is the value of the 'principal' variable. I have set the Spring Security yml variables for the resource server like so:

security:
oauth2:
resource:
userInfoUri: http://localhost:8080/uaa/userinfo

and here is the relevant parts from the uaa.yml:

https://gist.github.com/bryantp/2bfc4538f36f28ba285fda84c59b89f8

Thanks for any help.


Re: How shoulld I debug a blobstore error?

Eyal Shalev
 

It seems to have generated two of them even through I am not using 2 zones.
Also I see port 8080 mentioned somewhere in there, as mentioned before port 8080 is only opened internally in the security group (between the CF nodes). Should it also be opened up for the client? (what are the ports that the the client needs to function [I have identified ports 80 and 443] ).

Here is the config:

- instances: 1
name: uaa_z1
networks:
- name: cf1
properties:
consul:
agent:
services:
uaa: {}
metron_agent:
zone: z1
route_registrar:
routes:
- health_check:
name: uaa-healthcheck
script_path: /var/vcap/jobs/uaa/bin/health_check
name: uaa
port: 8080
registration_interval: 4s
tags:
component: uaa
uris:
- uaa.10.60.18.186.xip.io
- '*.uaa.10.60.18.186.xip.io'
- login.10.60.18.186.xip.io
- '*.login.10.60.18.186.xip.io'
uaa:
proxy:
servers:
- 192.168.10.69
resource_pool: medium_z1
templates:
- name: uaa
release: cf
- name: metron_agent
release: cf
- name: consul_agent
release: cf
- name: route_registrar
release: cf
- name: statsd-injector
release: cf
update: {}
- instances: 0
name: uaa_z2
networks:
- name: cf2
properties:
consul:
agent:
services:
uaa: {}
metron_agent:
zone: z2
route_registrar:
routes:
- health_check:
name: uaa-healthcheck
script_path: /var/vcap/jobs/uaa/bin/health_check
name: uaa
port: 8080
registration_interval: 4s
tags:
component: uaa
uris:
- uaa.10.60.18.186.xip.io
- '*.uaa.10.60.18.186.xip.io'
- login.10.60.18.186.xip.io
- '*.login.10.60.18.186.xip.io'
uaa:
proxy:
servers:
- 192.168.10.69
resource_pool: medium_z2
templates:
- name: uaa
release: cf
- name: metron_agent
release: cf
- name: consul_agent
release: cf
- name: route_registrar
release: cf
- name: statsd-injector
release: cf
update: {}


Re: How shoulld I debug a blobstore error?

Ronak Banka
 

Eyal ,

In your final manifest , can you check what are the properties under
route-registrar for uaa job ?

https://github.com/cloudfoundry/cf-release/blob/master/templates/cf.yml#L194

On Tue, Jun 28, 2016 at 6:53 AM, Eyal Shalev <eshalev(a)cisco.com> wrote:

That works, but now I cannot connect the cf client.
I am getting a 404.
It does not explicilty say so in the docs, so I assuming that the API
endoint is:
https://api.domain_for_haproxy_node is this correct?

my client is not accessing cf from within the security groups (an
openstack limitation in the deployment that I use). As such I only opened
ports 80,443,4443 & 2222 in the firewall . [internally all tcp traffic is
enabled]

These are the commands that I ran (see the 404):

bosh vms
RSA 1024 bit CA certificates are loaded due to old openssl compatibility
Acting as user 'admin' on 'my-bosh'
Deployment 'ENVIRONMENT'

Director task 33

Task 33 done


+---------------------------------------------------------------------------+---------+-----+-----------+---------------+
| VM
| State | AZ | VM Type | IPs |

+---------------------------------------------------------------------------+---------+-----+-----------+---------------+
| api_worker_z1/0 (e9f91b0e-ad01-4053-975f-47715023b4cb)
| running | n/a | small_z1 | 192.168.10.56 |
| api_z1/0 (34bf56c5-5bcc-496c-859d-c56a917a8901)
| running | n/a | large_z1 | 192.168.10.54 |
| blobstore_z1/0 (4f12e375-1003-4a66-ac8b-a5eb5571f920)
| running | n/a | medium_z1 | 192.168.10.52 |
| clock_global/0 (f099a159-9ae2-4d92-b88b-d0d55fdd5f3e)
| running | n/a | medium_z1 | 192.168.10.55 |
| consul_z1/0 (ff08d8b8-fbba-474c-9640-a03577acf586)
| running | n/a | small_z1 | 192.168.10.76 |
| doppler_z1/0 (437a1ab7-b6b8-4ae2-be0f-cd75b62b8228)
| running | n/a | medium_z1 | 192.168.10.59 |
| etcd_z1/0 (a2527fc7-3e3e-489c-8ea0-cd3a443f1c7d)
| running | n/a | medium_z1 | 192.168.10.72 |
| ha_proxy_z1/0 (e4fd4fdd-8d5e-4e85-90e5-6774f277c4a8)
| running | n/a | router_z1 | 192.168.10.64 |
|
| | | | 10.60.18.186 |
| hm9000_z1/0 (14d70eac-2687-4961-99f7-3f3f8f4e55c8)
| running | n/a | medium_z1 | 192.168.10.57 |
| loggregator_trafficcontroller_z1/0
(ea59e739-15f9-4149-8d1a-cca3b1fbfb55) | running | n/a | small_z1 |
192.168.10.60 |
| nats_z1/0 (7a31a162-e5a3-4b29-82f8-fe76897d587d)
| running | n/a | medium_z1 | 192.168.10.66 |
| postgres_z1/0 (8ed03c6f-8ea5-403a-bbb5-f1bc091b96b4)
| running | n/a | medium_z1 | 192.168.10.68 |
| router_z1/0 (9749bd15-48f3-4b7d-a82e-d0aac34554fe)
| running | n/a | router_z1 | 192.168.10.69 |
| runner_z1/0 (54e20fba-3185-45d2-9f3b-8da00de495f5)
| running | n/a | runner_z1 | 192.168.10.58 |
| stats_z1/0 (9a107f21-7eb3-4df8-ac7b-13bd1d709e1f)
| running | n/a | small_z1 | 192.168.10.51 |
| uaa_z1/0 (9b58319d-451a-4726-a4bf-e9431a467f47)
| running | n/a | medium_z1 | 192.168.10.53 |

+---------------------------------------------------------------------------+---------+-----+-----------+---------------+

VMs total: 16


cf api api.10.60.18.186.xip.io --skip-ssl-validation
Setting api endpoint to api.10.60.18.186.xip.io...
OK


API endpoint: https://api.10.60.18.186.xip.io (API version: 2.56.0)
Not logged in. Use 'cf login' to log in.



cf -v login --skip-ssl-validation
API endpoint: https://api.10.60.18.186.xip.io

REQUEST: [2016-06-27T21:36:51Z]
GET /v2/info HTTP/1.1
Host: api.10.60.18.186.xip.io
Accept: application/json
Content-Type: application/json
User-Agent: go-cli 6.19.0+b29b4e0 / linux



RESPONSE: [2016-06-27T21:36:51Z]
HTTP/1.1 200 OK
Content-Length: 580
Content-Type: application/json;charset=utf-8
Date: Mon, 27 Jun 2016 21:36:57 GMT
Server: nginx
X-Content-Type-Options: nosniff
X-Vcap-Request-Id: 9170d9a4-3dce-45aa-7576-377a6d9c2940
X-Vcap-Request-Id:
9170d9a4-3dce-45aa-7576-377a6d9c2940::a4533964-ae04-4aa1-93ef-4626f4336187

{"name":"","build":"","support":"http://support.cloudfoundry.com
","version":0,"description":"","authorization_endpoint":"
http://login.sysdomain.10.60.18.186.xip.io","token_endpoint":"
https://uaa.10.60.18.186.xip.io
","min_cli_version":null,"min_recommended_cli_version":null,"api_version":"2.56.0","app_ssh_endpoint":"
ssh.sysdomain.10.60.18.186.xip.io:2222
","app_ssh_host_key_fingerprint":null,"app_ssh_oauth_client":"ssh-proxy","logging_endpoint":"wss://
loggregator.sysdomain.10.60.18.186.xip.io:4443
","doppler_logging_endpoint":"wss://
doppler.sysdomain.10.60.18.186.xip.io:4443"}

REQUEST: [2016-06-27T21:36:52Z]
GET /login HTTP/1.1
Host: login.sysdomain.10.60.18.186.xip.io
Accept: application/json
Content-Type: application/json
User-Agent: go-cli 6.19.0+b29b4e0 / linux



RESPONSE: [2016-06-27T21:36:52Z]
HTTP/1.1 404 Not Found
Content-Length: 87
Content-Type: text/plain; charset=utf-8
Date: Mon, 27 Jun 2016 21:36:57 GMT
X-Cf-Routererror: unknown_route
X-Content-Type-Options: nosniff
X-Vcap-Request-Id: 4419650f-6a06-4b9d-5475-0f2790934fd5

404 Not Found: Requested route ('login.sysdomain.10.60.18.186.xip.io')
does not exist.



API endpoint: https://api.10.60.18.186.xip.io (API version: 2.56.0)
Not logged in. Use 'cf login' to log in.
FAILED
Server error, status code: 404, error code: , message:


Emitting service instance logs to dopplr

Dr Nic Williams <drnicwilliams@...>
 

Has anyone implemented (and has some sample code/OSS project) for a service broker implementation to emit logs/events back into dopplr for each service binding's app?
Nic


Spring OAuth not retrieving scopes from UAA

Bryan Perino
 

Hello All,

Brand new to Cloud Foundry. I have hooked up a Spring Cloud Application to a UAA server and gotten it to authenticate properly. However, I noticed that none of the scopes that I defined in uaa.yml for the user are showing up in the resource server backend.

Here is a link to the debugging session of what I can see: http://imgur.com/6wTYpQD
Here is the code I am debugging:

@RequestMapping("/")
public Message home(OAuth2Authentication principal) {
System.out.println(principal.getName());
return new Message("Hello World");
}

The screenshot is the value of the 'principal' variable. I have set the Spring Security yml variables for the resource server like so:

security:
oauth2:
resource:
userInfoUri: http://localhost:8080/uaa/userinfo

and here is the relevant parts from the uaa.yml:

https://gist.github.com/bryantp/2bfc4538f36f28ba285fda84c59b89f8

Thanks for any help.

4161 - 4180 of 9425