Date   

Re: Encryption method of CF CLI when running commands

James Bayer
 

the "cf api api.SYSTEMDOMAIN" command requires https with a valid cert
unless you use the flag that bypasses that.

$ cf api api.example.com
Setting api endpoint to api.example.com...
FAILED
Invalid SSL Cert for api.example.com
TIP: Use 'cf api --skip-ssl-validation' to continue with an insecure API
endpoint

once targeted, you can see the other endpoint protocols by looking at the
/v2/info endpoint. the default settings are to use HTTPS everywhere.
whether you use a valid cert or not depends on how you configure the
server-side and whether you instruct the cli to ignore the cert checking.

e.g. this is for run.pivotal.io which uses secure transports for the UAA
(where your user/pw is sent unless you're using a SAML endpoint with "cf
login --sso") and getting the logs out of the system.

cf curl /v2/info

{
"name": "vcap",
"build": "2222",
"support": "http://support.cloudfoundry.com",
"version": 2,
"description": "Cloud Foundry sponsored by Pivotal",
"authorization_endpoint": "https://login.run.pivotal.io",
"token_endpoint": "https://uaa.run.pivotal.io",
"min_cli_version": null,
"min_recommended_cli_version": null,
"api_version": "2.33.0",
"app_ssh_endpoint": "ssh.run.pivotal.io:2222",
"app_ssh_host_key_fingerprint": null,
"logging_endpoint": "wss://loggregator.run.pivotal.io:4443",
"doppler_logging_endpoint": "wss://doppler.run.pivotal.io:443"
}

On Fri, Jul 17, 2015 at 9:55 AM, César Iván . <cesar_k13(a)hotmail.com> wrote:

Hi everyone,

I'm going to try to develop a plugin that uses the CF CLI, but I'm a bit
worried about security, so the question is, what type of encryption uses
the CF CLI when running commands?

i.e: when I run the *login *command I need to type my user and pass, how
does it transport data from the server to the client and vice versa?

Thanks!

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

--
Thank you,

James Bayer


Re: Introducing OSS Release Integration Team

Amit Kumar Gupta
 

It's just a historical oddity.

Well before it was clear that there was going to be a "MEGA" team with the
specific mandates set out above, we knew we had this big set of interrated
problems, cf-release being too monolithic, etc. Informally these set of
problems were referred to as "MEGA". The name stuck in people's heads and
conversations, as the actual name and responsibilities of the team
eventually got clarified.

It's similar to Diego in a way. Originally thought/discussed as a rewrite
of the DEA in Go, that description would now be considered misleading as
the project is so much more than that.

We're open to backronym suggestions for what MEGA could stand for though ;).

Amit

On Fri, Jul 17, 2015 at 3:51 AM, Noburou TANIGUCHI <dev(a)nota.m001.jp> wrote:

A useless question: Why is the team called MEGA?

There is no 'M' 'E' 'G' 'A' in the initial characters of 'The OSS Release
Integration team.'



--
View this message in context:
http://cf-dev.70369.x6.nabble.com/cf-dev-Introducing-OSS-Release-Integration-Team-tp757p764.html
Sent from the CF Dev mailing list archive at Nabble.com.
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


Encryption method of CF CLI when running commands

César Iván . <cesar_k13 at hotmail.com...>
 

Hi everyone,

I'm going to try to develop a plugin that uses the CF CLI, but I'm a bit worried about security, so the question is, what type of encryption uses the CF CLI when running commands?

i.e: when I run the login command I need to type my user and pass, how does it transport data from the server to the client and vice versa?

Thanks!


Re: java buildpack debugging - how to pass memory value without manifest file ...

Vish
 

That worked. Thanks a lot Dan.
Regards,Vish

On Friday, 17 July 2015 6:38 PM, Daniel Mikusa <dmikusa(a)pivotal.io> wrote:


On Fri, Jul 17, 2015 at 8:48 AM, Vishwanath V <thelinuxguyis(a)yahoo.co.in> wrote:

Hi Team,
I am trying to customize the java build-pack with oracle jre.
however, when trying to debug it locally , using the below commands  :

export VCAP_APPLICATION="{}"
export VCAP_SERVICES="{}"
export PORT=8080
cd ~/debug-javabuildpack/apps
JBP_LOG_LEVEL=DEBUG ../java-buildpack/bin/detect app/
JBP_LOG_LEVEL=DEBUG ../java-buildpack/bin/compile app/ tmp/

I am getting the below error :

[DownloadCache]                  DEBUG Validated content size 63819486 is 63819486
(10.5s)
       Expanding Oracle JRE to .java-buildpack/oracle_jre (1.6s)
[Droplet]                        DEBUG Resources /home/tux/debug-javabuildpack/java-buildpack/resources/oracle_jre found
[DownloadCache]                  DEBUG Validated content size 2406200 is 2406200
.
.
.
(4.0s)
       -totMemory must be specified
[Buildpack]                      ERROR Compile failed with exception RuntimeError


Question:  How can I pass Memory value without a manifest.yml file ?

Set an environment variable called `MEMORY_LIMIT`.  When the build pack runs it'll look at that env variable to see the max memory assigned to the container.
Dan 

Regards,Vish.

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


Re: Did anybody deploy a wiki as app to CF?

Daniel Mikusa
 

On Fri, Jul 17, 2015 at 2:08 AM, James Bayer <jbayer(a)pivotal.io> wrote:

this shows how to use drupal which is a cms with wiki functions
http://blog.pivotal.io/pivotal-cloud-foundry/products/how-to-deploy-drupal-to-pivotal-cf-within-seconds
Be careful with this. It uses a custom build pack (fork of standard PHP
BP) and last I saw, it wasn't updated for `cflinuxfs2`.

Dan




if you're in a private deployment, the services shown for drupal are both
available as oss and listed on bosh.io.

mediawiki is a php app with mysql as an option:
https://www.mediawiki.org

but i'm not aware of install instructions for that. there are other
options here: https://en.wikipedia.org/wiki/List_of_wiki_software

On Fri, Jul 10, 2015 at 3:09 PM, jtuchscherer(a)pivotal.io <
jtuchscherer(a)pivotal.io> wrote:

Hi Stephan,

I managed to get an instiki(instiki.org) instance up and running on PWS.
I
had to change a few things to get it to work and even with those changes,
it
isn't great yet. For example, uploaded files are stored locally in the
Warden container. Therefore, they get lost when the app is restarted. But
it
wouldn't be to hard to change the code to use an S3 bucket as a storage
solution, I just didn't bother yet.

I will clean up my local changes and document them, then I'll push them up
to github.

P.S.: I also looked for some other open source wiki engines. I didn't
find a
single one that could be deployed to CF (or any other PaaS) without major
changes.



--
View this message in context:
http://cf-dev.70369.x6.nabble.com/cf-dev-Did-anybody-deploy-a-wiki-as-app-to-CF-tp643p680.html
Sent from the CF Dev mailing list archive at Nabble.com.
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


--
Thank you,

James Bayer

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


Re: Assigning Role to Group

Daniel Mikusa
 

On Fri, Jul 17, 2015 at 6:40 AM, Zakharov Alexey <
alexey.zakharov(a)altoros.com> wrote:

Hi guys!
Sorry if my question is newbie or it was discussed before.
I want to use LDAP for users authentication/authorisation. And I’ve
successfully bound CF to LDAP, and managed to configure uaac group mappings.
But then I realised, that there are no way to assign a Role to that group.
'cf set-org-role’ accepts only usernames as parameter, but not groups. I
think assigning Developer role to group is more flexible than assigning is
to every particular user.
Are you going to add this feature later? Or maybe there is an another way
to do group binding?
Have you looked at the `uaac` tool? I'm not quite sure I understand what
you're trying to do, but you can map an LDAP group DN to a UAA group with
`uaac`. Then if a user in that LDAP group logs in, they'll have that uaa
group. Is that what you're looking to do?

Ex:

uaac group map --name cloud_controller.admin "GROUP-DISTINGUISHED-NAME"

Or are you asking about mapping LDAP groups to CF org & space roles? i.e.
user in ldap group X is automatically given the OrgManager role in org Y.

Dan


Thanks for your time.


---
Alexey Zakharov | CloudFoundry Team | Altoros
Tel: (617) 841-2121 ext. 5704 | Toll free: 855-ALTOROS
Fax: (866) 201-3646 | Skype: alexey.zakharov.a
www.altoros.com | blog.altoros.com | twitter.com/altoros

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


Re: java buildpack debugging - how to pass memory value without manifest file ...

Daniel Mikusa
 

On Fri, Jul 17, 2015 at 8:48 AM, Vishwanath V <thelinuxguyis(a)yahoo.co.in>
wrote:

Hi Team,

I am trying to customize the java build-pack with oracle jre.

however, when trying to debug it locally , using the below commands :







*export VCAP_APPLICATION="{}"export VCAP_SERVICES="{}"export PORT=8080cd
~/debug-javabuildpack/appsJBP_LOG_LEVEL=DEBUG ../java-buildpack/bin/detect
app/JBP_LOG_LEVEL=DEBUG ../java-buildpack/bin/compile app/ tmp/*

I am getting the below error :

[DownloadCache] DEBUG Validated content size 63819486 is
63819486
(10.5s)
Expanding Oracle JRE to .java-buildpack/oracle_jre (1.6s)
[Droplet] DEBUG Resources
/home/tux/debug-javabuildpack/java-buildpack/resources/oracle_jre found
[DownloadCache] DEBUG Validated content size 2406200 is
2406200
.
.
.
(4.0s)
-*totMemory* must be specified
[Buildpack] ERROR Compile failed with exception
RuntimeError


Question: How can I pass *Memory* value without a manifest.yml file ?
Set an environment variable called `MEMORY_LIMIT`. When the build pack
runs it'll look at that env variable to see the max memory assigned to the
container.

Dan



Regards,
Vish.

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


java buildpack debugging - how to pass memory value without manifest file ...

Vish
 

Hi Team,
I am trying to customize the java build-pack with oracle jre.
however, when trying to debug it locally , using the below commands  :

export VCAP_APPLICATION="{}"
export VCAP_SERVICES="{}"
export PORT=8080
cd ~/debug-javabuildpack/apps
JBP_LOG_LEVEL=DEBUG ../java-buildpack/bin/detect app/
JBP_LOG_LEVEL=DEBUG ../java-buildpack/bin/compile app/ tmp/

I am getting the below error :

[DownloadCache]                  DEBUG Validated content size 63819486 is 63819486
(10.5s)
       Expanding Oracle JRE to .java-buildpack/oracle_jre (1.6s)
[Droplet]                        DEBUG Resources /home/tux/debug-javabuildpack/java-buildpack/resources/oracle_jre found
[DownloadCache]                  DEBUG Validated content size 2406200 is 2406200
.
.
.
(4.0s)
       -totMemory must be specified
[Buildpack]                      ERROR Compile failed with exception RuntimeError


Question:  How can I pass Memory value without a manifest.yml file ?
Regards,Vish.


Re: CF client library

Noburou TANIGUCHI
 

One(?) thing I want to know about this issue is what (or which) way the major
public service providers (Pivotal, IBM, HP, Anynines, etc.) do.

If you can tell, please let me know.



--
View this message in context: http://cf-dev.70369.x6.nabble.com/CF-client-library-tp712p765.html
Sent from the CF Dev mailing list archive at Nabble.com.


Re: Introducing OSS Release Integration Team

Noburou TANIGUCHI
 

A useless question: Why is the team called MEGA?

There is no 'M' 'E' 'G' 'A' in the initial characters of 'The OSS Release
Integration team.'



--
View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-Introducing-OSS-Release-Integration-Team-tp757p764.html
Sent from the CF Dev mailing list archive at Nabble.com.


Assigning Role to Group

Zakharov Alexey <alexey.zakharov@...>
 

Hi guys!
Sorry if my question is newbie or it was discussed before.
I want to use LDAP for users authentication/authorisation. And I’ve successfully bound CF to LDAP, and managed to configure uaac group mappings.
But then I realised, that there are no way to assign a Role to that group.
'cf set-org-role’ accepts only usernames as parameter, but not groups. I think assigning Developer role to group is more flexible than assigning is to every particular user.
Are you going to add this feature later? Or maybe there is an another way to do group binding?
Thanks for your time.


---
Alexey Zakharov | CloudFoundry Team | Altoros
Tel: (617) 841-2121 ext. 5704 | Toll free: 855-ALTOROS
Fax: (866) 201-3646 | Skype: alexey.zakharov.a
www.altoros.com | blog.altoros.com | twitter.com/altoros


Re: Introducing OSS Release Integration Team

Cornelia Davis <cdavis@...>
 

Thought so. :-)

Great news. Thanks for the detailed overview Amit!

Cornelia

Sent from my iPhone

On Jul 16, 2015, at 10:37 PM, Amit Gupta <agupta(a)pivotal.io> wrote:

Ah, copy-paste fail! Zak is a Pivotal engineer, not IBM.

On Thu, Jul 16, 2015 at 7:33 PM, Amit Gupta <agupta(a)pivotal.io> wrote:
Hi all,

As some of you may already be aware, the Runtime team has recently been refactored:

- The "CAPI" team will be responsible for the Cloud Controller and Services API
- The Routing team will be responsible for work on routing, including the existing Gorouter component and new work on TCP routing
- The OSS Release Integration team (MEGA) will be primarily responsible for the integration of all components

There is a little more to that last one, so I'd like to share our mandate document and open it up to questions, comments, and clarifications. A rough draft had been previously shared with the community. We have since gathered feedback and held a team Inception to socialize our goals and refine our mandate:

https://docs.google.com/document/d/1WmA174FR6p2G0WJqUQ336wzWaYWgBEwBtFJz7uKFSdo/edit#

I'd also like to introduce the members of the new OSS Release Integration team, so our names don't look unfamiliar when we respond to your issues, pull requests, and mailing list messages.

Joseph Palermo, Technical Lead, Pivotal
Dan Lavine, Software Engineer, IBM
Zak Auerbach, Software Engineer, IBM
Duncan Winn, Solutions Engineer, Pivotal
Amit Gupta, PM, Pivotal

Thanks,
Amit
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


Re: Did anybody deploy a wiki as app to CF?

James Bayer
 

this shows how to use drupal which is a cms with wiki functions
http://blog.pivotal.io/pivotal-cloud-foundry/products/how-to-deploy-drupal-to-pivotal-cf-within-seconds

if you're in a private deployment, the services shown for drupal are both
available as oss and listed on bosh.io.

mediawiki is a php app with mysql as an option:
https://www.mediawiki.org

but i'm not aware of install instructions for that. there are other options
here: https://en.wikipedia.org/wiki/List_of_wiki_software

On Fri, Jul 10, 2015 at 3:09 PM, jtuchscherer(a)pivotal.io <
jtuchscherer(a)pivotal.io> wrote:

Hi Stephan,

I managed to get an instiki(instiki.org) instance up and running on PWS. I
had to change a few things to get it to work and even with those changes,
it
isn't great yet. For example, uploaded files are stored locally in the
Warden container. Therefore, they get lost when the app is restarted. But
it
wouldn't be to hard to change the code to use an S3 bucket as a storage
solution, I just didn't bother yet.

I will clean up my local changes and document them, then I'll push them up
to github.

P.S.: I also looked for some other open source wiki engines. I didn't find
a
single one that could be deployed to CF (or any other PaaS) without major
changes.



--
View this message in context:
http://cf-dev.70369.x6.nabble.com/cf-dev-Did-anybody-deploy-a-wiki-as-app-to-CF-tp643p680.html
Sent from the CF Dev mailing list archive at Nabble.com.
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


--
Thank you,

James Bayer


Re: 3 etcd nodes don't work well in single zone

Tony
 

Hi James,

Thank you for reply.

I think I didn't describe it clearly. Sorry about that.

The CentOS 6.5 is the OS underlying our OpenStack.

And we are using Ubuntu Trusty stemcell.
(bosh-openstack-kvm-ubuntu-trusty-go_agent)

Regards,
Tony



--
View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-3-etcd-nodes-don-t-work-well-in-single-zone-tp746p760.html
Sent from the CF Dev mailing list archive at Nabble.com.


Re: 3 etcd nodes don't work well in single zone

James Bayer
 

cf project does not support or test cf-release with centos6.5, only ubuntu
14.04.

etcd nodes should not necessarily be aware of which AZs they are in. the
only difference might be in the bosh manifests if they are in different
zones they likely have different job names and you'd need to ensure that
despite the different job names that they were configured to find each
other correctly.

On Thu, Jul 16, 2015 at 6:51 PM, Tony <Tonyl(a)fast.au.fujitsu.com> wrote:

Hi Amit,

Let me explain the error I got in details.

My env info:
CentOS 6.5,
Openstack Icehouse,
Single-AZ
2 hm9000 instances,
3 etcd instances,


Manifest:
- name: etcd_z1
instances: 3
networks:
- name: cf1
static_ips:
- 100.64.1.21
- 100.64.1.22
- 100.64.1.23
persistent_disk: 10024
properties:
metron_agent:
deployment: metron_agent.deployment
zone: z1
networks:
apps: cf1
etcd:
election_timeout_in_milliseconds: 1000
heartbeat_interval_in_milliseconds: 50
log_sync_timeout_in_seconds: 30
resource_pool: medium_z1
templates:
- name: etcd
release: cf
- name: etcd_metrics_server
release: cf
- name: metron_agent
release: cf
update: {}

properties:
etcd:
machines:
- 100.64.1.21
- 100.64.1.22
- 100.64.1.23
etcd_metrics_server:
nats:
machines:
- 100.64.1.11
- 100.64.1.12
...


I cf push dora app with 2 instances
(
https://github.com/cloudfoundry/cf-acceptance-tests/tree/master/assets/dora
)

And I can always get response from it. (curl dora.runmyapp.io --> "Hi,
I'm
Dora")
The app runs well.

Then I "cf app dora" and got
...
requested state: started
instances: ?/2
...

Then I "cf app dora" again after about 1 minute, and got
...
requested state: started
instances: 2/2
...

The instances' number varies between ?/2 and 2/2 after that.

I also wrote a small script to send "cf app dora" every second and check
the
instances' number.
if the number changed, then record it.

Wed Jul 15 06:50:57 UTC 2015 instances: ?/2 (32s)

Wed Jul 15 06:51:29 UTC 2015 instances: 2/2 (6s)

Wed Jul 15 06:51:35 UTC 2015 instances: ?/2 (1m30s)

Wed Jul 15 06:53:05 UTC 2015 instances: 2/2 (17s)

Wed Jul 15 06:53:22 UTC 2015 instances: ?/2 (3m40s)

Wed Jul 15 06:57:02 UTC 2015 instances: 2/2 (21s)

Wed Jul 15 06:57:23 UTC 2015 instances: ?/2 (2m4s)

Wed Jul 15 06:59:27 UTC 2015 instances: 2/2
...


From above we can see that:
1. instance number varies between ?/2 and 2/2
2. "?/2" can be got more often than "2/2"


The app instances' number is always "2/2" when there is only one etcd
instance.
So I reckon the problem is in multi etcd instances.


Other things I tried, but none of them works:

1. Stop etcd service on one etcd vm(monit stop etcd).

2. restart 3 etcd services one by one

3. restart all 3 etcd vms(terminate vms and let them restart
automatically.)

4. Restart two hm9000 vms

5. Restart haproxy(because I don’t know whether the “for HA” means
haproxy)
http://bosh.io/releases/github.com/cloudfoundry/cf-release?version=210
Upgrade etcd server to 2.0.1 details
Should be run as 1 node (for small deployments) or 3 nodes spread across
zones (for HA)

6. Add these properties according to

http://bosh.io/jobs/etcd?source=github.com/cloudfoundry/cf-release&version=210
election_timeout_in_milliseconds: 1000
heartbeat_interval_in_milliseconds: 50
log_sync_timeout_in_seconds: 30


Anyway, it doesn't work when "- three instances in a one-zone deployment,
will all three instances in the same zone " as you mentioned.

Do you have any suggestion about it? Or is there any mistake in my
manifest?

Thanks,
Tony



--
View this message in context:
http://cf-dev.70369.x6.nabble.com/cf-dev-3-etcd-nodes-don-t-work-well-in-single-zone-tp746p756.html
Sent from the CF Dev mailing list archive at Nabble.com.
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
--
Thank you,

James Bayer


Re: Introducing OSS Release Integration Team

Amit Kumar Gupta
 

Ah, copy-paste fail! Zak is a Pivotal engineer, not IBM.

On Thu, Jul 16, 2015 at 7:33 PM, Amit Gupta <agupta(a)pivotal.io> wrote:

Hi all,

As some of you may already be aware, the Runtime team has recently been
refactored:

- The "CAPI" team will be responsible for the Cloud Controller and
Services API
- The Routing team will be responsible for work on routing, including the
existing Gorouter component and new work on TCP routing
- The OSS Release Integration team (MEGA) will be primarily responsible
for the integration of all components

There is a little more to that last one, so I'd like to share our mandate
document and open it up to questions, comments, and clarifications. A
rough draft had been previously shared with the community. We have since
gathered feedback and held a team Inception to socialize our goals and
refine our mandate:


https://docs.google.com/document/d/1WmA174FR6p2G0WJqUQ336wzWaYWgBEwBtFJz7uKFSdo/edit#

I'd also like to introduce the members of the new OSS Release Integration
team, so our names don't look unfamiliar when we respond to your issues,
pull requests, and mailing list messages.

Joseph Palermo, Technical Lead, Pivotal
Dan Lavine, Software Engineer, IBM
Zak Auerbach, Software Engineer, IBM
Duncan Winn, Solutions Engineer, Pivotal
Amit Gupta, PM, Pivotal

Thanks,
Amit


Introducing OSS Release Integration Team

Amit Kumar Gupta
 

Hi all,

As some of you may already be aware, the Runtime team has recently been
refactored:

- The "CAPI" team will be responsible for the Cloud Controller and Services
API
- The Routing team will be responsible for work on routing, including the
existing Gorouter component and new work on TCP routing
- The OSS Release Integration team (MEGA) will be primarily responsible for
the integration of all components

There is a little more to that last one, so I'd like to share our mandate
document and open it up to questions, comments, and clarifications. A
rough draft had been previously shared with the community. We have since
gathered feedback and held a team Inception to socialize our goals and
refine our mandate:

https://docs.google.com/document/d/1WmA174FR6p2G0WJqUQ336wzWaYWgBEwBtFJz7uKFSdo/edit#

I'd also like to introduce the members of the new OSS Release Integration
team, so our names don't look unfamiliar when we respond to your issues,
pull requests, and mailing list messages.

Joseph Palermo, Technical Lead, Pivotal
Dan Lavine, Software Engineer, IBM
Zak Auerbach, Software Engineer, IBM
Duncan Winn, Solutions Engineer, Pivotal
Amit Gupta, PM, Pivotal

Thanks,
Amit


Re: 3 etcd nodes don't work well in single zone

Tony
 

Hi Amit,

Let me explain the error I got in details.

My env info:
CentOS 6.5,
Openstack Icehouse,
Single-AZ
2 hm9000 instances,
3 etcd instances,


Manifest:
- name: etcd_z1
instances: 3
networks:
- name: cf1
static_ips:
- 100.64.1.21
- 100.64.1.22
- 100.64.1.23
persistent_disk: 10024
properties:
metron_agent:
deployment: metron_agent.deployment
zone: z1
networks:
apps: cf1
etcd:
election_timeout_in_milliseconds: 1000
heartbeat_interval_in_milliseconds: 50
log_sync_timeout_in_seconds: 30
resource_pool: medium_z1
templates:
- name: etcd
release: cf
- name: etcd_metrics_server
release: cf
- name: metron_agent
release: cf
update: {}

properties:
etcd:
machines:
- 100.64.1.21
- 100.64.1.22
- 100.64.1.23
etcd_metrics_server:
nats:
machines:
- 100.64.1.11
- 100.64.1.12
...


I cf push dora app with 2 instances
(https://github.com/cloudfoundry/cf-acceptance-tests/tree/master/assets/dora)

And I can always get response from it. (curl dora.runmyapp.io --> "Hi, I'm
Dora")
The app runs well.

Then I "cf app dora" and got
...
requested state: started
instances: ?/2
...

Then I "cf app dora" again after about 1 minute, and got
...
requested state: started
instances: 2/2
...

The instances' number varies between ?/2 and 2/2 after that.

I also wrote a small script to send "cf app dora" every second and check the
instances' number.
if the number changed, then record it.

Wed Jul 15 06:50:57 UTC 2015 instances: ?/2 (32s)

Wed Jul 15 06:51:29 UTC 2015 instances: 2/2 (6s)

Wed Jul 15 06:51:35 UTC 2015 instances: ?/2 (1m30s)

Wed Jul 15 06:53:05 UTC 2015 instances: 2/2 (17s)

Wed Jul 15 06:53:22 UTC 2015 instances: ?/2 (3m40s)

Wed Jul 15 06:57:02 UTC 2015 instances: 2/2 (21s)

Wed Jul 15 06:57:23 UTC 2015 instances: ?/2 (2m4s)

Wed Jul 15 06:59:27 UTC 2015 instances: 2/2
...


From above we can see that:
1. instance number varies between ?/2 and 2/2
2. "?/2" can be got more often than "2/2"


The app instances' number is always "2/2" when there is only one etcd
instance.
So I reckon the problem is in multi etcd instances.


Other things I tried, but none of them works:

1. Stop etcd service on one etcd vm(monit stop etcd).

2. restart 3 etcd services one by one

3. restart all 3 etcd vms(terminate vms and let them restart
automatically.)

4. Restart two hm9000 vms

5. Restart haproxy(because I don’t know whether the “for HA” means haproxy)
http://bosh.io/releases/github.com/cloudfoundry/cf-release?version=210
Upgrade etcd server to 2.0.1 details
Should be run as 1 node (for small deployments) or 3 nodes spread across
zones (for HA)

6. Add these properties according to
http://bosh.io/jobs/etcd?source=github.com/cloudfoundry/cf-release&version=210
election_timeout_in_milliseconds: 1000
heartbeat_interval_in_milliseconds: 50
log_sync_timeout_in_seconds: 30


Anyway, it doesn't work when "- three instances in a one-zone deployment,
will all three instances in the same zone " as you mentioned.

Do you have any suggestion about it? Or is there any mistake in my manifest?

Thanks,
Tony



--
View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-3-etcd-nodes-don-t-work-well-in-single-zone-tp746p756.html
Sent from the CF Dev mailing list archive at Nabble.com.


Re: 3 etcd nodes don't work well in single zone

Tony
 

Hi Amit,

Thank you very much for your clear explanation.

I got the release info(I called it "release Note") from CF release 210,
http://bosh.io/releases/github.com/cloudfoundry/cf-release?version=210

In the "NOTES" part, there is "Upgrade etcd server to 2.0.1" where you can
see
"Should be run as 1 node (for small deployments) or 3 nodes spread across
zones (for HA)"


I will do more test about the third one:
- three instances in a one-zone deployment, will all three instances in the
same zone

Thanks.

Tony




--
View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-3-etcd-nodes-don-t-work-well-in-single-zone-tp746p755.html
Sent from the CF Dev mailing list archive at Nabble.com.


Re: 3 etcd nodes don't work well in single zone

Amit Kumar Gupta
 

Hi Gwenn,

Can you elaborate? Are you saying you've actually deployed 3 etcd nodes to
1 zone and you're currently experiencing problems? If so, can you give some
details on the problems?

Thanks,
Amit, CF OSS Release Integration PM
Pivotal Software, Inc.



--
View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-3-etcd-nodes-don-t-work-well-in-single-zone-tp746p754.html
Sent from the CF Dev mailing list archive at Nabble.com.

8621 - 8640 of 9426