Date   

Re: Allow gorouter to log random headers.

Shannon Coen
 

This is not something that would be merged, as originally proposed, without
additional investigation and discussion.

If I understand correctly, you're proposing that an operator of
CloudFoundry configure GoRouter, which is a multi-tenant, shared service,
with knowledge specific to one or a few applications. This should not be an
operator responsibility, nor should the solution be specific to one or a
few applications.

The goal is "the flexibility of being able to annotate our logs with what
we consider to be important for our debugging purposes." More specifically
you're requesting logging of headers. Do you have a preference?

If GoRouter logged whatever headers were included in the request, wouldn't
this satisfy your requirements? Doesn't GoRouter do this already?

I'm interested in solving your requirement generically for all
applications, and focussing the user experience on the correct persona.
Based on what you've described, the persona is the app developer, so
control of what is logged should be in their hands. I'm also not convinced
GoRouter should have any knowledge of headers specific to one application
or another.





Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

On Wed, Jul 22, 2015 at 3:05 AM, Alex Lomov <alexander.lomov(a)altoros.com>
wrote:

Some time ago routing services were discussed on a CAB [1]. Here is a
description of this proposal.

Do you think that using such service will allow your developers to cover
this requirements?

[1]
http://www.activestate.com/blog/2015/02/cloud-foundry-advisory-board-meeting-2015-february
[2]
https://docs.google.com/document/d/1bGOQxiKkmaw6uaRWGd-sXpxL0Y28d3QihcluI15FiIA/edit#heading=h.8djffzes9pnb

On Jul 21, 2015, at 4:06 PM, Simon Johansson <simon(a)simonjohansson.com>
wrote:

Howdie!

We have some devs who want to be able to trace a request troughout their
applications.

user -> a -> b -> c
|
|-> d -> e

When a user makes a request to "a" uuid is generated inside the app, and
the request to "b" from "a" will set a header(call it WAKAWAKA to uuid),
"b"'s call will passthrough WAKAWAKA to "c" and "d", "d" will passthrough
WAKAWAKA to "e". Etc.

We aggregate all RTR logs into ELK so it would be super helpful to them to
be able to filter on WAKAWAKA and get all the access logs(and app logs
aswell, they mostly use GELF so its easy for them to add whatewher field
they want) from the services involved.

I had a quick peek at the gorouter(
https://github.com/cloudfoundry/gorouter/blob/76668f5818ea8c089ff52a14fcdfbf703c8e8767/access_log/access_log_record.go#L40)
and it seems like this should be a simple PR.

1. To gorouter.yml add
passthrough_headers:
- WAKAWAKA
- X-Random-Header

2. In makeRecord at the bottom add something like(in psuedo)

data = {}
for header in passthrough_headers:
header_val = r.FormatRequestHeader("X-Forwarded-For")
if header_val:
passthrough_headers[header] = header_val

if data:
fmt.Fprintf(b, data.to_stringified_json())

That would yield a log line like
blurgh.dev.cf.private.domain.com - [21/07/2015:10:17:05 +0000] "GET
/statements?ascending=true&since=2015-06-30T14%3A10%3A03.078Z&skipStatementId=30a88204-0779-4385-9859-e4aabd30baf0
HTTP/1.1" 200 0 17 "-" "NING/1.0" 10.230.31.2:46204 x_forwarded_for:"-"
vcap_request_id:1e58195a-cde6-4afd-7f03-43061c9ea91c
response_time:0.004927106 app_id:9784cd03-050d-4b74-9e90-5f17134a3f08
{"WAKAWAKA": "Space is the place", "X-Random-Header": "Once upon a midnight
dreary, while I pondered weak and weary"}

The reason for a stringified JSON is to make it easy to parse with
logstash or other loganalysis tools.

Before I spend time implementing, is this something you would merge?
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev



_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


Re: Allow gorouter to log random headers.

Guillaume Berche
 

Simon,

Some buildpacks such as java-buildpack and php, offer the ability to log
incoming http request and control format of the logs inc custom headers.
Would that help in your case ?

https://github.com/cloudfoundry/java-buildpack/issues/57
https://github.com/cloudfoundry/java-buildpack/blob/master/docs/container-tomcat.md#configuration

Guillaume.
Le 22 juil. 2015 11:50, "Simon Johansson" <simon(a)simonjohansson.com> a
écrit :

Well, from my point of view the customization is just adding the
flexibility of being able to annotate our logs with what we consider to be
important for our debugging purposes, a feature that is surely interesting
for other parties aswell. We are not interested in adding extra headers
into CF, just pulling headers from incoming requests(where the headers have
ben set elsewhere) to Gorouter into a doppler event. :)

On Wed, Jul 22, 2015 at 11:43 AM, Gwenn Etourneau <getourneau(a)pivotal.io>
wrote:

Simon I know what you want todo :) I am shinji62 lol
I am jsut afraid that you want to customize the platform and you will be
stuck with because other don't support custom header.

On Wed, Jul 22, 2015 at 6:36 PM, Simon Johansson <
simon(a)simonjohansson.com> wrote:

I feel that we are stearing this conversation into the wrong direction.

Gist it, I would like to with cf logs app / firehose-to-syslog see my
RTR-logs as

blurgh.dev.cf.private.domain.com - blablablab
vcap_request_id:1e58195a-cde6-4afd-7f03-43061c9ea91c
response_time:0.004927106 app_id:9784cd03-050d-4b74-9e90-5f17134a3f08
*{"X-Random-Header": "Once upon a midnight dreary, while I pondered weak
and weary", "Another-Header": "wryyyy"}*

By being able to tell Gorouter what headers Im interested in via the
manifest
logging:
add_extra_headers_if_available:
- X-Random-Header
- Another-Header
- This-header-will-only-be-in-1%-of-the-requests

Is this something you would be interested in mergin, I dont want to
implement it if there is no chance of it being merged.


On Wed, Jul 22, 2015 at 11:30 AM, Gwenn Etourneau <getourneau(a)pivotal.io
wrote:
So if you move to Heroku you will be able to change the platform ??? I
don't think so..
So you can put the new header from your app or at least the runtime
buildpack or docker.

Your application should be platform dependent that's why you need to
implement this header into your application to avoid any lock-in or forking
issue.

On Wed, Jul 22, 2015 at 6:27 PM, Simon Johansson <
simon(a)simonjohansson.com> wrote:

WAKAWAKA is just an example
But the difference is that WAKAWAKA is not platform specific whereas
X-Cf-Requestid is. If we want to move our app to Heroku, or a VM, or
whatewher we have platform specific implementation details in our
app(namely we rely on a header that is not there anymore). But that is not
the point of this thread.

The point is,

say we have an app that is fronted by a CDN, and the CDN sets the
X-Im-a-shark header with some value that we are interested to see in our
logs. The easiest way to achivie this without having to implement it into
our own apps is just to tell the Gorouter that it should append the value
of that header into the string that it logs so the event that flow via
Doppler and ultimately into cf logs/ELK will contain that value.

The reason why this would be such a valuable feature for us is that we
dont have to do anything. CF already provide the out of the box facility to
give us routing logs, so if we can piggy back on that for what we are
interested in we dont have to add libraries to our apps to log interesting
headers on the side.



On Wed, Jul 22, 2015 at 12:45 AM, Shannon Coen <scoen(a)pivotal.io>
wrote:

I don't see the difference between WAKAWAKA and X-Cf-Requestid.
Gorouter would have to add some header with a uuid for the request. Your
apps have to have logic to pass this header on, so that a log search
returns the original request as well as subsequent requests between apps.
Could you please clarify?

Thank you,

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

On Tue, Jul 21, 2015 at 11:09 AM, Simon Johansson <
simon(a)simonjohansson.com> wrote:

Sure that header can be used. But then we are adding CF specific
stuff into the implementation of our services, which is something we want
to avoid at all costs.
Also Im not entirely sure if all the libraries we use for Zipkin
supports using custom headers.

All our public apps are fronted by different CDNs, which sets
headers that we might want to store for debugging, so we still need a way
to pass those trough into the log.

On Tuesday, 21 July 2015, Shannon Coen <scoen(a)pivotal.io> wrote:

Hello Simon,

The X-Cf-Requestid header already provides a uuid. Couldn't app "a"
add the value of X-Cf-Requestid to a header of your choosing? Call it
WAKAWAKA or X-Random-Header, but it doesn't need to be a platform standard.
Wouldn't a search for the value of X-Cf-Requestid then provide the desired
results?

Thank you,
Shannon

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

On Tue, Jul 21, 2015 at 6:06 AM, Simon Johansson <
simon(a)simonjohansson.com> wrote:

Howdie!

We have some devs who want to be able to trace a request troughout
their applications.

user -> a -> b -> c
|
|-> d -> e

When a user makes a request to "a" uuid is generated inside the
app, and the request to "b" from "a" will set a header(call it WAKAWAKA to
uuid), "b"'s call will passthrough WAKAWAKA to "c" and "d", "d" will
passthrough WAKAWAKA to "e". Etc.

We aggregate all RTR logs into ELK so it would be super helpful to
them to be able to filter on WAKAWAKA and get all the access logs(and app
logs aswell, they mostly use GELF so its easy for them to add whatewher
field they want) from the services involved.

I had a quick peek at the gorouter(
https://github.com/cloudfoundry/gorouter/blob/76668f5818ea8c089ff52a14fcdfbf703c8e8767/access_log/access_log_record.go#L40)
and it seems like this should be a simple PR.

1. To gorouter.yml add
passthrough_headers:
- WAKAWAKA
- X-Random-Header

2. In makeRecord at the bottom add something like(in psuedo)

data = {}
for header in passthrough_headers:
header_val = r.FormatRequestHeader("X-Forwarded-For")
if header_val:
passthrough_headers[header] = header_val

if data:
fmt.Fprintf(b, data.to_stringified_json())

That would yield a log line like
blurgh.dev.cf.private.domain.com - [21/07/2015:10:17:05 +0000]
"GET
/statements?ascending=true&since=2015-06-30T14%3A10%3A03.078Z&skipStatementId=30a88204-0779-4385-9859-e4aabd30baf0
HTTP/1.1" 200 0 17 "-" "NING/1.0" 10.230.31.2:46204
x_forwarded_for:"-" vcap_request_id:1e58195a-cde6-4afd-7f03-43061c9ea91c
response_time:0.004927106 app_id:9784cd03-050d-4b74-9e90-5f17134a3f08
{"WAKAWAKA": "Space is the place", "X-Random-Header": "Once upon a midnight
dreary, while I pondered weak and weary"}

The reason for a stringified JSON is to make it easy to parse with
logstash or other loganalysis tools.

Before I spend time implementing, is this something you would
merge?

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


Re: Announcing support for Arbitrary Parameters and Service Instance Tags

john mcteague <john.mcteague@...>
 

Great news, we have been eagerly awaiting this feature.

John

On Thu, Jul 23, 2015 at 9:31 PM, Dieu Cao <dcao(a)pivotal.io> wrote:

On behalf of the CAPI team I'm pleased to announce support for Arbitrary
Parameters and Service Instance Tags, two features which extend the
possibilities for Cloud Foundry Marketplace service offerings, and provide
developers with increased flexibility in how services are consumed by
applications.

Support for Arbitrary Parameters is introduced with cf-release v209 and
CLI v6.12.1. This features enables service providers to support
user-provided configuration options with the create, update, and bind
service instance operations, and the create service key operation (stay
tuned for a forthcoming announcement of support for Service Keys).
Previously, this could only be achieved by providing many plans to cover
various combinations of configuration options, or to provide a service
instance dashboard that users can SSO into and adjust configuration options
after creation. Although the platform and CLI now support the feature,
service broker authors must implement support for the feature as described
in the Service Broker API v2.5 specification
<http://docs.cloudfoundry.org/services/api.html>.

Support for Instance Tags is introduced with cf-release v211 and CLI
v6.12.1. Since v2.0 of the Service Broker API, broker authors have be able
to provide tags for a service offering in the /v2/catalog endpoint that
Cloud Foundry delivers to applications in the VCAP_SERVICES Environment
Variable
<http://docs.cloudfoundry.org/devguide/deploy-apps/environment-variable.html#VCAP-SERVICES>.
These tags provide developers with a more generic way for applications to
parse VCAP_SERVICES for credentials. Developers may now provide their own
tags when creating or updating a service instance by including a
comma-separated list of tags with the -t flag.

Documentation:

- http://docs.cloudfoundry.org/services/api.html

- http://docs.cloudfoundry.org/devguide/services/managing-services.html

Special thanks to the former CF Services API team and Shannon for their
hard work on these features.

-Dieu
CF CAPI PM

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


Re: Announcing support for Arbitrary Parameters and Service Instance Tags

Juan Pablo Genovese
 

Nice! Thanks for the hard work!

2015-07-23 17:31 GMT-03:00 Dieu Cao <dcao(a)pivotal.io>:

On behalf of the CAPI team I'm pleased to announce support for Arbitrary
Parameters and Service Instance Tags, two features which extend the
possibilities for Cloud Foundry Marketplace service offerings, and provide
developers with increased flexibility in how services are consumed by
applications.

Support for Arbitrary Parameters is introduced with cf-release v209 and
CLI v6.12.1. This features enables service providers to support
user-provided configuration options with the create, update, and bind
service instance operations, and the create service key operation (stay
tuned for a forthcoming announcement of support for Service Keys).
Previously, this could only be achieved by providing many plans to cover
various combinations of configuration options, or to provide a service
instance dashboard that users can SSO into and adjust configuration options
after creation. Although the platform and CLI now support the feature,
service broker authors must implement support for the feature as described
in the Service Broker API v2.5 specification
<http://docs.cloudfoundry.org/services/api.html>.

Support for Instance Tags is introduced with cf-release v211 and CLI
v6.12.1. Since v2.0 of the Service Broker API, broker authors have be able
to provide tags for a service offering in the /v2/catalog endpoint that
Cloud Foundry delivers to applications in the VCAP_SERVICES Environment
Variable
<http://docs.cloudfoundry.org/devguide/deploy-apps/environment-variable.html#VCAP-SERVICES>.
These tags provide developers with a more generic way for applications to
parse VCAP_SERVICES for credentials. Developers may now provide their own
tags when creating or updating a service instance by including a
comma-separated list of tags with the -t flag.

Documentation:

- http://docs.cloudfoundry.org/services/api.html

- http://docs.cloudfoundry.org/devguide/services/managing-services.html

Special thanks to the former CF Services API team and Shannon for their
hard work on these features.

-Dieu
CF CAPI PM

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------
http://www.jpgenovese.com


Announcing support for Arbitrary Parameters and Service Instance Tags

Dieu Cao <dcao@...>
 

On behalf of the CAPI team I'm pleased to announce support for Arbitrary
Parameters and Service Instance Tags, two features which extend the
possibilities for Cloud Foundry Marketplace service offerings, and provide
developers with increased flexibility in how services are consumed by
applications.

Support for Arbitrary Parameters is introduced with cf-release v209 and CLI
v6.12.1. This features enables service providers to support user-provided
configuration options with the create, update, and bind service instance
operations, and the create service key operation (stay tuned for a
forthcoming announcement of support for Service Keys). Previously, this
could only be achieved by providing many plans to cover various
combinations of configuration options, or to provide a service instance
dashboard that users can SSO into and adjust configuration options after
creation. Although the platform and CLI now support the feature, service
broker authors must implement support for the feature as described in
the Service
Broker API v2.5 specification
<http://docs.cloudfoundry.org/services/api.html>.

Support for Instance Tags is introduced with cf-release v211 and CLI
v6.12.1. Since v2.0 of the Service Broker API, broker authors have be able
to provide tags for a service offering in the /v2/catalog endpoint that
Cloud Foundry delivers to applications in the VCAP_SERVICES Environment
Variable
<http://docs.cloudfoundry.org/devguide/deploy-apps/environment-variable.html#VCAP-SERVICES>.
These tags provide developers with a more generic way for applications to
parse VCAP_SERVICES for credentials. Developers may now provide their own
tags when creating or updating a service instance by including a
comma-separated list of tags with the -t flag.

Documentation:

- http://docs.cloudfoundry.org/services/api.html

- http://docs.cloudfoundry.org/devguide/services/managing-services.html

Special thanks to the former CF Services API team and Shannon for their
hard work on these features.

-Dieu
CF CAPI PM


Re: revrse proxy in CF

Dieu Cao <dcao@...>
 

It is available in cf-release 212.
There is a bug being worked on related to session stickiness [1] but if
you are not using session stickiness 212 should be fine to use to take
advantage of this feature.

-Dieu

[1]] https://www.pivotaltracker.com/story/show/98068176

On Thu, Jul 23, 2015 at 3:54 AM, 王小锋 <zzuwxf(a)gmail.com> wrote:

Is this feature available in CF version 212 or 213? thanks.

2015-07-21 16:21 GMT+08:00 Dieu Cao <dcao(a)pivotal.io>:

That's odd. I've fixed the link so it should be readable/commentable
again.

-Dieu
CF CAPI PM

On Tue, Jul 21, 2015 at 12:59 AM, Felix Friedrich <felix(a)fri.edri.ch>
wrote:

Hello,

the document "Context Path Routing" [1] does not seem to be public
accessible.


Felix




[1]

https://docs.google.com/document/d/1H_adSiY7wGR85av9YfxxPRylSO8Q8U0ANJJTg6wpYRQ/edit





On Tue, Jul 7, 2015, at 05:22 AM, Sumanth Yamala wrote:
Thanks Chris. Will keep you posted on how it goes.

Sumanth

From: cf-dev-bounces(a)lists.cloudfoundry.org
[mailto:cf-dev-bounces(a)lists.cloudfoundry.org] On Behalf Of
Christopher
Piraino
Sent: Monday, July 06, 2015 8:16 PM
To: Discussions about Cloud Foundry projects and the system overall.
Subject: Re: [cf-dev] revrse proxy in CF

Hi Sumanth,

We recently added support for "Context Path
Routing"<
https://docs.google.com/document/d/1H_adSiY7wGR85av9YfxxPRylSO8Q8U0ANJJTg6wpYRQ

in both the GoRouter and CC
API<http://apidocs.cloudfoundry.org/212/routes/creating_a_route.html>.
I
do not believe the cf CLI has implemented this feature yet.

This feature was added to address this exact use-case, we would love to
receive feedback on it. Note that there is a current bug related to the
use of context paths and session
affinity<https://www.pivotaltracker.com/story/show/98068176> that we
have
in our backlog.

Let me know if that helps!

Best,
Chris Piraino, CF Routing Team

On Mon, Jul 6, 2015 at 2:41 PM, Sumanth Yamala
<Sumanth.Yamala(a)sas.com<mailto:Sumanth.Yamala(a)sas.com>> wrote:
The main goal is to have a mapping from a top level url like
abc.com/app1<http://abc.com/app1> abc.com/app2<http://abc.com/app2>
getting mapped to the actual routes given by cf to the respective apps.
So I was thinking of adding a reverse proxy in front of the router,
similar to what you have done. Can this be accomplished with the go
router or do we need a reverse proxy?

Thanks
Sumanth

From:
cf-dev-bounces(a)lists.cloudfoundry.org<mailto:
cf-dev-bounces(a)lists.cloudfoundry.org>
[mailto:cf-dev-bounces(a)lists.cloudfoundry.org<mailto:
cf-dev-bounces(a)lists.cloudfoundry.org>]
On Behalf Of John Wong
Sent: Monday, July 06, 2015 4:32 PM
To: Discussions about Cloud Foundry projects and the system overall.
Subject: Re: [cf-dev] revrse proxy in CF

What is the goal of your reversed proxy? Did you mean load balance of
multiple instances of an app (cf push APPNAME -i 3 ==== having 3
instances of APPNAME)?

Gorouter knows how to dispatch to app 1 or app2, for as long as cf is
setup properly and that there is a url mapping.

Where I work we also configure Nginx to handle the incoming traffic and
then proxy to gorouter.

On Mon, Jul 6, 2015 at 4:23 PM, Sumanth Yamala
<Sumanth.Yamala(a)sas.com<mailto:Sumanth.Yamala(a)sas.com>> wrote:
Hi,

In an environment with multiple micro services being deployed in CF.
Does
the “go router” have the functionality of reverse proxy or should I
configure httpd to sit in front of the go router.

Thanks,
Sumanth

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org>
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org>
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


Re: Notifications on ORG, SPACE and USER modifications

Juan Pablo Genovese
 

Dieu,

that is awesome. If you need any input from my side, since I'm the OP,
please shoot me an email.

Thanks!!

2015-07-23 15:26 GMT-03:00 Dieu Cao <dcao(a)pivotal.io>:

Hi All,

I'm glad to see the interest in this feature. I think this feature is a
cross cutting concern across a few teams.
I can take this and work on framing the `what` and `why` of the problem
and send out a proposal for review and comment.
We can then take that to our engineering directors and then look at the
how.
I'll try to work on the initial problem statement in the next week or so.

-Dieu
Runtime PMC Lead

On Thu, Jul 23, 2015 at 9:24 AM, Mike Youngstrom <youngm(a)gmail.com> wrote:

Good point. The notifications would probably need to be reliable.

What about something like an Atom feed?

Mike

On Thu, Jul 23, 2015 at 12:27 AM, Dieu Cao <dcao(a)pivotal.io> wrote:

There are a few different approaches to this and different concerns that
are possible.
The requests I've seen have been around wanting to be able to subscribe
to and filter the various events that cc currently generates so that other
behavior could be triggered.
We currently have events, app usage events, and service usage events.
Is it acceptable for the notifications to be lossy? Depends on the use
case but If so, then the firehose may be an acceptable approach.

The CAPI team is currently focusing on other work in the near term, such
as the v3 API and private brokers, but would be happy to collaborate on a
proposal.


On Wed, Jul 22, 2015 at 2:05 PM, Juan Pablo Genovese <
juanpgenovese(a)gmail.com> wrote:

My take:

CC should have callbacks on for each model create, update and delete
methods. Those callbacks will send a message to an MQ, which you can
subscribe to consume those messages.
This can be expanded to pretty much every event we need to track.
What do you think?

JP

2015-07-22 17:30 GMT-03:00 Matthias X Hub <matthias.hub(a)de.ibm.com>:

Hi,

we (=IBM) are also having the need and are currently investigating how
to solve this. We plan to work on a proposal to discuss this further with
the cf community. I'll keep you updated on that.

Regards,
Matthias



From: Mike Youngstrom <youngm(a)gmail.com>
To: "Discussions about Cloud Foundry projects and the system
overall." <cf-dev(a)lists.cloudfoundry.org>
Date: 22.07.2015 20:57
Subject: Re: [cf-dev] Notifications on ORG, SPACE and USER
modifications
Sent by: cf-dev-bounces(a)lists.cloudfoundry.org
------------------------------



We have the same need. Today we are polling the CC.

It would be nice for us also if we could get CC event notifications
via something like the firehose.

Mike

On Wed, Jul 22, 2015 at 10:23 AM, Juan Pablo Genovese <
*juanpgenovese(a)gmail.com* <juanpgenovese(a)gmail.com>> wrote:
I mean, I know you can list those events thru the API, but I want
something that will react on an event instead of having to be constantly
polling for them.

2015-07-22 13:18 GMT-03:00 Juan Pablo Genovese <
*juanpgenovese(a)gmail.com* <juanpgenovese(a)gmail.com>>:
Sree,

thanks! Any pointers on how can I hook up to these audit events?

Thank you!

2015-07-22 13:12 GMT-03:00 Sree Tummidi <*stummidi(a)pivotal.io*
<stummidi(a)pivotal.io>>:
I believe there are audit events generated for all these actions which
can be captured and forwarded to an SIEM solution like splunk

Thanks,
Sree

Sent from my iPhone

On Jul 22, 2015, at 8:54 AM, Juan Pablo Genovese <
*juanpgenovese(a)gmail.com* <juanpgenovese(a)gmail.com>> wrote:

Guys,

I need to somehow hook up into the Cloud Controller (CC) to capture
ORG, SPACE and USER deletion, insertion and update.

So far, I considered some approaches, such as forking the CC (the
least favorite) and modifying the code with some hooks, tapping into Nginx
to capture the requests, and using triggers in the database to capture each
event and send the necessary info to a service.

What do you think?
Any other idea you might have?

Thanks!

--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------
*http://www.jpgenovese.com* <http://www.jpgenovese.com/>
_______________________________________________
cf-dev mailing list
*cf-dev(a)lists.cloudfoundry.org* <cf-dev(a)lists.cloudfoundry.org>
*https://lists.cloudfoundry.org/mailman/listinfo/cf-dev*
<https://lists.cloudfoundry.org/mailman/listinfo/cf-dev>

_______________________________________________
cf-dev mailing list
*cf-dev(a)lists.cloudfoundry.org* <cf-dev(a)lists.cloudfoundry.org>
*https://lists.cloudfoundry.org/mailman/listinfo/cf-dev*
<https://lists.cloudfoundry.org/mailman/listinfo/cf-dev>




--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------
*http://www.jpgenovese.com* <http://www.jpgenovese.com/>



--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------
*http://www.jpgenovese.com* <http://www.jpgenovese.com/>

_______________________________________________
cf-dev mailing list
*cf-dev(a)lists.cloudfoundry.org* <cf-dev(a)lists.cloudfoundry.org>
*https://lists.cloudfoundry.org/mailman/listinfo/cf-dev*
<https://lists.cloudfoundry.org/mailman/listinfo/cf-dev>

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev



_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------
http://www.jpgenovese.com

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------
http://www.jpgenovese.com


Re: Notifications on ORG, SPACE and USER modifications

Dieu Cao <dcao@...>
 

Hi All,

I'm glad to see the interest in this feature. I think this feature is a
cross cutting concern across a few teams.
I can take this and work on framing the `what` and `why` of the problem and
send out a proposal for review and comment.
We can then take that to our engineering directors and then look at the how.
I'll try to work on the initial problem statement in the next week or so.

-Dieu
Runtime PMC Lead

On Thu, Jul 23, 2015 at 9:24 AM, Mike Youngstrom <youngm(a)gmail.com> wrote:

Good point. The notifications would probably need to be reliable.

What about something like an Atom feed?

Mike

On Thu, Jul 23, 2015 at 12:27 AM, Dieu Cao <dcao(a)pivotal.io> wrote:

There are a few different approaches to this and different concerns that
are possible.
The requests I've seen have been around wanting to be able to subscribe
to and filter the various events that cc currently generates so that other
behavior could be triggered.
We currently have events, app usage events, and service usage events.
Is it acceptable for the notifications to be lossy? Depends on the use
case but If so, then the firehose may be an acceptable approach.

The CAPI team is currently focusing on other work in the near term, such
as the v3 API and private brokers, but would be happy to collaborate on a
proposal.


On Wed, Jul 22, 2015 at 2:05 PM, Juan Pablo Genovese <
juanpgenovese(a)gmail.com> wrote:

My take:

CC should have callbacks on for each model create, update and delete
methods. Those callbacks will send a message to an MQ, which you can
subscribe to consume those messages.
This can be expanded to pretty much every event we need to track.
What do you think?

JP

2015-07-22 17:30 GMT-03:00 Matthias X Hub <matthias.hub(a)de.ibm.com>:

Hi,

we (=IBM) are also having the need and are currently investigating how
to solve this. We plan to work on a proposal to discuss this further with
the cf community. I'll keep you updated on that.

Regards,
Matthias



From: Mike Youngstrom <youngm(a)gmail.com>
To: "Discussions about Cloud Foundry projects and the system
overall." <cf-dev(a)lists.cloudfoundry.org>
Date: 22.07.2015 20:57
Subject: Re: [cf-dev] Notifications on ORG, SPACE and USER
modifications
Sent by: cf-dev-bounces(a)lists.cloudfoundry.org
------------------------------



We have the same need. Today we are polling the CC.

It would be nice for us also if we could get CC event notifications via
something like the firehose.

Mike

On Wed, Jul 22, 2015 at 10:23 AM, Juan Pablo Genovese <
*juanpgenovese(a)gmail.com* <juanpgenovese(a)gmail.com>> wrote:
I mean, I know you can list those events thru the API, but I want
something that will react on an event instead of having to be constantly
polling for them.

2015-07-22 13:18 GMT-03:00 Juan Pablo Genovese <
*juanpgenovese(a)gmail.com* <juanpgenovese(a)gmail.com>>:
Sree,

thanks! Any pointers on how can I hook up to these audit events?

Thank you!

2015-07-22 13:12 GMT-03:00 Sree Tummidi <*stummidi(a)pivotal.io*
<stummidi(a)pivotal.io>>:
I believe there are audit events generated for all these actions which
can be captured and forwarded to an SIEM solution like splunk

Thanks,
Sree

Sent from my iPhone

On Jul 22, 2015, at 8:54 AM, Juan Pablo Genovese <
*juanpgenovese(a)gmail.com* <juanpgenovese(a)gmail.com>> wrote:

Guys,

I need to somehow hook up into the Cloud Controller (CC) to capture
ORG, SPACE and USER deletion, insertion and update.

So far, I considered some approaches, such as forking the CC (the least
favorite) and modifying the code with some hooks, tapping into Nginx to
capture the requests, and using triggers in the database to capture each
event and send the necessary info to a service.

What do you think?
Any other idea you might have?

Thanks!

--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------
*http://www.jpgenovese.com* <http://www.jpgenovese.com/>
_______________________________________________
cf-dev mailing list
*cf-dev(a)lists.cloudfoundry.org* <cf-dev(a)lists.cloudfoundry.org>
*https://lists.cloudfoundry.org/mailman/listinfo/cf-dev*
<https://lists.cloudfoundry.org/mailman/listinfo/cf-dev>

_______________________________________________
cf-dev mailing list
*cf-dev(a)lists.cloudfoundry.org* <cf-dev(a)lists.cloudfoundry.org>
*https://lists.cloudfoundry.org/mailman/listinfo/cf-dev*
<https://lists.cloudfoundry.org/mailman/listinfo/cf-dev>




--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------
*http://www.jpgenovese.com* <http://www.jpgenovese.com/>



--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------
*http://www.jpgenovese.com* <http://www.jpgenovese.com/>

_______________________________________________
cf-dev mailing list
*cf-dev(a)lists.cloudfoundry.org* <cf-dev(a)lists.cloudfoundry.org>
*https://lists.cloudfoundry.org/mailman/listinfo/cf-dev*
<https://lists.cloudfoundry.org/mailman/listinfo/cf-dev>

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev



_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------
http://www.jpgenovese.com

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


Re: UAA: How to set client_credentials token grant type to not expire

Filip Hanik
 

https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-APIs.rst#register-client-post-oauthclients

access_token_validity - int Optional Value in seconds for how long an
access token is valid for

Set this field to a very large value, like
http://docs.oracle.com/javase/7/docs/api/constant-values.html#java.lang.Integer.MAX_VALUE

On Thu, Jul 23, 2015 at 11:05 AM, Kayode Odeyemi <dreyemi(a)gmail.com> wrote:

Hi,

I have some trusted clients set up to use client_credentials token grant.
I'll like to set their tokens not to expire.

How do I achieve this?


_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


UAA: How to set client_credentials token grant type to not expire

Paul Bakare
 

Hi,

I have some trusted clients set up to use client_credentials token grant.
I'll like to set their tokens not to expire.

How do I achieve this?


Re: Assigning Role to Group

Sree Tummidi
 

Yes, we do plan on mapping ORG & Space Roles to Groups in LDAP or via SAML.
At this time , the only scope that can be mapped is cloud_controller.admin
as its defined as an OAuth scope for Cloud Controller.

-Sree

On Thu, Jul 23, 2015 at 5:48 AM, Zakharov Alexey <
alexey.zakharov(a)altoros.com> wrote:

Is there any plans to implement ORGs to LDAP groups binding later?
When I list group mappings, I can see a default mapping, which forces me
to think you are planning to do something like that:

$ uaac group mappings
resources:
-
organizations.acme: cn=test_org,ou=people,o=springsource,o=org

---
Alexey Zakharov | CloudFoundry Team | Altoros
Tel: (617) 841-2121 ext. 5704 | Toll free: 855-ALTOROS
Fax: (866) 201-3646 | Skype: alexey.zakharov.a
www.altoros.com | blog.altoros.com | twitter.com/altoros

On Jul 22, 2015, at 18:05, Filip Hanik <fhanik(a)pivotal.io> wrote:

To elaborate a bit more, at this time the cloud controller maintains its
own roles and ACLs in the CC database.

Filip

On Wednesday, July 22, 2015, Sree Tummidi <stummidi(a)pivotal.io> wrote:

This support is not yet available

Thanks,
Sree

Sent from my iPad

On Jul 22, 2015, at 4:35 AM, Daniel Mikusa <dmikusa(a)pivotal.io> wrote:

On Wed, Jul 22, 2015 at 3:27 AM, Zakharov Alexey <
alexey.zakharov(a)altoros.com> wrote:

>* Hi guys!
*>* Sorry if my question is newbie or it was discussed before.
*>* I want to use LDAP for users authentication/authorisation. And I’ve
*>* successfully bound CF to LDAP, and managed to configure uaac group mappings.
*>* But then I realised, that there are no way to assign a Role to that group.
*>* 'cf set-org-role’ accepts only usernames as parameter, but not groups. I
*>* think assigning Developer role to group is more flexible than assigning is
*>* to every particular user.
*>* Are you going to add this feature later? Or maybe there is an another way
*>* to do group binding?
*>
Have you looked at the `uaac` tool? I'm not quite sure I understand what
you're trying to do, but you can map an LDAP group DN to a UAA group with
`uaac`. Then if a user in that LDAP group logs in, they'll have that uaa
group. Is that what you're looking to do?

Ex:

uaac group map --name cloud_controller.admin "GROUP-DISTINGUISHED-NAME"

Or are you asking about mapping LDAP groups to CF org & space roles? i.e.
user in ldap group X is automatically given the OrgManager role in org Y.

Dan

Hi Dan!

Yes, as I’ve stated before, I’ve already managed to configure group mappings using ‘uaac group map’.

And now I want to bind group members to Organizations and Spaces. Is it possible to do?

Sorry, missed that in your original post. Last I heard no you couldn't
do this mapping, but that was a while ago though. Maybe someone on the
Identity team could confirm.

Dan

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev



_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


Re: Notifications on ORG, SPACE and USER modifications

Mike Youngstrom
 

Good point. The notifications would probably need to be reliable.

What about something like an Atom feed?

Mike

On Thu, Jul 23, 2015 at 12:27 AM, Dieu Cao <dcao(a)pivotal.io> wrote:

There are a few different approaches to this and different concerns that
are possible.
The requests I've seen have been around wanting to be able to subscribe to
and filter the various events that cc currently generates so that other
behavior could be triggered.
We currently have events, app usage events, and service usage events.
Is it acceptable for the notifications to be lossy? Depends on the use
case but If so, then the firehose may be an acceptable approach.

The CAPI team is currently focusing on other work in the near term, such
as the v3 API and private brokers, but would be happy to collaborate on a
proposal.


On Wed, Jul 22, 2015 at 2:05 PM, Juan Pablo Genovese <
juanpgenovese(a)gmail.com> wrote:

My take:

CC should have callbacks on for each model create, update and delete
methods. Those callbacks will send a message to an MQ, which you can
subscribe to consume those messages.
This can be expanded to pretty much every event we need to track.
What do you think?

JP

2015-07-22 17:30 GMT-03:00 Matthias X Hub <matthias.hub(a)de.ibm.com>:

Hi,

we (=IBM) are also having the need and are currently investigating how
to solve this. We plan to work on a proposal to discuss this further with
the cf community. I'll keep you updated on that.

Regards,
Matthias



From: Mike Youngstrom <youngm(a)gmail.com>
To: "Discussions about Cloud Foundry projects and the system
overall." <cf-dev(a)lists.cloudfoundry.org>
Date: 22.07.2015 20:57
Subject: Re: [cf-dev] Notifications on ORG, SPACE and USER
modifications
Sent by: cf-dev-bounces(a)lists.cloudfoundry.org
------------------------------



We have the same need. Today we are polling the CC.

It would be nice for us also if we could get CC event notifications via
something like the firehose.

Mike

On Wed, Jul 22, 2015 at 10:23 AM, Juan Pablo Genovese <
*juanpgenovese(a)gmail.com* <juanpgenovese(a)gmail.com>> wrote:
I mean, I know you can list those events thru the API, but I want
something that will react on an event instead of having to be constantly
polling for them.

2015-07-22 13:18 GMT-03:00 Juan Pablo Genovese <
*juanpgenovese(a)gmail.com* <juanpgenovese(a)gmail.com>>:
Sree,

thanks! Any pointers on how can I hook up to these audit events?

Thank you!

2015-07-22 13:12 GMT-03:00 Sree Tummidi <*stummidi(a)pivotal.io*
<stummidi(a)pivotal.io>>:
I believe there are audit events generated for all these actions which
can be captured and forwarded to an SIEM solution like splunk

Thanks,
Sree

Sent from my iPhone

On Jul 22, 2015, at 8:54 AM, Juan Pablo Genovese <
*juanpgenovese(a)gmail.com* <juanpgenovese(a)gmail.com>> wrote:

Guys,

I need to somehow hook up into the Cloud Controller (CC) to capture ORG,
SPACE and USER deletion, insertion and update.

So far, I considered some approaches, such as forking the CC (the least
favorite) and modifying the code with some hooks, tapping into Nginx to
capture the requests, and using triggers in the database to capture each
event and send the necessary info to a service.

What do you think?
Any other idea you might have?

Thanks!

--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------
*http://www.jpgenovese.com* <http://www.jpgenovese.com/>
_______________________________________________
cf-dev mailing list
*cf-dev(a)lists.cloudfoundry.org* <cf-dev(a)lists.cloudfoundry.org>
*https://lists.cloudfoundry.org/mailman/listinfo/cf-dev*
<https://lists.cloudfoundry.org/mailman/listinfo/cf-dev>

_______________________________________________
cf-dev mailing list
*cf-dev(a)lists.cloudfoundry.org* <cf-dev(a)lists.cloudfoundry.org>
*https://lists.cloudfoundry.org/mailman/listinfo/cf-dev*
<https://lists.cloudfoundry.org/mailman/listinfo/cf-dev>




--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------
*http://www.jpgenovese.com* <http://www.jpgenovese.com/>



--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------
*http://www.jpgenovese.com* <http://www.jpgenovese.com/>

_______________________________________________
cf-dev mailing list
*cf-dev(a)lists.cloudfoundry.org* <cf-dev(a)lists.cloudfoundry.org>
*https://lists.cloudfoundry.org/mailman/listinfo/cf-dev*
<https://lists.cloudfoundry.org/mailman/listinfo/cf-dev>

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev



_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------
http://www.jpgenovese.com

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


Re: Running Jira into Cloudfoundry

Gwenn Etourneau
 

Not sure yet .. I am still thinking about that ..
But anyway if ERS is too hard I will use the bosh way :)

On Thu, Jul 23, 2015 at 6:24 PM, john mcteague <john.mcteague(a)gmail.com>
wrote:

Out of curiosity how do you plan on solving the storage problem for
attachments, assuming you get the DB working.

John.
On 23 Jul 2015 10:12, "Gwenn Etourneau" <getourneau(a)pivotal.io> wrote:

DB is setup by a config file, no enviroment variable or other.
I was thinking about adding a new component to the buildpack (fork..) to
setup this file ..

On Thu, Jul 23, 2015 at 6:10 PM, Josh Long <starbuxman(a)gmail.com> wrote:

how does the DB get configured? Why is it difficult?
Thanks,
Josh Long
Spring Developer Advocate
SpringSource
www.joshlong.com || @starbuxman


On Thu, Jul 23, 2015 at 2:45 AM, Gwenn Etourneau <getourneau(a)pivotal.io>
wrote:
Hi everyone,

I wonder if someone succeed or tried to run Jira into cloudfoundry
(ERS).

It's not that difficult with bosh but for Cloudfoundry the difficult
part is
to configure the DB.

Thanks

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


Re: Notifications on ORG, SPACE and USER modifications

Juan Pablo Genovese
 

Anyone wiling to do a Hangout and start talking this? I really want to push
this forward.

Thanks!!

JP

2015-07-23 4:39 GMT-03:00 Benjamin Black <bblack(a)pivotal.io>:

ETags and a 304 response are specifically intended for that purpose. I'd
recommend that over relying on Last-Modified.


b

On Thu, Jul 23, 2015 at 12:34 AM, Koper, Dies <diesk(a)fast.au.fujitsu.com>
wrote:

Or setting the Last-Modified HTTP response header accordingly, and
allow clients to use HTTP caching mechanisms (Last-Modified, etc.) to get
quick empty responses with the current APIs if no changes have been made?
(Or maybe this is already working so – haven’t checked).



Regards,

Dies Koper



*From:* cf-dev-bounces(a)lists.cloudfoundry.org [mailto:
cf-dev-bounces(a)lists.cloudfoundry.org] *On Behalf Of *Matt Cowger
*Sent:* Thursday, July 23, 2015 4:45 PM
*To:* Discussions about Cloud Foundry projects and the system overall.
*Subject:* Re: [cf-dev] Notifications on ORG, SPACE and USER
modifications



I've wanted something similar as well.



On a related note, having a CC API 'serial' number (for each object in CC
- apps, spaces, etc) that increments on every change relevant to that
object would be of value for detecting if something has changed.



On Thu, Jul 23, 2015 at 3:27 PM, Dieu Cao <dcao(a)pivotal.io> wrote:

There are a few different approaches to this and different concerns that
are possible.

The requests I've seen have been around wanting to be able to subscribe
to and filter the various events that cc currently generates so that other
behavior could be triggered.

We currently have events, app usage events, and service usage events.

Is it acceptable for the notifications to be lossy? Depends on the use
case but If so, then the firehose may be an acceptable approach.



The CAPI team is currently focusing on other work in the near term, such
as the v3 API and private brokers, but would be happy to collaborate on a
proposal.





On Wed, Jul 22, 2015 at 2:05 PM, Juan Pablo Genovese <
juanpgenovese(a)gmail.com> wrote:

My take:



CC should have callbacks on for each model create, update and delete
methods. Those callbacks will send a message to an MQ, which you can
subscribe to consume those messages.

This can be expanded to pretty much every event we need to track.

What do you think?



JP



2015-07-22 17:30 GMT-03:00 Matthias X Hub <matthias.hub(a)de.ibm.com>:

Hi,

we (=IBM) are also having the need and are currently investigating how to
solve this. We plan to work on a proposal to discuss this further with the
cf community. I'll keep you updated on that.

Regards,
Matthias



From: Mike Youngstrom <youngm(a)gmail.com>
To: "Discussions about Cloud Foundry projects and the system
overall." <cf-dev(a)lists.cloudfoundry.org>
Date: 22.07.2015 20:57
Subject: Re: [cf-dev] Notifications on ORG, SPACE and USER
modifications
Sent by: cf-dev-bounces(a)lists.cloudfoundry.org
------------------------------




We have the same need. Today we are polling the CC.

It would be nice for us also if we could get CC event notifications via
something like the firehose.

Mike

On Wed, Jul 22, 2015 at 10:23 AM, Juan Pablo Genovese <
juanpgenovese(a)gmail.com> wrote:
I mean, I know you can list those events thru the API, but I want
something that will react on an event instead of having to be constantly
polling for them.

2015-07-22 13:18 GMT-03:00 Juan Pablo Genovese <juanpgenovese(a)gmail.com>:

Sree,

thanks! Any pointers on how can I hook up to these audit events?

Thank you!

2015-07-22 13:12 GMT-03:00 Sree Tummidi <stummidi(a)pivotal.io>:
I believe there are audit events generated for all these actions which
can be captured and forwarded to an SIEM solution like splunk

Thanks,
Sree

Sent from my iPhone

On Jul 22, 2015, at 8:54 AM, Juan Pablo Genovese <juanpgenovese(a)gmail.com>
wrote:

Guys,

I need to somehow hook up into the Cloud Controller (CC) to capture ORG,
SPACE and USER deletion, insertion and update.

So far, I considered some approaches, such as forking the CC (the least
favorite) and modifying the code with some hooks, tapping into Nginx to
capture the requests, and using triggers in the database to capture each
event and send the necessary info to a service.

What do you think?
Any other idea you might have?

Thanks!

--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------

http://www.jpgenovese.com
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev




--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------
http://www.jpgenovese.com



--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------
http://www.jpgenovese.com


_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev





--

Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------

http://www.jpgenovese.com


_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev




_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev





--

-- Matt

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan Pablo
------------------------------------------------------
http://www.jpgenovese.com


Re: Assigning Role to Group

Zakharov Alexey <alexey.zakharov@...>
 

Is there any plans to implement ORGs to LDAP groups binding later?
When I list group mappings, I can see a default mapping, which forces me to think you are planning to do something like that:

$ uaac group mappings
resources:
-
organizations.acme: cn=test_org,ou=people,o=springsource,o=org

---
Alexey Zakharov | CloudFoundry Team | Altoros
Tel: (617) 841-2121 ext. 5704 | Toll free: 855-ALTOROS
Fax: (866) 201-3646 | Skype: alexey.zakharov.a
www.altoros.com<http://www.altoros.com> | blog.altoros.com<http://blog.altoros.com> | twitter.com/altoros<http://twitter.com/altoros>

On Jul 22, 2015, at 18:05, Filip Hanik <fhanik(a)pivotal.io<mailto:fhanik(a)pivotal.io>> wrote:

To elaborate a bit more, at this time the cloud controller maintains its own roles and ACLs in the CC database.

Filip

On Wednesday, July 22, 2015, Sree Tummidi <stummidi(a)pivotal.io<mailto:stummidi(a)pivotal.io>> wrote:
This support is not yet available

Thanks,
Sree

Sent from my iPad

On Jul 22, 2015, at 4:35 AM, Daniel Mikusa <dmikusa(a)pivotal.io<javascript:_e(%7B%7D,'cvml','dmikusa(a)pivotal.io');>> wrote:

On Wed, Jul 22, 2015 at 3:27 AM, Zakharov Alexey <alexey.zakharov(a)altoros.com<javascript:_e(%7B%7D,'cvml','alexey.zakharov(a)altoros.com');>> wrote:

Hi guys!
Sorry if my question is newbie or it was discussed before.
I want to use LDAP for users authentication/authorisation. And I’ve
successfully bound CF to LDAP, and managed to configure uaac group mappings.
But then I realised, that there are no way to assign a Role to that group.
'cf set-org-role’ accepts only usernames as parameter, but not groups. I
think assigning Developer role to group is more flexible than assigning is
to every particular user.
Are you going to add this feature later? Or maybe there is an another way
to do group binding?
Have you looked at the `uaac` tool? I'm not quite sure I understand what
you're trying to do, but you can map an LDAP group DN to a UAA group with
`uaac`. Then if a user in that LDAP group logs in, they'll have that uaa
group. Is that what you're looking to do?

Ex:

uaac group map --name cloud_controller.admin "GROUP-DISTINGUISHED-NAME"

Or are you asking about mapping LDAP groups to CF org & space roles? i.e.
user in ldap group X is automatically given the OrgManager role in org Y.

Dan


Hi Dan!

Yes, as I’ve stated before, I’ve already managed to configure group mappings using ‘uaac group map’.

And now I want to bind group members to Organizations and Spaces. Is it possible to do?

Sorry, missed that in your original post. Last I heard no you couldn't do this mapping, but that was a while ago though. Maybe someone on the Identity team could confirm.

Dan

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org<javascript:_e(%7B%7D,'cvml','cf-dev(a)lists.cloudfoundry.org');>
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org>
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


Re: "running_instances": -1

Kris Kobylinski <kriskobylinski@...>
 

If the deployment failed wouldn't that mean that no instances are running ?
Shouldn't the running_instances be 0 in that case ?

Thank you,
Kris

On Thu, Jul 23, 2015 at 2:06 AM, Dieu Cao <dcao(a)pivotal.io> wrote:

-1 indicates that the state of the instances is unknown.
The CLI is purposefully converting the -1 to a ? to indicate that the
state is unknown.

On Wed, Jul 22, 2015 at 4:09 PM, Kris Kobylinski <kriskobylinski(a)gmail.com
wrote:
After pushing an app which fails at buildpack support, the following
parameters are observed:
"state": "STARTED"
"running_instances":-1
"package_state": "FAILED"

It seems that the -1 for running instances is problematic for the CF CLI
which shows something like the following :
name requested state instances memory disk urls
app started ?/1 1G 1G app
URL

Shouldn't the running_instances be 0 ? What is the meaning of -1 ?

Thank you,

Kris


--
________________________________________
http://kriskobylinski.mybluemix.net/ <http://koby.acndirect.com>

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

--
________________________________________
http://kriskobylinski.mybluemix.net/ <http://koby.acndirect.com>


Re: revrse proxy in CF

王小锋 <zzuwxf at gmail.com...>
 

Is this feature available in CF version 212 or 213? thanks.

2015-07-21 16:21 GMT+08:00 Dieu Cao <dcao(a)pivotal.io>:

That's odd. I've fixed the link so it should be readable/commentable
again.

-Dieu
CF CAPI PM

On Tue, Jul 21, 2015 at 12:59 AM, Felix Friedrich <felix(a)fri.edri.ch>
wrote:

Hello,

the document "Context Path Routing" [1] does not seem to be public
accessible.


Felix




[1]

https://docs.google.com/document/d/1H_adSiY7wGR85av9YfxxPRylSO8Q8U0ANJJTg6wpYRQ/edit





On Tue, Jul 7, 2015, at 05:22 AM, Sumanth Yamala wrote:
Thanks Chris. Will keep you posted on how it goes.

Sumanth

From: cf-dev-bounces(a)lists.cloudfoundry.org
[mailto:cf-dev-bounces(a)lists.cloudfoundry.org] On Behalf Of Christopher
Piraino
Sent: Monday, July 06, 2015 8:16 PM
To: Discussions about Cloud Foundry projects and the system overall.
Subject: Re: [cf-dev] revrse proxy in CF

Hi Sumanth,

We recently added support for "Context Path
Routing"<
https://docs.google.com/document/d/1H_adSiY7wGR85av9YfxxPRylSO8Q8U0ANJJTg6wpYRQ

in both the GoRouter and CC
API<http://apidocs.cloudfoundry.org/212/routes/creating_a_route.html>.
I
do not believe the cf CLI has implemented this feature yet.

This feature was added to address this exact use-case, we would love to
receive feedback on it. Note that there is a current bug related to the
use of context paths and session
affinity<https://www.pivotaltracker.com/story/show/98068176> that we
have
in our backlog.

Let me know if that helps!

Best,
Chris Piraino, CF Routing Team

On Mon, Jul 6, 2015 at 2:41 PM, Sumanth Yamala
<Sumanth.Yamala(a)sas.com<mailto:Sumanth.Yamala(a)sas.com>> wrote:
The main goal is to have a mapping from a top level url like
abc.com/app1<http://abc.com/app1> abc.com/app2<http://abc.com/app2>
getting mapped to the actual routes given by cf to the respective apps.
So I was thinking of adding a reverse proxy in front of the router,
similar to what you have done. Can this be accomplished with the go
router or do we need a reverse proxy?

Thanks
Sumanth

From:
cf-dev-bounces(a)lists.cloudfoundry.org<mailto:
cf-dev-bounces(a)lists.cloudfoundry.org>
[mailto:cf-dev-bounces(a)lists.cloudfoundry.org<mailto:
cf-dev-bounces(a)lists.cloudfoundry.org>]
On Behalf Of John Wong
Sent: Monday, July 06, 2015 4:32 PM
To: Discussions about Cloud Foundry projects and the system overall.
Subject: Re: [cf-dev] revrse proxy in CF

What is the goal of your reversed proxy? Did you mean load balance of
multiple instances of an app (cf push APPNAME -i 3 ==== having 3
instances of APPNAME)?

Gorouter knows how to dispatch to app 1 or app2, for as long as cf is
setup properly and that there is a url mapping.

Where I work we also configure Nginx to handle the incoming traffic and
then proxy to gorouter.

On Mon, Jul 6, 2015 at 4:23 PM, Sumanth Yamala
<Sumanth.Yamala(a)sas.com<mailto:Sumanth.Yamala(a)sas.com>> wrote:
Hi,

In an environment with multiple micro services being deployed in CF.
Does
the “go router” have the functionality of reverse proxy or should I
configure httpd to sit in front of the go router.

Thanks,
Sumanth

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org>
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org>
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


Re: 3 etcd nodes don't work well in single zone

Tony
 

Hi Amit,

Here is the latest logs I got from etcd and hm9k (I use scp instead of bosh logs to avoid missing something) immediately after finishing test.

May I mention that there is a test folder in the zip file:

test-etcd.sh is a simple script I use, it sends cf app dora every second, and records responses in status.log,

if instance number changed ,then records it in variation.log

In in variation.log, you can see the instance number varies between 2/2 and ?/2 eight times within about 10 minutes.

Thu Jul 23 08:39:29 UTC 2015
instances: 2/2
Thu Jul 23 08:42:59 UTC 2015
instances: ?/2
Thu Jul 23 08:43:36 UTC 2015
instances: 2/2
Thu Jul 23 08:44:55 UTC 2015
instances: ?/2
Thu Jul 23 08:45:32 UTC 2015
instances: 2/2
Thu Jul 23 08:48:31 UTC 2015
instances: ?/2
Thu Jul 23 08:49:02 UTC 2015
instances: 2/2
Thu Jul 23 08:50:05 UTC 2015
instances: ?/2
Thu Jul 23 08:50:41 UTC 2015
instances: 2/2


The start time of this test is “Thu Jul 23 08:39:29 UTC 2015” , it is around "timestamp":1437640773, so I delete most of content before 143763… to make the logs clear.

I didn’t delete any log after 1437640773. If you see the last line of some file(e.g. hm9000_sender.log) is before 1437640773, that just means it didn’t print any log since then.


And I find that at the moments it varies, there isn’t any error recorded in etcd log.

So it seems that the problem is in hm. I’m not sure.

Regards,
Tony

From: Amit Gupta [via CF Dev] [mailto:ml-node+s70369n810h86(a)n6.nabble.com]
Sent: Wednesday, 22 July 2015 10:09 AM
To: Li, Tony
Subject: Re: [cf-dev] 3 etcd nodes don't work well in single zone

Hi Tony,

The logs you've retrieved only go back to Jul 21, which I can't correlate with the "?/2" issues you were seeing. If you could possibly record again a bunch of occurrences of flapping between "2/2" and "?/2" for an app (along with datetime stamps), and then immediately get logs from *all* the HM and etcd nodes (`bosh logs` only gets logs from one node at a time), I can try to dig in more. It's important to get the logs from the HM and etcd VMs soon after recording the "?/2" events, otherwise BOSH may rotate/archive the logs and then make them harder to obtain.

Best,
Amit

On Tue, Jul 21, 2015 at 4:53 PM, Amit Gupta <[hidden email]</user/SendEmail.jtp?type=node&node=810&i=0>> wrote:
You should definitely not run etcd with 2 instances. You can read more about
recommended cluster sizes in the etcd docs:

https://github.com/coreos/etcd/blob/740187f199a12652ca1b7bddb7b3489160103d84/Documentation/admin_guide.md#fault-tolerance-table

I will look at the attached logs and get back to you, but wanted to make
sure to advise you to run either 1 or 3 nodes. With 2, you can wedge the
system, because it will need all nodes to be up to achieve quorum. If you
roll one of the two nodes, it will not be able to rejoin the cluster, and
the service will be stuck in an unavailable state.



-----
Amit, CF OSS Release Integration PM
Pivotal Software, Inc.
--
View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-3-etcd-nodes-don-t-work-well-in-single-zone-tp746p809.html
Sent from the CF Dev mailing list archive at Nabble.com.
_______________________________________________
cf-dev mailing list
[hidden email]</user/SendEmail.jtp?type=node&node=810&i=1>
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


_______________________________________________
cf-dev mailing list
[hidden email]</user/SendEmail.jtp?type=node&node=810&i=2>
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
Amit, CF OSS Release Integration PM
Pivotal Software, Inc.

________________________________
If you reply to this email, your message will be added to the discussion below:
http://cf-dev.70369.x6.nabble.com/cf-dev-3-etcd-nodes-don-t-work-well-in-single-zone-tp746p810.html
To unsubscribe from [cf-dev] 3 etcd nodes don't work well in single zone, click here<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=746&code=VG9ueWxAZmFzdC5hdS5mdWppdHN1LmNvbXw3NDZ8LTQ5MjU5Njk1Nw==>.
NAML<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
Disclaimer

The information in this e-mail is confidential and may contain content that is subject to copyright and/or is commercial-in-confidence and is intended only for the use of the above named addressee. If you are not the intended recipient, you are hereby notified that dissemination, copying or use of the information is strictly prohibited. If you have received this e-mail in error, please telephone Fujitsu Australia Software Technology Pty Ltd on + 61 2 9452 9000 or by reply e-mail to the sender and delete the document and all copies thereof.


Whereas Fujitsu Australia Software Technology Pty Ltd would not knowingly transmit a virus within an email communication, it is the receiver’s responsibility to scan all communication and any files attached for computer viruses and other defects. Fujitsu Australia Software Technology Pty Ltd does not accept liability for any loss or damage (whether direct, indirect, consequential or economic) however caused, and whether by negligence or otherwise, which may result directly or indirectly from this communication or any files attached.


If you do not wish to receive commercial and/or marketing email messages from Fujitsu Australia Software Technology Pty Ltd, please email unsubscribe(a)fast.au.fujitsu.com


logs.zip (103K) <http://cf-dev.70369.x6.nabble.com/attachment/847/0/logs.zip>




--
View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-3-etcd-nodes-don-t-work-well-in-single-zone-tp746p847.html
Sent from the CF Dev mailing list archive at Nabble.com.


Re: Running Jira into Cloudfoundry

john mcteague <john.mcteague@...>
 

Out of curiosity how do you plan on solving the storage problem for
attachments, assuming you get the DB working.

John.

On 23 Jul 2015 10:12, "Gwenn Etourneau" <getourneau(a)pivotal.io> wrote:

DB is setup by a config file, no enviroment variable or other.
I was thinking about adding a new component to the buildpack (fork..) to
setup this file ..

On Thu, Jul 23, 2015 at 6:10 PM, Josh Long <starbuxman(a)gmail.com> wrote:

how does the DB get configured? Why is it difficult?
Thanks,
Josh Long
Spring Developer Advocate
SpringSource
www.joshlong.com || @starbuxman


On Thu, Jul 23, 2015 at 2:45 AM, Gwenn Etourneau <getourneau(a)pivotal.io>
wrote:
Hi everyone,

I wonder if someone succeed or tried to run Jira into cloudfoundry
(ERS).

It's not that difficult with bosh but for Cloudfoundry the difficult
part is
to configure the DB.

Thanks

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


Re: Running Jira into Cloudfoundry

Gwenn Etourneau
 

DB is setup by a config file, no enviroment variable or other.
I was thinking about adding a new component to the buildpack (fork..) to
setup this file ..

On Thu, Jul 23, 2015 at 6:10 PM, Josh Long <starbuxman(a)gmail.com> wrote:

how does the DB get configured? Why is it difficult?
Thanks,
Josh Long
Spring Developer Advocate
SpringSource
www.joshlong.com || @starbuxman


On Thu, Jul 23, 2015 at 2:45 AM, Gwenn Etourneau <getourneau(a)pivotal.io>
wrote:
Hi everyone,

I wonder if someone succeed or tried to run Jira into cloudfoundry (ERS).

It's not that difficult with bosh but for Cloudfoundry the difficult
part is
to configure the DB.

Thanks

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

8481 - 8500 of 9377