|
Re: UAA, SAML, and LDAP questions
Mike Youngstrom <youngm@...>
Well, that's a bummer. Is there any way around that? Our SAML is backed
toggle quoted message
Show quoted text
by the same LDAP so they are the same user. We can provide a unique ID to correlate SAML with LDAP users. Mike On Wed, May 13, 2015 at 2:28 PM, Filip Hanik <fhanik(a)pivotal.io> wrote:
yes, it would result in two different shadow accounts, differentiated by |
|
|
|
Re: UAA, SAML, and LDAP questions
Filip Hanik
yes, it would result in two different shadow accounts, differentiated by
the value of the user's origin field On Wed, May 13, 2015 at 2:08 PM, aaron_huber <aaron.m.huber(a)intel.com> wrote: Would the same user logging in via SAML and LDAP result in two different |
|
|
|
Re: UAA, SAML, and LDAP questions
Aaron Huber
Would the same user logging in via SAML and LDAP result in two different UAA
user objects with different sources, so that the user would have two different sets of orgs/spaces/apps? Aaron -- View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-UAA-SAML-and-LDAP-questions-tp62p65.html Sent from the CF Dev mailing list archive at Nabble.com. |
|
|
|
Re: UAA, SAML, and LDAP questions
Mike Youngstrom <youngm@...>
Great! I'll dig in and give it a try then. Thanks Filip!
toggle quoted message
Show quoted text
Mike On Wed, May 13, 2015 at 1:36 PM, Filip Hanik <fhanik(a)pivotal.io> wrote:
yes, it is entirely possible to run both SAML (as many providers as you |
|
|
|
Re: UAA, SAML, and LDAP questions
Filip Hanik
yes, it is entirely possible to run both SAML (as many providers as you
toggle quoted message
Show quoted text
need) and LDAP (single provider). we are keeping an eye on the SAML ECP profile to make it easier to handle password grants as well as the CLI itself. Filip On Wed, May 13, 2015 at 1:34 PM, Mike Youngstrom <youngm(a)gmail.com> wrote:
We're investigating converting our UAA from a custom fork that integrates |
|
|
|
UAA, SAML, and LDAP questions
Mike Youngstrom <youngm@...>
We're investigating converting our UAA from a custom fork that integrates
with our organization's SSO to the stock UAA using SAML and/or LDAP. We would like to maintain SSO functionalities for our web tools but after doing some reading SAML for the CLI might not work the way we expect it. In order to log into the CLI when using SAML does it require the user to go to a web page and get a one time login token? cf login --sso? If so, I don't think that will work for our and some CLI deployment automation we do. Is it possible to configure UAA to use both SAML and LDAP? The CLI could use LDAP and the web use SAML? Thanks, Mike |
|
|
|
Re: cf-release v208 is now available
Dieu Cao <dcao@...>
Regarding manifest templates, this means that the bosh director can now
toggle quoted message
Show quoted text
look at the number of instances per job to calculate the resource pool sizes so it does not need to be specified separately. As of version 2862, BOSH can compute these sizes dynamically from the list of jobs. Let's remove this data from the spiff templates in cf-release. You will need at least this version of BOSH. I'll update the release note to mention that. Regarding ephemeral disk sizes, it's not required to use underscores. The 4GB specified in the template for c3.large is replacement of the ephemeral disk used by default for c3.large. Also, there was an additional commit [1] that adjusted the instances sizes back up a bit as we were seeing flakiness in our environments when it was too low. I'll link that commit too on the release notes. Thanks! [1] https://github.com/cloudfoundry/cf-release/commit/e09ccfbe95c5dffb200b033f761f04a603404881 On Tue, May 12, 2015 at 6:41 PM, John Wong <gokoproject(a)gmail.com> wrote:
Great release!!! Congrat. |
|
|
|
Re: Is it possible to use git push to deploy applications on CF
Alexander Lomov <alexander.lomov@...>
Hey.
toggle quoted message
Show quoted text
The simplest way to add this behaviour is to add `cf push` command to `.git/hooks/pre-push` executable file. The detail you can find in git docs [0] In this article you can find the possible reasons not to use `cf push` together with `git push` [1] [0] http://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks [1] http://blog.pivotal.io/pivotal-labs/labs/deploying-jruby-rails-application-cloud-foundry ------------------------ Alex Lomov *Altoros* — Cloud Foundry deployment, training and integration *Twitter:* @code1n <https://twitter.com/code1n> *GitHub:* @allomov <https://gist.github.com/allomov> On Wed, May 13, 2015 at 10:04 AM, Alan Moran <bonzofenix(a)gmail.com> wrote:
Hi Kinjal, |
|
|
|
Re: Is it possible to use git push to deploy applications on CF
Alan Morán <bonzofenix at gmail.com...>
Hi Kinjal,
toggle quoted message
Show quoted text
CF push does not support git input afaik. But It would be fairly simple to implement a cf-cli plugin that does that from the client side to offer a heroku-like experience. Regards, — Alan On May 12, 2015, at 10:44 PM, Kinjal Doshi <kindoshi(a)gmail.com> wrote: |
|
|
|
Is it possible to use git push to deploy applications on CF
Kinjal Doshi
Hi,
I would like to know if it is possible to deploy applications on cloud foundry using git push. Or is it that only CF CLI can be used for pushing applications? Thanks, Kinjal |
|
|
|
Adding multiple users to user/auditor roles of an orgnization
Anil Ambati <aambati@...>
Hi,
is there a CF API to add multiple users to multiple roles of an organization? I have looked at the CF docs, but did not find any indication that such API exists. Thank you. Regards, Anil |
|
|
|
Re: cf-release v208 is now available
John Wong
Great release!!! Congrat.
toggle quoted message
Show quoted text
Just a couple questions (but if this is the right thread to ask please excuse me and let me know). - Manifest templates no longer include resource pool sizes details <https://github.com/cloudfoundry/cf-release/commit/fc26ee26443d79d765df490910ea0b4c9706d6ba> https://github.com/cloudfoundry/cf-release/commit/fc26ee26443d79d765df490910ea0b4c9706d6ba In a way I was "spoiled" and never really asked why we needed resource pool but went alone with it, but what does the commit comment "bosh director can figure this out automatically" mean? - Adjusted ephemeral disk sizes on new instance types for AWS template to be more realisticdetails <https://www.pivotaltracker.com/story/show/91780134> I just want to make sure I understand the underscore for each of the size is just some syntax thing for the template, not something I would actually write in my manifest. Also c3.large by default has 2x16SSD, so are we taking 4Gb (from the template) from the ephemeral/instance? And congratulation for merging UAA and Login server. So now all we need is 2 VMs minimally if we really want to have HA (aside from enabling bosh resurrect). Thanks in advance. John Wong On Tue, May 12, 2015 at 8:22 PM, Dieu Cao <dcao(a)pivotal.io> wrote:
The cf-release v208 was released on May 12th, 2015 |
|
|
|
cf-release v208 is now available
Dieu Cao <dcao@...>
The cf-release v208 was released on May 12th, 2015
- Please see note about merge of UAA/Login server jobs below to maintain zero down time for CC and UAA for existing deployments. Runtime - [Experimental] Work continues on support for Asynchronous Service Instance Operationsdetails <https://www.pivotaltracker.com/epic/show/1561148> - Completed Improvements to Recursive Deletion of Org and Space, in support of Asynchronous Service Operations details <https://www.pivotaltracker.com/epic/show/1751766> - [Experimental] Work continues on /v3 and Application Process Types details <https://www.pivotaltracker.com/epic/show/1334418> - [Experimental] Work continues on Route API details <https://www.pivotaltracker.com/epic/show/1590160> - [Experimental] Work continues on Context Path Routes details <https://www.pivotaltracker.com/epic/show/1808212> - Work continues on support for Service Keys details <https://www.pivotaltracker.com/epic/show/1743366> - Work continues on support for Arbitrary Service Parameters details <https://www.pivotaltracker.com/epic/show/1725984> - Adjusted ephemeral disk sizes on new instance types for AWS template to be more realisticdetails <https://www.pivotaltracker.com/story/show/91780134> - Including staticfile buildpack v1.0.0 details <https://github.com/cloudfoundry/staticfile-buildpack/releases/tag/v1.0.0> - Removed separate login job from minimal aws deployment details <https://www.pivotaltracker.com/story/show/93505400> - Allow acceptance test timeouts to be set via manifest details <https://github.com/cloudfoundry/cf-release/commit/b6c1f33771213ded1cf7c982f5f6fafb3d900197> - Update default cipher list for haproxy and gorouter details <https://www.pivotaltracker.com/story/show/91129360> - Addressed tcpdump CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155details <https://www.pivotaltracker.com/story/show/93371680> - Upgrading php buildpack to v3.1.1 details <https://github.com/cloudfoundry/php-buildpack/releases/tag/v3.1.1> - Manifest templates no longer include resource pool sizes details <https://github.com/cloudfoundry/cf-release/commit/fc26ee26443d79d765df490910ea0b4c9706d6ba> - Upgrading ruby buildpack to v1.3.1 details <https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.3.1> - Bump CLI to 6.11.1 for CATS and remove darwin CLI details <https://www.pivotaltracker.com/story/show/92595438> - Upgrade cf-release to use ruby 2.1.6 and remove ruby 2.1.4 for CC, Collector, Warden, DEAdetails <https://www.pivotaltracker.com/story/show/92547532> - Addresses ruby CVE-2015-1855 - cloudfoundry/cf-release #660 <https://github.com/cloudfoundry/cf-release/pull/660>: Add security group for cf-mysql subnets to bosh-lite details <https://www.pivotaltracker.com/story/show/92658768> - Adjust VCAP_ID as endpoint/sticky cookie changes details <https://www.pivotaltracker.com/story/show/92796282> - Disable compression when creating proxy connection details <https://www.pivotaltracker.com/story/show/93362206> - cleanup regex details <https://github.com/cloudfoundry/cloud_controller_ng/commit/5257a8af6990e71cd1e34ae8978dfe4773b32826> - A space developer can create a wildcard route for private domains details <https://www.pivotaltracker.com/story/show/82612406> - Allow commands to be reset to nothing details <https://www.pivotaltracker.com/story/show/93406896> UAA Updates - Merged UAA & Login Server details <https://github.com/cloudfoundry/uaa/releases/tag/2.0.0> - Multi-tenant UAA details <https://github.com/cloudfoundry/uaa/releases/tag/2.1.0> - Registering wildcard routes for *.login and *.uaa details <https://github.com/cloudfoundry/cf-release/commit/0260567d9761700dbccde3088165121d7933e058> - Zero Downtime Upgrade Procedure - Perform the cf-release upgrade and keep number of login server of jobs the same as your existing deploy. - Change the number of Login Server Job instances to 0 and re-deploy after initial deploy completes. Note: The combination of Older Login Server jobs and the newly merged UAA/Login Server job is not supported. This should be done only for a short duration to achieve the zero downtime. The Login Server instances should be deleted via a bosh redeploy immediately after a successful upgrade Used Configuration - BOSH Version: 152 - Stemcell Version: 2889 - CC Api Version: 2.25.0 Commit summary <http://htmlpreview.github.io/?https://github.com/cloudfoundry-community/cf-docs-contrib/blob/master/release_notes/cf-208-whats-in-the-deploy.html> Compatible Diego Version - final release 1198 commit <https://github.com/cloudfoundry-incubator/diego-release/commit/f7b15f8da536eee7be696896890943dbc6202242> https://github.com/cloudfoundry/cf-release/releases/tag/v208 |
|
|
|
Re: Recipe to install Diego?
Eric Malm <emalm@...>
Hi, Tom,
toggle quoted message
Show quoted text
The Diego team does deploy Diego to AWS as part of our testing pipeline. We haven't fully published our tooling for doing so, but you can see some of our process in the deploy_diego CI script in diego-release <https://github.com/cloudfoundry-incubator/diego-release/blob/develop/scripts/ci/deploy_diego>, which uses diego-release's generate-deployment-manifest script. This script is set up differently from the generate_deployment_manifest script in cf-release, in that it takes a fixed sequence of stubs and a deployment directory as arguments instead of an infrastructure type and an arbitrary list of stubs to merge in. The full list of stubs is described in the usage message for the script, but here are the parts that should be most relevant for you to deploy Diego to AWS or OpenStack: - IaaS settings (arg #5): This is a stub that should contain an "iaas_settings" hash with several expected subfields (compilation_cloud_properties, resource_pool_cloud_properties, stemcell, subnet_configs). The manifest generation script takes these values and uses them to populate certain fields in the diego manifest's resource_pools, networks, and compilation sections. This will likely be the stub you need to customize the most for an AWS or OpenStack deployment, as this will contain all the information about the network and security group configuration for that environment. - Deployments directory (arg #7): This is a directory that should contain your CF deployment manifest as the file 'cf.yml'. The manifest generation script will extract certain values from the CF manifest so the Diego deployment can integrate correctly with various services in CF (for example, NATS and consul). - Director UUID (arg #1): This is a stub containing "director_uuid: <your-director-uuid>"; you may already have such a stub for generating your CF manifest. - Instance count overrides (arg #3): This is a stub containing any instance-count changes for the diego jobs. Depending on the size of your desired cluster, you'll want to change these values from the defaults that the manifest-generation/diego.yml template provides in the jobs section. Depending on how you wish to configure the Diego deployment, there may be some additional properties you want to add to the property-overrides stub (arg #2). I doubt you'll need to change anything in the persistent-disk overrides or additional-jobs stubs (args #4 and #6), unless you're customizing your deployment extensively. In any case, the stubs under manifest-generation/bosh-lite-stubs should give you examples to customize for your own deployment, and the manifest-generation/diego.yml template will show you which values from those stubs are consumed in manifest generation. Also, as Diego matures and becomes the principal backend for running application instances in CF, these manifest-generation patterns may change substantially. Thanks, Eric Malm, CF Runtime Diego PM On Tue, May 12, 2015 at 8:48 AM, Ken Ojiri <ozzozz(a)gmail.com> wrote:
Hi, |
|
|
|
Re: Purge files on NFS or S3?
Jon Price
Make sure you only delete the resource files, not everything...
toggle quoted message
Show quoted text
Jon Price Intel Corp. On May 11, 2015 10:05 PM, Dieu Cao <dcao(a)pivotal.io> wrote:
An option could be to just delete all the resource files on the blobstore. The effect would be that for binaries that would have been matched, they would be uploaded again on the first new push including those binaries. On Monday, May 11, 2015, John Wong <gokoproject(a)gmail.com<mailto:gokoproject(a)gmail.com>> wrote: Hi all Thanks. No I was just curious if there was a way to identify what to remove in the blobstore because I was surprised the size of my blobstore at this point. I will check what's in there (maybe James is right it is mostly resource files). I am currently using NFS. I can build a CF with S3 as my blobstore. John On Mon, May 11, 2015 at 11:36 AM, Chad Woolley <thewoolleyman(a)gmail.com> wrote: Not sure if this is what you need, but you can manually sync + delete files from a local filesystem (including NFS mount) to/from S3: http://s3tools.org/s3cmd-sync ... with `—delete-removed` option -- Chad On Sat, May 9, 2015 at 12:19 AM, James Bayer <jbayer(a)pivotal.io> wrote: _______________________________________________ cf-dev mailing list cf-dev(a)lists.cloudfoundry.org https://lists.cloudfoundry.org/mailman/listinfo/cf-dev |
|
|
|
Re: Recipe to install Diego?
Ken Ojiri
Hi,
toggle quoted message
Show quoted text
I use spiff manifest templates included by cf-release and diego-release, and generate manifests by spiff, but I usually use the manifests as reference materials. I finally adjust my own manifests by refering to spiff generated manifests, job definitions of cf-release and/or diego-release, and do try-and-error... Now, setting parameters of diego components are changing with every version, so job definitions of diego-release are essential reference. Regards, Ken Ojiri --- Ken Ojiri <ozzozz(a)gmail.com> Mitaka, Tokyo Japan On Tue, May 12, 2015 at 5:56 PM, 王天青 <wang.tianqing.cn(a)gmail.com> wrote:
Hi Ken, |
|
|
|
Scaling Java Application
Christopher Frost
When deploying a Java application to Cloud Foundry the Java memory settings
for the application are decided based on the configured memory weighting during staging. This means that, unlike other apps, if the application is scaled to give it more memory it needs to be *restage*d it to get updated Java memory settings. This has now been improved with an improved memory calculator written by Steve Powell[2]. The Memory Calculator[1] will be run during every application start to ensure the application gets up-to-date memory settings, its output is shown during staging. -----> Downloading Open JDK Like Memory Calculator 1.1.1_RELEASE from https://download.run.pivotal.io/memory-calculator/trusty/x86_64/memory-calculator-1.1.1_RELEASE (found in cache) Memory Settings: -XX:MaxMetaspaceSize=64M -XX:MetaspaceSize=64M -Xss995K -Xmx382293K -Xms382293K Then scaling the application to double the memory will result in new memory settings without having to restage the application. cf scale my-application -m 1G -Xmx768M -Xms768M -XX:MaxMetaspaceSize=104857K -XX:MetaspaceSize=104857K -Xss1M This new feature is currently available on the master branch of the buildpack [3] and will be released in due course. Chris. [1] https://github.com/cloudfoundry/java-buildpack-memory-calculator [2] https://github.com/Zteve [3] https://github.com/cloudfoundry/java-buildpack -- Christopher Frost - GoPivotal UK |
|
|
|
Scailing Java Applications
Christopher Frost
When deploying a Java application to Cloud Foundry the Java memory settings
for the application are decided based on the configured memory weighting during staging. This means that, unlike other apps, if the application is scaled to give it more memory it needs to be *restage*d it to get updated Java memory settings. This has now been improved with an improved memory calculator written by Steve Powell[2]. The Memory Calculator[1] will be run during every application start to ensure the application gets up-to-date memory settings, its output is shown during staging. -----> Downloading Open JDK Like Memory Calculator 1.1.1_RELEASE from https://download.run.pivotal.io/memory-calculator/trusty/x86_64/memory-calculator-1.1.1_RELEASE (found in cache) Memory Settings: -XX:MaxMetaspaceSize=64M -XX:MetaspaceSize=64M -Xss995K -Xmx382293K -Xms382293K Then scaling the application to double the memory will result in new memory settings without having to restage the application. cf scale my-application -m 1G -Xmx768M -Xms768M -XX:MaxMetaspaceSize=104857K -XX:MetaspaceSize=104857K -Xss1M This new feature is currently available on the master branch of the buildpack [3] and will be released in due course. Chris. [1] https://github.com/cloudfoundry/java-buildpack-memory-calculator [2] https://github.com/Zteve [3] https://github.com/cloudfoundry/java-buildpack -- Christopher Frost - Pivotal UK |
|
|
|
Follow up on multiple line log outputs in CF
George Li
Hi,
this is a follow up on the archived posting https://groups.google.com/a/cloudfoundry.org/forum/?utm_medium=email&utm_source=footer#!msg/vcap-dev/B1W6_vO0oyo/84X1eAtFsKoJ. I cannot find any new postings on that thread. I am using Cloud Foundry version "6.11.2-2a26d55-2015-04-27T21:11:44+00:00" and want to know what options I have to handle multiple line logs in a multi-tenant environment. Since multiple instances of multiple applications are all sending logs to a single Logstash server, is it best to avoid having multiple lines in my log? I can live with sticking to single line logs except for outputting exception stack trace, not to mention that I only have control over my code. Thanks. |
|
|
|
Code license question
peteb@...
Hello,
I am a software developer and was wondering what is the code license for your CloudFoundry Community Code, such as: the go cfc client: https://github.com/cloudfoundry-community/go-cfclient ? Thanks, kind regards, Piotr |
|
|