Date   

Re: Isolation Segments

Daniel Jones
 

Hmm, is there an unhealthy Diego cell in that isolation segment?

Regards,
Daniel 'Deejay' Jones - CEO
+44 (0)79 8000 9153
EngineerBetter Ltd - More than cloud platform specialists


On Thu, 16 Jul 2020 at 18:52, ross.kovelman via lists.cloudfoundry.org <ross.kovelman=merck.com@...> wrote:
Sorry about that, this would be the log

[STG/0] [OUT] [31;1m**ERROR** [0m Could not validate nginx.conf: Error copying nginx.conf: write  /tmp/conf879997043/public/privacy/cross-border-privacy-policy/js/jquery-ui.js: cannot allocate memory
 [STG/0] [ERR] Failed to compile droplet: Failed to run all supply scripts: exit status 14
 [STG/0] [OUT] Exit status 223

Cannot allocate memory, is a bit vague I guess you can say.
 


Re: Isolation Segments

ross.kovelman@...
 

Sorry about that, this would be the log

[STG/0] [OUT] **ERROR** Could not validate nginx.conf: Error copying nginx.conf: write  /tmp/conf879997043/public/privacy/cross-border-privacy-policy/js/jquery-ui.js: cannot allocate memory
 [STG/0] [ERR] Failed to compile droplet: Failed to run all supply scripts: exit status 14
 [STG/0] [OUT] Exit status 223

Cannot allocate memory, is a bit vague I guess you can say.
 


Re: Isolation Segments

Jonathan Matthews <contact+cfdev@...>
 

Hey Ross,

Given the number of moving parts involved, it’d be really useful to know precisely what you mean by “droplet stage”. 

A redacted cf push output and cf logs --recent would probably be handy, too :-)

J

On Thu, 16 Jul 2020 at 15:07, ross.kovelman via lists.cloudfoundry.org <ross.kovelman=merck.com@...> wrote:
Curious, has anyone seen a buildpack with a manifest file work in one segment, but that same app and manifest file not work in an isolation segment?  What happens is you run cf push app name, the app fails at the droplet stage, although you can still manually start the app. Do note that the underlying resources are identical, diego cells, and the buildpack is NGINX.  Adding more memory to the manifest does solve the issue, 1GB to 2 GB, but curious why more memory would be needed between two different segments.  Nothing here stands out https://docs.cloudfoundry.org/adminguide/isolation-segment-index.html. other than networking.  I am in discussions with Pivotal but wanted to see if anyone here had issues like this elsewhere?  It's just a weird problem to say the least.
--
Jonathan Matthews
https://jpluscplusm.com


Isolation Segments

ross.kovelman@...
 

Curious, has anyone seen a buildpack with a manifest file work in one segment, but that same app and manifest file not work in an isolation segment?  What happens is you run cf push app name, the app fails at the droplet stage, although you can still manually start the app. Do note that the underlying resources are identical, diego cells, and the buildpack is NGINX.  Adding more memory to the manifest does solve the issue, 1GB to 2 GB, but curious why more memory would be needed between two different segments.  Nothing here stands out https://docs.cloudfoundry.org/adminguide/isolation-segment-index.html. other than networking.  I am in discussions with Pivotal but wanted to see if anyone here had issues like this elsewhere?  It's just a weird problem to say the least.


cf-deployment minor release v13.7.0 contains vulnerability fix CVE-2020-15586

Saikiran Yerram
 

Notice

routing-release.0.203.0 release includes a fix to a security vulnerability. We recommend you upgrade your deployments immediately.

Security: Fix for CVE-2020-15586 Bump golang to version 1.14.5 with a fix in the net/http/httputil package for an issue that could cause the Gorouter to crash if a malicious client sends specially crafted HTTP requests.


If you have any questions, please reach out to us in #release-integration slack channel.



Routing-release 0.203.0 is now available

Kauana dos Santos <kdossantos@...>
 

Release Highlights

This release includes a fix to a security vulnerability. We recommend all deployments upgrade to this release asap.

  • Security: Fix for CVE-2020-15586(link). Bumps golang to version 1.14.5 with a fix in the net/http/httputil package for an issue which could cause the Gorouter to crash if a malicious client sends specially crafted HTTP requests.


Re: Office Hours: CF on K8s Networking

Dieu Cao
 

Awesome! Very excited that there'll be this new forum where folks can get engaged.

-Dieu


From: cf-dev@... <cf-dev@...> on behalf of Shannon Coen via lists.cloudfoundry.org <scoen=vmware.com@...>
Sent: Tuesday, July 14, 2020 12:37 PM
To: cf-dev@... <cf-dev@...>
Subject: [cf-dev] Office Hours: CF on K8s Networking
 
Hello CFF friends,

The CF on K8s Networking team will be hosting OSS office hours bi-weekly beginning next Wednesday, July 22. We've added the event to the CFF community calendar: https://www.cloudfoundry.org/community-calendar/.

We're working toward delivering all the same outcomes within the problem domains of traffic management and security achieved in CF for VMs, for all data paths (ingress, egress, and app-to-app), plus those that have been long requested and not yet realized. We welcome your questions, comments, collaboration, and contribution!

Best,

Shannon Coen (He/Him)
Manager, Product Management
scoen@...
875 Howard Street 5th Floor, San Francisco CA 94103
Mobile: +1.415.640.0272



Office Hours: CF on K8s Networking

Shannon Coen
 

Hello CFF friends,

The CF on K8s Networking team will be hosting OSS office hours bi-weekly beginning next Wednesday, July 22. We've added the event to the CFF community calendar: https://www.cloudfoundry.org/community-calendar/.

We're working toward delivering all the same outcomes within the problem domains of traffic management and security achieved in CF for VMs, for all data paths (ingress, egress, and app-to-app), plus those that have been long requested and not yet realized. We welcome your questions, comments, collaboration, and contribution!

Best,

Shannon Coen (He/Him)
Manager, Product Management
scoen@...
875 Howard Street 5th Floor, San Francisco CA 94103
Mobile: +1.415.640.0272



Re: CATS Migration to support CF CLI V7

Eric Promislow
 

Hello,

The PR is at https://github.com/cloudfoundry/cf-acceptance-tests/pull/423

If anyone has any concerns (or comments) on the PR, we'd appreciate if you could add them by EOD Thursday July 16.
We hope to merge it and get a new V7-based release cut by the end of the week.

Cheers,
Eric Promislow and Dave Walter, Release Integration Team


Topics? CAB call: Wednesday, July 15th @ 8AM PT / 11AM ET / 4PM CET

Troy Topnik
 

Tomorrow's meeting currently has just the regular community updates from the PMC leads and community Q&A, so it might be a bit short.

If you have something you would like to present or know of something interesting we should get on the agenda, please get in touch with me via email or Slack and we'll try to make it happen. :)

Here's the agenda document:

https://docs.google.com/document/d/1SCOlAquyUmNM-AQnekCOXiwhLs6gveTxAcduvDcW_xI/edit#

And the chat room: slack.cloudfoundry.org - join the #cab channel

Join from PC, Mac, Linux, iOS or Android: 
https://zoom.us/j/757994996 

Or iPhone one-tap :
    US: +16468769923,,757994996# or +16699006833,,757994996#
Or Telephone: Dial(for higher quality, dial a number based on your current location):
    US: +1 646 876 9923 or +1 669 900 6833 or +1 408 638 0968

Meeting ID: 757 994 996

International numbers available: 
https://zoom.us/zoomconference?m=BbM_MZowkH08pdKycQk10at13V5cLneM


TT

--
Troy Topnik
Senior Product Manager, 
SUSE Cloud Application Platform 
troy.topnik@...
 


CATS Migration to support CF CLI V7

Saikiran Yerram
 

Hello community friends,

With the recent CF CLI v7 release, we are migrating CATS to CF CLI v7 and also dropping support for CLI V6 in CATS. 

For contributing teams - You will have to update your pipelines to use a soon-to-be-released version of cf-deployment-concourse-task to run CATS with CLI v7. We will notify you when we ship CATS and cf-deployment-concourse-task releases. (If you're running CATS master, then your pipelines will break until you switch to the new concourse task. We recommend you pin to the last CATS version to avoid the disruption).

For Operators: Unless you're running CATS, it should not impact your workflows. We are updating smoke tests to be compatible with CLI v6 and v7. We will publish that release soon.

If you have any questions, please feel free to reach out to us in #cf-deployment or #cf-for-k8s slack channel.


IMPORTANT NOTICE: [staticfile-buildpack] End of Support for NGINX versions 1.17.x after 2020-08-07

Kashyap Vedurmudi <kvedurmudi@...>
 

The first release of the Staticfile buildpack after 2020-08-07 will no longer include NGINX versions 1.17.x. These NGINX versions will no longer be supported upstream[1]. Please migrate your static content apps to supported versions of NGINX before that time.


Note: As 1.17.x is the current default version of NGINX in the buildpack, the default NGINX version will be updated to 1.19.x as a part of this removal. If you’d like to use a different NGINX version, please configure your application to select that version[2].


As always, the buildpacks team is happy to answer questions you may have about this deprecation in the #buildpacks Slack channel[3].


[1] - https://nginx.org/en/download.html

[2] - https://docs.cloudfoundry.org/buildpacks/nginx/index.html

[3] - https://cloudfoundry.slack.com/archives/C02HWMDUQ


Thanks,

Kashyap Vedurmudi, Buildpacks PM




IMPORTANT NOTICE: [nginx-buildpack] End of Support for NGINX versions 1.17.x after 2020-08-07

Kashyap Vedurmudi <kvedurmudi@...>
 

The first release of the NGINX buildpack after 2020-08-07 will no longer include NGINX versions 1.17.x. These NGINX versions will no longer be supported upstream[1]. Please migrate your NGINX apps to supported versions of NGINX before that time.


Note: As 1.17.x is the current default version of NGINX in the buildpack, the default NGINX version will be updated to 1.19.x as a part of this removal. If you’d like to use a different NGINX version, please configure your application to select that version[2].


As always, the buildpacks team is happy to answer questions you may have about this deprecation in the #buildpacks Slack channel[3].


[1] - https://nginx.org/en/download.html

[2] - https://docs.cloudfoundry.org/buildpacks/nginx/index.html

[3] - https://cloudfoundry.slack.com/archives/C02HWMDUQ


Thanks,

Kashyap Vedurmudi, Buildpacks PM




IMPORTANT NOTICE: [php-buildpack] End of Support for NGINX versions 1.17.x after 2020-08-07

Kashyap Vedurmudi <kvedurmudi@...>
 

The first release of the PHP buildpack after 2020-08-07 will no longer include NGINX versions 1.17.x. These NGINX versions will no longer be supported upstream[1]. Please migrate your PHP apps to supported versions of NGINX before that time.


Note: As 1.17.x is the current default version of NGINX in the buildpack, the default NGINX version will be updated to 1.19.x as a part of this removal. If you’d like to use a different NGINX version, please configure your application to select that version[2].


As always, the buildpacks team is happy to answer questions you may have about this deprecation in the #buildpacks Slack channel[3].


[1] - https://nginx.org/en/download.html

[2] - https://docs.cloudfoundry.org/buildpacks/nginx/index.html

[3] - https://cloudfoundry.slack.com/archives/C02HWMDUQ


Thanks,

Kashyap Vedurmudi, Buildpacks PM




Routing release 0.202.0

Josh Russett
 

Hi cf-dev!

 

Routing release 0.202.0 is now available.

 

Release Highlights

  • Platform operators observe the following:
    • `X-Cf-RouterError` Response headers in application access logs
    • Gorouter logs messages when the gorouter fails to find any endpoints
    • Gorouter's log messages for retry attempts are consistent in form
  • Clarify `backend-endpoint-failed` errors in Gorouter logs by logging cause `x509: certificate has expired or is not yet valid`
  • Clarify, in the gorouter job spec,
    • that `extra_headers_to_log` property (the "HTTP headers to log") only applies to Request headers
    • how `request_timeout_in_seconds` applies to connections between the router and backend

 

 

Regards,

CloudFoundry Networking Program

 


CF-Networking and Silk release 2.31.0

Josh Russett
 

Hi cf-dev!

 

New CF-Networking and Silk releases were cut.

 

CF-Networking release highlights:

  • C2C DNS Lookups are not case-sensitive (See Issue #76)
  • Service Discovery Controller's open_files ulimit increased to 65535 (See PR #80)
  • Introduce a delay between on retries between the bosh-dns-adapter and the Service Discovery Controller (See PR #81)
  • Built with go1.14.4
  • Tested with silk-release v2.31.0

 

Silk release highlights:

  • None!
  • Tested with cf-networking-release v2.31.0

 

Regards,

CloudFoundry Networking Program


While creating user ,emails set primary is set to true while sending request but after creating in the response the primary is set with false #uaa #cf

shilpa kulkarni
 

Hi All,

I tried to create user and I passed the value true for emails primary but as response it is set primary value as false. Why the primary value does not set with true? can any one please tell about this?


Why UAA is considering username field instead of email field from uaa users table for sending reset password link ? #cf #uaa

shilpa kulkarni
 

Hi All,

while creating user I have not given email address as username  but the user is having email address in email field. when i try to check the forgot password(reset password) functionality it is not sending password reset link to that email address. So again I tried by changing the username to the proper email address  and given that email address (which is username) for sending reset password link  then the password reset link has been sent to the email address which is saved as username filed. Why UAA is considering username field instead of email field from uaa users table? Can anyone please answer to this?


While creating user ,emails set primary is set to true while sending request but after creating in the response the primary is set with false

shilpa kulkarni
 

Hi All,

I tried to create user and I passed the value true for emails primary but as response it is set primary value as false. Why the primary value does not set with true? can any one please tell about this?


cf-for-k8s Secret proposal

Saikiran Yerram
 

Hello CF community, here is the proposal from the release-integration and the credhub team about the generation and consumption of Secret passwords in cf-for-k8s. 

The proposal recommends,
  1. How contributing projects should consume sensitive information like passwords using a standardized way 
  2. The contract between the cf-for-k8s project and components 
  3. Use of QuarksSecret to generate passwords. 

You can review and comment on this doc. https://docs.google.com/document/d/1VKMVaBcIUjro_y38KwMskvqoqSXljqVcLA_CVPTHbXU/edit?usp=sharing 


Thank you!!

281 - 300 of 9377