Thanks Amit - this helps a lot.

I could argue that region is actually a pretty generic term, as it's used
in a wide range of domains from geography (parts of the world or parts of a
country) to networking and datacenters (a region as a group of IP
addresses) and even memory management in garbage collectors for example :)
... but I was also wondering about a potential confusion where our users
could just assume that region always has to be a part of the world.

So we could either make clear that region is used in its generic sense and
not necessarily a geographical region in an Abacus doc on that topic, or
attempt to find another term like cluster for example, or zone or something
else... I've created Github issue #110 [1] to help folks submit their ideas
on this.

[1] https://github.com/cloudfoundry-incubator/cf-abacus/issues/110

- Jean-Sebastien

Hi Rishi,

Thanks for your question. Let's first clarify the distinction between what
you deploy -- bosh releases (versioned packages of source code and
binaries) -- and how you deploy things -- bosh deployment (a manifest of
which releases to use, what code/binaries from those releases to place on
nodes in your deployment cluster, property/credential configuration,
networking and compute resources, etc.).

diego-release may not change, although it may be split into smaller
releases, e.g. the cc-bridge part consisting of the components which talk
to CC, and the diego runtime part consisting of components responsible for
scheduling, running, and health-monitoring containerized workloads.

cf-release will undergo heavy changes. We are currently breaking it apart
entirely, into separate releases: consul, etcd, logging-and-metrics,
identity, routing, API, nats, postgres, and existing runtime backend (DEA,
Warden, HM9k).

In addition to breaking up cf-release, we are working on cf-deployment[1],
this will give you the same ability to deploy the Cloud Foundry PaaS as you
know it today, but composed of multiple releases rather than the monolithic
cf-release. We will ensure that cf-deployment has versioning and tooling
to make it easy to deploy everything at versions that are known to work
together.

For the first major iteration of cf-deployment, it will deploy all the
existing components of cf-release, but coming from separate releases. You
can still deploy diego separately (configured to talk to the CC) as you do
today.

The second major iteration will be to leverage new BOSH features[2], such
as links, AZs, cloud config, and global networking to simplify the manifest
generation for cf-deployment. Again, you will still be able to deploy
diego separately alongside your cf deployment.

The third iteration is to fold the diego-release deployment strategies into
cf-deployment itself, so you'll have a single manifest deploying DEAs and
Diego side-by-side.

The final iteration will be to remove the DEAs from cf-deployment and stop
supporting the release that contains them.

As to your question of defaults, there are several definitions of
"default". You can set Diego to be the default backend today[3]. You have
to opt in to this, but then anyone using the platform you deployed will
have their apps run on Diego by default. Pivotal Web Services, for
example, now defaults to Diego as the backend. At some point, Diego will be
the true default backend, and you will have to opt-out of it (either at the
CC configuration level, or at the individual app level). Finally, at a
later point in time, DEAs will no longer be supported and Diego will be the
only backend option.

We are actively working on a timeline for all these things. You can see
the Diego team's public tracker has a release marker[4] for when Diego will
be capable of replacing the DEAs. After reaching that release marker,
there will be some time given for the rest of the community to switch over
before declaring end-of-life for the DEAs.

[1] https://github.com/cloudfoundry/cf-deployment
[2] https://github.com/cloudfoundry/bosh-notes/
[3]
https://github.com/cloudfoundry/cf-release/blob/v222/jobs/cloud_controller_ng/spec#L396-L398
[4] https://www.pivotaltracker.com/story/show/76376202

Thanks,
Amit, OSS Release Integration PM

Krzysztof,

Ah, OK. That explains it then. I don't believe that the cf java client
v1.x or the Maven plugin have support for the health check functions. You
would need to do that with the cf cli. Version 6.13+ has it in the core.
Older versions require the Diego-Beta plugin.

Fortunately, you only need to set the health check once. As long as your
not deleting and recreating the application, it'll remember the selection
and you should be able to continue pushing with Maven.

Thanks for pointing this out though. I'll make a note of this use case in
our migration KB.

Dan


On Wed, Oct 21, 2015 at 2:32 AM, Krzysztof Wilk <chris.m.wilk(a)gmail.com>
wrote:

Hello Dan,

In my recent log I have found the following issue:
[INFO] 2015-10-18T14:16:02.329+0200 [HEALTH] OUT healthcheck failed
[INFO] 2015-10-18T14:16:02.330+0200 [HEALTH] OUT Exit status 1

Prior attempting to push application with Maven I have disabled health
check:
cf set-health-check KrzysztofWilkCurrencyConverter none


Relevant snippet of my Maven configuration (pom.xml) looks as follows:
<plugin>
<groupId>org.cloudfoundry</groupId>
<artifactId>cf-maven-plugin</artifactId>
<version>${cloudfoundry.maven.version}</version>
<configuration>
<server>mycloudfoundry-instance</server>
<target>http://api.run.pivotal.io</target>
<org>krzysztofwilk.pl</org>
<space>development</space>
<appname>KrzysztofWilkCurrencyConverter</appname>
<url>krzysztofwilkcurrencyconverter.cfapps.io</url>
<env>
<JDBC_DB_URL>${jdbc.db.url}</JDBC_DB_URL>
<JDBC_USERNAME>${jdbc.username}</JDBC_USERNAME>
<JDBC_PASSWORD>${jdbc.password}</JDBC_PASSWORD>
</env>
<services>
<service>
<name>CurrencyConverterDB</name>
<label>MySQL</label>
<plan>spark</plan>
</service>
</services>
</configuration>
</plugin>

All variables are resolved correctly.

Should I also disable health check via Maven? How should I do it?

Best regards,
Krzysztof

Is there a way to provide a prefix to the databases?

I am using Cloudant as my database provider.

If I set the COUCHDB env var to
http:s//username:password(a)username.cloudant.com it works fine but if I set
it to https://username:password(a)username.cloudant.com/prefix- it doesn't
work. When I look at the abacus-dbclient logs I see that it appends '/'
https://username:password(a)username.cloudant.com/prefix-/abacus-collector-collected-usage-0-201510

Thanks
Rajkiran




--
View this message in context: http://cf-dev.70369.x6.nabble.com/cf-abacus-Database-Prefixes-tp2377.html
Sent from the CF Dev mailing list archive at Nabble.com.

I'm curious if region is perhaps too specific?
Perhaps some other generic word would be better so that it's not
prescriptive.

-Dieu

On Wed, Oct 21, 2015 at 10:10 AM, Jean-Sebastien Delfino <
jsdelfino(a)gmail.com> wrote:

Hi all,

If there's no objection and nobody comes up with a better idea, I'll start
to work on adding a GET /v1/regions/us/orgs/ path as discussed here
sometime today.

- Jean-Sebastien

On Tue, Oct 20, 2015 at 10:11 PM, Jean-Sebastien Delfino <
jsdelfino(a)gmail.com> wrote:

Hi Bharath,

Sorry for the delay, I didn't realize this was a question for the Abacus
project as it didn't have the [abacus] subject tag we've been using for
Abacus discussions recently. I guess from now on I'll just check all
threads just in case :)

This is a good question. With independent deployments of CF in multiple
datacenters or regions you may need to distinguish between organization
86d0482c-7208-4f2f-8606-935c080cad41 in region 'us' and the same
organization id in region 'eu' for example.

We could add another path to the API for the cases where you care about
the region with GET /v1/regions/us/orgs/86d0482c-7208-4f2f-8606-935c080cad41/...
if that helps.

I could also sympathize with another approach, where we'd say that the
organization id being a guid should truly be *globally unique*. It looks
like the the current CF guid generation algorithm doesn't *guarantee*
uniqueness across deployments [1] but combining the region with it would
make it unique. IIUC I think that's what you're suggesting.

What do others think?

[1]
http://cf-dev.70369.x6.nabble.com/cf-dev-Pointer-to-the-CF-code-that-generates-org-and-service-instance-guids-tp2192.html

- Jean-Sebastien

On Tue, Oct 20, 2015 at 11:42 AM, Bharath Sekar <bsekar14(a)gmail.com>
wrote:

Hi,
account service implementations could need additional qualifiers to
uniquely identify an organization. For example, the implementation I'm
working on needs a region along with the guid of the org.
The API to get an account given org information looks like this

GET /v1/orgs/:org_id/account

How do we want to support the additional qualifier in abacus? One
solution that I can think of is including the region in the guid. org_id
could be 'guid_region'. ex:
GET /v1/orgs/86d0482c-7208-4f2f-8606-935c080cad41_us/account
Thoughts?

I am trying to understand when will Diego become default runtime of Cloud Foundry. Latest cf-release is still using DEA and if my understanding is correct, at some stage, a new cf-release version will come out with Diego and perhaps change to v3. Do we have any ideas on when/if this will happen? Is it safe to assume that diego-release on github will slowly transition to cf-release?

Thanks.

Hi, Jean-Sebastien,

V4 UUIDs contain 122 bits of information (
https://tools.ietf.org/html/rfc4122#page-14), so there are approximately
5.3 × 10^36 distinct ones. Since the Ruby implementation that Joseph
referred to generates them randomly, we can assume them to be distributed
uniformly across the sample space. From the approximation formulas in
https://en.wikipedia.org/wiki/Birthday_problem#Cast_as_a_collision_problem,
for there to be even a one-in-a-billion probability of a collision, you
would have to be using more than 10^14 UUIDs simultaneously as organization
guids. If you have, say, only a million org guids in play, the probability
of a collision decreases to about 10^-25.

Thanks,
Eric

On Tue, Oct 20, 2015 at 10:28 PM, Jean-Sebastien Delfino <
jsdelfino(a)gmail.com> wrote:

Thanks that helps. I have a few follow up questions:

Can you quantify 'mathematically incredibly likely'?

How do you guarantee uniqueness for a single deployment (since AIUI
they're generated randomly)? Are you using the CC database for that?

What would it take to guarantee uniqueness across deployments? (I'm asking
as cloud platforms out there usually run in several datacenters or regions,
i.e. multiple deployments, so to me it would make sense to provide a way to
implement that guarantee, for example by allowing the uuid to be generated
from a namespace/name like described in RFC 4122 section 4.3 [1], but
there's probably many other ways to do this...)

[1] https://www.ietf.org/rfc/rfc4122.txt

Thanks!

- Jean-Sebastien

On Fri, Oct 9, 2015 at 11:08 PM, CF Runtime <cfruntime(a)gmail.com> wrote:

Org and Service Instance guids are generated by the Cloud Controller. It
simply uses the SecureRandom.uuid ruby method:
http://docs.ruby-lang.org/en/2.2.0/SecureRandom.html#method-c-uuid

SecureRandom.uuid implements RFC 4122 and generates guids randomly. The
guids for orgs are guaranteed to be unique for a single deployment, and
mathematically incredibly likely to be unique across all deployments.

Joseph
CF Release Integration Team

On Fri, Oct 9, 2015 at 2:51 PM, Jean-Sebastien Delfino <
jsdelfino(a)gmail.com> wrote:

Hi all,

Could somebody from the CF team point me to the CF code that generates
org and service instance guids?

Are the generated guids globally unique across multiple
deployments/instances of CF? or only unique within a single instance of CF?

Thanks!

- Jean-Sebastien

Hi all,

If there's no objection and nobody comes up with a better idea, I'll start
to work on adding a GET /v1/regions/us/orgs/ path as discussed here
sometime today.

- Jean-Sebastien

On Tue, Oct 20, 2015 at 10:11 PM, Jean-Sebastien Delfino <
jsdelfino(a)gmail.com> wrote:

Hi Bharath,

Sorry for the delay, I didn't realize this was a question for the Abacus
project as it didn't have the [abacus] subject tag we've been using for
Abacus discussions recently. I guess from now on I'll just check all
threads just in case :)

This is a good question. With independent deployments of CF in multiple
datacenters or regions you may need to distinguish between organization
86d0482c-7208-4f2f-8606-935c080cad41 in region 'us' and the same
organization id in region 'eu' for example.

We could add another path to the API for the cases where you care about
the region with GET /v1/regions/us/orgs/86d0482c-7208-4f2f-8606-935c080cad41/...
if that helps.

I could also sympathize with another approach, where we'd say that the
organization id being a guid should truly be *globally unique*. It looks
like the the current CF guid generation algorithm doesn't *guarantee*
uniqueness across deployments [1] but combining the region with it would
make it unique. IIUC I think that's what you're suggesting.

What do others think?

[1]
http://cf-dev.70369.x6.nabble.com/cf-dev-Pointer-to-the-CF-code-that-generates-org-and-service-instance-guids-tp2192.html

- Jean-Sebastien

On Tue, Oct 20, 2015 at 11:42 AM, Bharath Sekar <bsekar14(a)gmail.com>
wrote:

Hi,
account service implementations could need additional qualifiers to
uniquely identify an organization. For example, the implementation I'm
working on needs a region along with the guid of the org.
The API to get an account given org information looks like this

GET /v1/orgs/:org_id/account

How do we want to support the additional qualifier in abacus? One
solution that I can think of is including the region in the guid. org_id
could be 'guid_region'. ex:
GET /v1/orgs/86d0482c-7208-4f2f-8606-935c080cad41_us/account
Thoughts?

I'm having an issue where after a day or two or running, the health manager
is getting stuck in a bad state and doesn't display the state of apps
correctly. The logs show messages like this: "Store is not fresh -
Error:Actual and desired state are not fresh" and "Daemon returned an
error. Continuining... - Error:Actual and desired state are not fresh".

Restarting the process fixes the issue, but I'm wondering how to avoid this
problem altogether. Is this a known issue?

No, that is 100 as in 100 log lines. Given that a log line is transported
as a UDP package and the UDP max package size is 64k, with a buffer of 100
log lines you require 6.3MB of memory per app on your Doppler server.

Hi,

doing some tests, I detected in my testing environment the following scenario:

Error: the string "{\n \"code\": 100005,\n \"description\": \"You have ex
ceeded your organization's memory limit.\",\n \"error_code\": \"CF-AppMemoryQuo
taExceeded\"\n}\n" was thrown, throw an Error :)

Does exist some REST Call to know if the org/space has reached the limit?

Many thanks in advance

Juan Antonio

Hi Matthew,

many thanks for the technical explanation.

In my tests, I discovered that at the moment it is compatible to get access using this field:
"authorization_endpoint":"https://login.run.pivotal.io"
"authorization_endpoint":"https://login.eu-gb.bluemix.net/UAALoginServerWAR"

Cheers

Juan Antonio

On Tue, Oct 20, 2015 at 10:19 PM, v Bailey <v2bailey(a)gmail.com> wrote:

I am totally green about asking the proper question so here's what I'm
researching...

I'm a decently adept web designer who specializes in WordPress. I would
like to pursue some larger clients and offer to move their sites to the
cloud (as well as perform their makeovers, of course) but in a couple of
cases, the organizations have multiple branches, each with their own
website, and it seems to make sense to use Multisite instead of individual
websites. That said, I've never used Multisite so my concern is how does
it work to create multiple websites+database for a single client...on the
cloud?

If you have a little experience with the command prompt or a terminal it's
fairly easy to create multiple sites and even services using Cloud
Foundry. This document gives you a quick overview of the cf cli.

http://docs.cloudfoundry.org/devguide/installcf/whats-new-v6.html

The main task to run your application on CF is called "cf push". You can
see more about that here.

http://docs.cloudfoundry.org/devguide/installcf/whats-new-v6.html#push

And there's a walkthrough of deploying an app here.

http://docs.cloudfoundry.org/devguide/deploy-apps/deploy-app.html

In regards to databases, you can also create those with the cf client.
This document has some instructions on that.

https://docs.cloudfoundry.org/devguide/services/managing-services.html

Since you mentioned Wordpress, you might find this blog post useful. It
walks through running Wordpress on CF.


http://blog.pivotal.io/pivotal-cloud-foundry/products/getting-started-with-wordpress-on-cloud-foundry

I suspect I should be asking more but since I don't entirely understand
what the setup should be I'll start with a simple initial question. I'd
LOVE to hear some insight into how to setup these kind of clients.

Please be gentle with me, I bruise easy. Simple explanations get more
mileage with me. Thank you kindly in advance!!

The best thing would be to sign up for an account with a public CF provider
(PWS, Bluemix, AnyNines, etc...). It's pretty easy and most offer free
trials. That would allow you to play around with deploying an app or two
to CF and get used to the cf client.

Hope that helps!

Dan

Now that I've had a cup of coffee, I should clarify that the links may not
be present in future deployments so if you're looking to redirect to a
graphical page, you may not be able to do that directly. You may also run
into deployments that have not changed the default link values so they
point to the wrong target...

Perhaps what you really want to pursue is the use of the OAuth based flows
and register your application so clients will automatically be redirected
to authenticate and approve your application to act on their behalf. If you
go with that mechanism, you'll be in line with everything else.

On Wed, Oct 21, 2015 at 6:42 AM, Matthew Sykes <matthew.sykes(a)gmail.com>
wrote:

Because Bluemix, like many other installations, uses a custom login server
to provide additional integration points and branding for its users.

Not too long ago, login and UAA were separate jobs and vendors like IBM
would deploy their own login server per a documented contract with the UAA.
Then the UAA team decided to merge UAA and Login to make some things easier
for the team to manage in the code base.

When that merge happened, vendors could still deploy their own login
server but there was no way to completely disable the one inside of the
UAA. Instead vendors could simply advertise links to the custom login
server.

In addition to the fact that the login endpoint in the UAA cannot be
disabled, it includes a fair amount of branding that can't be completely
removed or replaced without forking the UAA so there are definitely some
side effects. This topic has been raised with the Identity team a few times
- most recently during the PMC yesterday.

If you want those advertised links, you can hit the /info (or /login)
endpoint on the UAA with an 'Accept: application/json' header:

```
$ curl -s -H 'Accept: application/json' https://uaa.eu-gb.bluemix.net/info
| jq .links.login
"https://login.eu-gb.bluemix.net"
```

That pattern should work across all providers. Hope that helps a bit.

On Wed, Oct 21, 2015 at 4:06 AM, Juan Antonio Breña Moral <
bren(a)juanantonio.info> wrote:

I am doing some tests to get the token required in any operation using CF
API and yesterday, I noticed a difference between the login process in
Pivotal and the same process in Bluemix.

CF API in Pivotal:
https://api.run.pivotal.io/v2/info

has defined a URL to get token:
"token_endpoint":"https://uaa.run.pivotal.io"

and Bluemix has the same behaviour:
https://api.eu-gb.bluemix.net/v2/info
"token_endpoint":"https://uaa.eu-gb.bluemix.net"

In Pivotal and using local instance from CF, it is possible to
authenticate with the URL:
https://uaa.run.pivotal.io/login

but in bluemix:
http://uaa.eu-gb.bluemix.net/login

I can't do the same thing.

Using the field: authorization_endpoint from:
https://api.eu-gb.bluemix.net/v2/info
"authorization_endpoint":"
https://login.eu-gb.bluemix.net/UAALoginServerWAR" it is possible to get
token but why in bluemix the auth process using the UAA is disabled or it
is not running in the same way that other CF instances?
http://uaa.eu-gb.bluemix.net/login

Juan Antonio

--
Matthew Sykes
matthew.sykes(a)gmail.com

--
Matthew Sykes
matthew.sykes(a)gmail.com

Sounds like the path is probably not setup correctly in the java launcher.
You should dump your path before attempting to run `cf` and make sure the
directory that contains it is actually on the PATH.

System.out.println(System.getenv("PATH"));

--
Matthew Sykes
matthew.sykes(a)gmail.com

Because Bluemix, like many other installations, uses a custom login server
to provide additional integration points and branding for its users.

Not too long ago, login and UAA were separate jobs and vendors like IBM
would deploy their own login server per a documented contract with the UAA.
Then the UAA team decided to merge UAA and Login to make some things easier
for the team to manage in the code base.

When that merge happened, vendors could still deploy their own login server
but there was no way to completely disable the one inside of the UAA.
Instead vendors could simply advertise links to the custom login server.

In addition to the fact that the login endpoint in the UAA cannot be
disabled, it includes a fair amount of branding that can't be completely
removed or replaced without forking the UAA so there are definitely some
side effects. This topic has been raised with the Identity team a few times
- most recently during the PMC yesterday.

If you want those advertised links, you can hit the /info (or /login)
endpoint on the UAA with an 'Accept: application/json' header:

```
$ curl -s -H 'Accept: application/json' https://uaa.eu-gb.bluemix.net/info
| jq .links.login
"https://login.eu-gb.bluemix.net"
```

That pattern should work across all providers. Hope that helps a bit.

On Wed, Oct 21, 2015 at 4:06 AM, Juan Antonio Breña Moral <
bren(a)juanantonio.info> wrote:

I am doing some tests to get the token required in any operation using CF
API and yesterday, I noticed a difference between the login process in
Pivotal and the same process in Bluemix.

CF API in Pivotal:
https://api.run.pivotal.io/v2/info

has defined a URL to get token:
"token_endpoint":"https://uaa.run.pivotal.io"

and Bluemix has the same behaviour:
https://api.eu-gb.bluemix.net/v2/info
"token_endpoint":"https://uaa.eu-gb.bluemix.net"

In Pivotal and using local instance from CF, it is possible to
authenticate with the URL:
https://uaa.run.pivotal.io/login

but in bluemix:
http://uaa.eu-gb.bluemix.net/login

I can't do the same thing.

Using the field: authorization_endpoint from:
https://api.eu-gb.bluemix.net/v2/info
"authorization_endpoint":"
https://login.eu-gb.bluemix.net/UAALoginServerWAR" it is possible to get
token but why in bluemix the auth process using the UAA is disabled or it
is not running in the same way that other CF instances?
http://uaa.eu-gb.bluemix.net/login

Juan Antonio

--
Matthew Sykes
matthew.sykes(a)gmail.com

Hi Michael,

We have the same issue now. How did you resolve this problem?

Regards,
Mehran

I am doing some tests to get the token required in any operation using CF API and yesterday, I noticed a difference between the login process in Pivotal and the same process in Bluemix.

CF API in Pivotal:
https://api.run.pivotal.io/v2/info

has defined a URL to get token:
"token_endpoint":"https://uaa.run.pivotal.io"

and Bluemix has the same behaviour:
https://api.eu-gb.bluemix.net/v2/info
"token_endpoint":"https://uaa.eu-gb.bluemix.net"

In Pivotal and using local instance from CF, it is possible to authenticate with the URL:
https://uaa.run.pivotal.io/login

but in bluemix:
http://uaa.eu-gb.bluemix.net/login

I can't do the same thing.

Using the field: authorization_endpoint from: https://api.eu-gb.bluemix.net/v2/info
"authorization_endpoint":"https://login.eu-gb.bluemix.net/UAALoginServerWAR" it is possible to get token but why in bluemix the auth process using the UAA is disabled or it is not running in the same way that other CF instances?
http://uaa.eu-gb.bluemix.net/login

Juan Antonio