|
Re: Open sourcing our S3 service broker
Gwenn Etourneau
Maybe as the same we have for bosh release (bosh.io) we can create
brokers.cloudfoundry.org On Wed, Oct 21, 2015 at 6:29 AM, David Ehringer <david.ehringer(a)gmail.com> wrote: I think discovery mechanism would be very valuable, especially in cases |
|
|
|
Re: Defining a singular plan for all services
Shannon Coen
Hello Kayode,
toggle quoted message
Show quoted text
So glad to hear you're building a broker for your API Gateway! If your broker offers multiple services, and/or multiple plans of a service, it is up to you as the broker author to expose all of these plans individually in the catalog endpoint [1]. The Service Broker API doesn't support the notion of a "default plan" shared by multiple services because, while plans may have metadata in common, every plan must have a unique identifier. As Cloud Foundry is not prescriptive about implementation or deployment of your broker, mention of settings.yml is a bit confusing. While you may use a configuration file called settings.yml, another service broker author may use a very different mechanism for configuration. [1] http://docs.cloudfoundry.org/services/api.html#catalog-mgmt Warm regards, Shannon Coen Product Manager, Cloud Foundry Pivotal, Inc. On Mon, Oct 19, 2015 at 6:17 AM, Kayode Odeyemi <dreyemi(a)gmail.com> wrote:
A custom built service. |
|
|
|
Re: Open sourcing our S3 service broker
David Ehringer
I think discovery mechanism would be very valuable, especially in cases like this where there was already an S3 service broker open sourced last year: https://github.com/cloudfoundry-community/s3-cf-service-broker . Not sure if this meets the same needs but it would be great for people to be able to find existing broker projects they can contribute enhancements to if it makes sense rather than duplicate effort, let alone those just interested in running brokers.
I would be interested in working on something although I'm not sure how much bandwidth I have to contribute at the moment. I'm assuming whatever is built could be hosted in a public CF instance just like plugins.cloudfoundry.org? If dynamic features like reviews were desired and to be supported, would any specific database services be available for use? |
|
|
|
Re: Open sourcing our S3 service broker
Shannon Coen
Awesome! Thank you for the contribution.
toggle quoted message
Show quoted text
Would love to see brokers be more easily discoverable. Would someone from the community have the bandwidth to develop a site to make brokered services for CF discoverable? I'm thinking reviews, commercial vs OSS, logos, deployment strategy, links to install instructions, etc. Best, Shannon Shannon Coen Product Manager, Cloud Foundry Pivotal, Inc. On Tue, Oct 20, 2015 at 11:58 AM, Eric Poelke <epoelke(a)gmail.com> wrote:
Throwing our S3 service broker out there for others that may find it |
|
|
|
Open sourcing our S3 service broker
Eric Poelke
Throwing our S3 service broker out there for others that may find it useful --
https://github.com/epoelke/s3-service-broker Currently has default plans for most regions as well as location constraint support for buckets created in those regions. IAM users get created for each bucket, as well as a access policy that restricts the user to only the bucket created for the user. API keys and endpoints are returned as VCAP credentials when binding the service to an app. |
|
|
|
region qualifier for organizations
Bharath Sekar
Hi,
account service implementations could need additional qualifiers to uniquely identify an organization. For example, the implementation I'm working on needs a region along with the guid of the org. The API to get an account given org information looks like this GET /v1/orgs/:org_id/account How do we want to support the additional qualifier in abacus? One solution that I can think of is including the region in the guid. org_id could be 'guid_region'. ex: GET /v1/orgs/86d0482c-7208-4f2f-8606-935c080cad41_us/account Thoughts? |
|
|
|
Action Required : UAA Backwards Compatibility for OpenID Connect ID Token Response Type
Sree Tummidi
Hi All,
Starting with *CF Release 220*, we have added OpenID Connect ID Token support in UAA. Currently this feature is *disabled* by default to remain fully backwards compatible. uaa.id_token.disable description: When set to true, requests to /oauth/authorize will ignore the response_type=id_token parameter *default: true* Our plan is to provide a *30 Day window *(roughly cf-release slated for 2nd week of November) for Service Authors and other integrators using UAA as the token server. We will be removing the feature flag and support ID token response by default after 2nd week of November *Action Required:* 1. If you have a custom implementation of OAuth client, please update the parsing logic to handle the response of the /oauth/authorize endpoint. The main change is that the Location header will have a Fragment (#) and not a Query String (?). *See [1] below* 2. If you are using the cf-uaa-lib <https://github.com/cloudfoundry/cf-uaa-lib>, Please update to version *3.2.4* 3. If you are using a third party library for OAuth/OpenID Connect, most likely it already supports parsing the response properly and there is no action required. Please test your Services or Application using UAA with the *uaa.id_token.disable* set to *false* *[1] Details* During invokation of the /oauth/authorize URL, the normal process is to specify response_type=code Some libraries have been specifying response_type=code+id_token This is a OpenID Connect extension. Previously the UAA ignored the id_token response_type, but now we have added support. This changes the response of the /oauth/authorize. The main change is that the Location header will have a Fragment (#) and not a Query String (?) $ uaac target http://login. <http://login.identity.cf-app.com/> {system-domain} $ uaac token owner get cf marissa -s "" -p koala $ uaac curl " <http://login.identity.cf-app.com/oauth/authorize?grant_type=authorization_code&> http://login. <http://login.identity.cf-app.com/>{system-domain} /oauth/authorize?grant_type=authorization_code&response_type=code &client_id=ssh-proxy&redirect_uri=http://localhost" $ uaac curl "http://login. <http://login.identity.cf-app.com/> {system-domain}/oauth/authorize?grant_type=authorization_code& <http://login.identity.cf-app.com/oauth/authorize?grant_type=authorization_code&> response_type=code+id_token&client_id=ssh-proxy&redirect_uri= http://localhost" Location: http://localhost?code=5G9Rm1 *response_type=code+id_token* Location: http://localhost# token_type=bearer&id_token=eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIwMjJmMGUzOC0xNTZlLTRjY2EtYTFmMS1kMGMwNTNkMDY1ZGMiLCJ1c2VyX25hbWUiOiJtYXJpc3NhIiwib3JpZ2luIjoibGRhcCIsImlzcyI6Imh0dHBzOi8vdWFhLmlkZW50aXR5LmNmLWFwcC5jb20vb2F1dGgvdG9rZW4iLCJjbGllbnRfaWQiOiJzc2gtcHJveHkiLCJhdWQiOlsic3NoLXByb3h5Il0sInppZCI6InVhYSIsImdyYW50X3R5cGUiOiJhdXRob3JpemF0aW9uX2NvZGUiLCJ1c2VyX2lkIjoiMDIyZjBlMzgtMTU2ZS00Y2NhLWExZjEtZDBjMDUzZDA2NWRjIiwiYXpwIjoic3NoLXByb3h5Iiwic2NvcGUiOlsib3BlbmlkIl0sImV4cCI6MTQ0MjQ2NDM5MSwiaWF0IjoxNDQyNDIxMTkxLCJqdGkiOiI2ZTBmOThlZS02YzNjLTQzN2UtOGYzZi0yNjE2ZDZhM2U2NzkiLCJlbWFpbCI6Im1hcmlzc2FAdGVzdC5jb20iLCJyZXZfc2lnIjoiZGJlYjYxN2UiLCJjaWQiOiJzc2gtcHJveHkifQ.AQtGa5N9QW47jAehCEIz9K46yNTIJpK5SKrp5IqAZ2AqZhNLzwryLw0wJmZkZ3v3wXqpwm_IryJnJmzui0hsM8ZYsyeDjtGtmd35QjxBe785nVGe2GZeyVQ0CqLNW1C7w34VCnvSfIxo8ecstaS4O0MkBxjQR0CQRQ3XHS4RIJg& code=aGp5Ig &expires_in=43199&scope=cloud_controller.read%20cloud_controller.write%20openid&jti=6e0f98ee-6c3c-437e-8f3f-2616d6a3e679 Thanks, Sree Tummidi Sr. Product Manager Identity - Pivotal Cloud Foundry |
|
|
|
Re: How to specify "no default shared domain" in the cf-deployment-manifest.yml?
Amit Kumar Gupta
Hi Jim,
toggle quoted message
Show quoted text
Try setting the `app_domains` property in your manifest to an empty array. Cheers, Amit On Mon, Oct 19, 2015 at 7:05 PM, Jim Lin <jimlintw922(a)gmail.com> wrote:
Hi all |
|
|
|
Re: Some results running CloudController under JRuby
Hi,
Dieu wrote:
> Would be interested to see how this performs on aws or on soft layer.
Good point - is there an AWS envrionment we could use? We'll look into Softlayer.
> Also, were you able to run CATS?
We did not attempt to run CATS, because we focused on one endpoint. There others would probably not have functioned.
> Or is more work needed to deal with NATS etc?
More work is certainly needed for that. We haven't bothered so far to update the depencencies we have 'patched' for the spike.
> Other pros/cons that you've found?
Pros not mentioned yet:
- There are a lot more tools to run and monitor JVM based applications.
- JRuby in interpreted mode did not seem to be slower, in terms of development workflow. Cons:
- JRruby is an additional layer (of complexity) on top of Ruby
- JRuby is still more in a niche Amit wrote:
> what are differences to pre-packaging dependencies?
> any differences in pre-packaging time? > what differences for packaging/compilation dependencies? Our approach was minimal; we captured code changes to CC and dependencies that need updates on a branch. Those changes would need to be translated into packaging.
From our spike, we think that the (pre-) packaging would be similar to how UAA handles the OpenJDK. JRuby itself goes on top of that, and is simply an additional unzip command.
Some gems will need updates to work with JRuby, (see Gemfile in the branch). Mostly around yaml support, thin, and NATS.
> any difference in packaging/compilation time?
We did not measure times. From a Ruby perspective, JRuby did not feel different. The Ruby-to-Java compilation can happen in two modes; interpreted and compiled. We only worked in the interpreted mode. In compiled, the Ruby code is compiled to Java upfront, which should lead to further improvements.
> there are going to be some new job and packages blobs, and maybe some old ones go away? what are the size differences?
We can re-use OpenJDK from UAA. JRuby is a 40 MiB download, where we can eliminate samples etc., so probably 30 MiB in addition.
> any changes to start-up or update times during bosh deploy/update?
Sorry, we did not measure this, either ;-)
Regards
Marc & Steffen
----- Original message ----- |
|
|
|
Re: How to explicitly specify the password for the account admin?
Jim Lin <jimlintw922@...>
It works!. Thanks!
|
|
|
|
Re: CF-RELEASE v202 UPLOAD ERROR
James Bayer
sometimes a message like that is due to networking issues. does the bosh
director and the VM it is creating have an available network path to reach each other? sometimes ssh'ing in to the VM that is identified can yield more debug clues. On Tue, Oct 20, 2015 at 5:09 AM, Parthiban Annadurai <senjiparthi(a)gmail.com> wrote: Thanks Bharath and Amit for the helpful solutions. I have surpassed that -- Thank you, James Bayer |
|
|
|
Re: CF-RELEASE v202 UPLOAD ERROR
Parthiban Annadurai <senjiparthi@...>
Thanks Bharath and Amit for the helpful solutions. I have surpassed that
toggle quoted message
Show quoted text
error. Now, bosh deploy strucks like in attached image. Could you anyone please? Regards Parthiban A On 20 October 2015 at 11:57, Amit Gupta <agupta(a)pivotal.io> wrote:
Bharath, I think you mean to increase the *disk* size on the compilation |
|
|
|
Re: Doubt: Filter 2 Service Bindings with 2 parameters
Juan Antonio Breña Moral <bren at juanantonio.info...>
Hi,
this is a possibility. I could find the information using this REST CALL. I have found another way: http://apidocs.cloudfoundry.org/221/user_provided_service_instances/list_all_service_bindings_for_the_user_provided_service_instance.html Many thanks for the clue. |
|
|
|
Configured SSL/TLS for Cloud Foundry 170 release
Pravin Mishra <pravinmishra88@...>
Hello All,
We have deployed Cloudfoundry 170 and Configured SSL/TLS. <https://johnpfield.wordpress.com/2014/09/10/configuring-ssltls-for-cloud-foundry/> - Deployment is successful - Able to login - Able to create Organization/Space When deploying a application then getting below Warning: Warning: error tailing logs Unauthorized error: You are not authorized. message:"Error: Invalid authorization" message_type:ERR timestamp:1445336917813794880 app_id:"07841692-f22e-4caa-8a86-edf999d15817" source_name:"LGR" Then Error: FAILED TIP: use 'cf logs railswithoutdb --recent' for more information When tracing logs then: FAILED Unauthorized error: You are not authorized. message:"Error: Invalid authorization" message_type:ERR timestamp:1445337478878348487 app_id:"07841692-f22e-4caa-8a86-edf999d15817" source_name:"LGR" Note: I am pushing application using Admin user. Best Regards, Pravin Mishra <https://johnpfield.wordpress.com/2014/09/10/configuring-ssltls-for-cloud-foundry/> |
|
|
|
Re: Cloud Foundry being used for an EU social learning games platform
Juan Antonio Breña Moral <bren at juanantonio.info...>
Good morning Gwenn
Can you add more details about your question? WebApp uploads to middleware the file and later it is sent to CF Instance using the API: http://apidocs.cloudfoundry.org/221/apps/uploads_the_bits_for_an_app.html You have many tests here: https://github.com/prosociallearnEU/cf-nodejs-client/blob/master/test/lib/model/UploadAppsTests.js I have tested the feature uploading large zips (applications with 300MB) Currently,I have tested with static apps and node.js apps but I will add more tests for other buildpacks (python, java, php & ruby) |
|
|
|
Re: REST API endpoint for accessing application logs
Juan Antonio Breña Moral <bren at juanantonio.info...>
You have an example here:
https://github.com/prosociallearnEU/cf-nodejs-client/blob/master/lib/model/Logs.js https://github.com/prosociallearnEU/cf-nodejs-client/blob/master/test/lib/model/LogTests.js it is possible to not use websockets replacing some parts in the URL: https://loggregator.YOUR_IP.xip.io + '/recent?app=' + app_guid Juan Antonio |
|
|
|
Re: [cf-bosh] cf-services-contrib does not support cf v2
Dieu Cao <dcao@...>
Yes, we plan to fully remove support for v1 service brokers at the end of
toggle quoted message
Show quoted text
the year. On Mon, Oct 19, 2015 at 6:11 PM, Marco Nicosia <mnicosia(a)pivotal.io> wrote:
Hi Remi, |
|
|
|
Re: Doubt: Filter 2 Service Bindings with 2 parameters
Dieu Cao <dcao@...>
Have you tried using the nested end point?
http://apidocs.cloudfoundry.org/221/apps/list_all_service_bindings_for_the_app.html -Dieu CF CAPI PM On Mon, Oct 19, 2015 at 8:19 AM, Juan Antonio Breña Moral < bren(a)juanantonio.info> wrote: Hi, |
|
|
|
Re: CF-RELEASE v202 UPLOAD ERROR
Amit Kumar Gupta
Bharath, I think you mean to increase the *disk* size on the compilation
toggle quoted message
Show quoted text
VMs, not the memory size. Parthiban, the error message is happening during compiling, saying "No space left on device". This means your compilation VMs are running out of space on disk. This means you need to increase the allocated disk for your compilation VMs. In the "compilation" section of your deployment manifest, you can specify "cloud_properties". This is where you will specify disk size. These "cloud_properties" look the same as the could_properties specified for a resource pool. Depending on your IaaS, the structure of the cloud_properties section differs. See here: https://bosh.io/docs/deployment-manifest.html#resource-pools-cloud-properties On Mon, Oct 19, 2015 at 11:13 PM, Bharath Posa <bharathp(a)vedams.com> wrote:
hi parthiban |
|
|
|
Re: CF-RELEASE v202 UPLOAD ERROR
Bharath
hi parthiban
It seems you are running out of space in your vm in which you are compiling . try to increase the size of memory in your compilation vm . regards Bharath On Mon, Oct 19, 2015 at 7:39 PM, Parthiban Annadurai <senjiparthi(a)gmail.com> wrote: Hello All, |
|
|
