Happy Monday,

We had a short meeting of the Buildpacks PMC today, permanent notes are at:

https://github.com/cloudfoundry/pmc-notes/blob/master/Buildpacks/2015-07-27-buildpacks.md

which I've snapshotted below.

Please note that we're going to move all Buildpacks PMC discussion to the
cf-dev@ mailing list, as discussed in today's PMC call. That is, we won't
be convening for the next month or so, and will instead communicate
transparently on the mailing list.

If you have objections or thoughts on this, please don't hesitate to reach
out to either Chip or me.

Cheers,
-mike

----

*# Buildpacks PMC Meeting 2015-06-15*

*## Agenda*

1. Update on Java Buildpack (Ryan Morgan)
2. Update on core Buildpacks and rootfs (Mike Dalessio)
3. Proposals
* `null-buildpack` deprecation
4. Open Discussion
* Moving Buildpacks PMC discussion to the mailing list

*## Attendees*

* Chip Childers, Cloud Foundry Foundation
* Stormy Peters, Cloud Foundry Foundation
* Mike Dalessio, Pivotal (PMC lead)
* Ryan Morgan, Pivotal


*## Update on Java Buildpack (Ryan Morgan)*

* Java Buildpack 3.1 released on June 25th. [Release notes](
https://github.com/cloudfoundry/java-buildpack/releases/tag/v3.1)
* Work continues on support for Hardware security devices. (Safenet Luna
security provider)
* Not much work remains in the backlog, next up is migration to Concourse


*## Update on core Buildpacks and `rootfs` (Mike Dalessio)*

*__Recent work__*

Released ruby-buildpack v1.6.0, php-buildpack v4.0.0, python-buildpack
v1.5.0, nodejs-buildpack v1.5.0 and staticfile-buildpack v1.2.1, which all
contain CF-specific precompiled binaries. (NB the go-buildpack uses
Google-built binaries and we're OK with this.)

Released binary-buildpack v1.0.1 which contains Michael Fraenkel's (IBM) PR
for Diego compatibility.

Released go-buildpack 1.5.0 with a Godeps upgrade and removal of the custom
python interpreter (now uses rootfs python).

Updates to all buildpacks to remove lucid64 binaries from manifests.
Operators can use the buildpack tooling to generate these binaries and
package their own buildpacks as they deem necessary. Note that as part of
this effort, the [binary builder][] tooling was open-sourced.

Open-sourced [concourse CI pipelines][].

[Rootfs 1.1.0][] released. Note that rootfs releases are now given version
numbers and have release notes, and the corresponding docker images are
tagged with that version number.

The team has been working on a series of spikes intended to drive towards a
technical solution for implementing shared behaviors (across buildpacks)
into shared code. This work can be followed in the Tracker backlog in the
[architecture epic][].

We moved [buildpack-packager][], [machete][], and [machete-firewall-test][]
into the `cloudfoundry` org, as they're part of our core tooling. These
were previously in the deprecated `cf-buildpacks` org or were overlooked
during the initial Foundation repository cleanup.


[binary builder]: https://github.com/cloudfoundry/binary-builder
[concourse CI pipelines]: https://github.com/cloudfoundry/buildpacks-ci
[Rootfs 1.1.0]: https://github.com/cloudfoundry/stacks/releases/tag/1.1.0
[architecture epic]: https://www.pivotaltracker.com/epic/show/1898760
[buildpack-packager]: https://github.com/cloudfoundry/buildpack-packager
[machete]: https://github.com/cloudfoundry/machete
[machete-firewall-test]:
https://github.com/cloudfoundry/machete-firewall-test


*__Upcoming work__*

The team will be experimenting with extension points to the buildpack life
cycle, for both operators and developers. Among the goals:

* allow extension of buildpack behavior by application developers without
having to fork the buildpack
* allow extension of buildpack behavior by operators which is currently not
possible

We're also considering focused sprints for individual buildpacks.


*## Proposals*

*### `null-buildpack` deprecation*

The repository `cloudfoundry-incubator/null-buildpack` has been deprecated
by the adoption of `cloudfoundry/binary-buildpack`, and so it's being
proposed to move this to the attic or to delete it.

After a brief discussion, it was decided to place this repository in
`cloudfoundry-attic`.


*## Open Discussion*

*### Moving Buildpacks PMC discussion to the mailing list*

Chip and Mike noted that attendance has not been regular at the Buildpacks
PMC. Chip suggested that perhaps the Buidpacks PMC discussion could move to
the mailing list, rather than continue to have the call.

No objections from those present. We'll try using email, rather than
waiting for a PMC call, for the next month; and we'll revisit this decision
based on feedback.

Yet another request for improved multi line log message handling. Is there
any update from the LAMB team on plans to improve this problem? There have
been several proposed solutions but I'm not aware of anything actually
making it into the LAMB tracker. It would be great if we could hear from
Erik on this issue. Does the LAMB team believe it is not an issue? Are
there plans to improve this situation? Whatever the perspective lets
discuss it as a community and see if there are any options better than the
current. I'd really like to see something turned into a tracker issue if
there are better options.

Mike

[0] http://lists.cloudfoundry.org/pipermail/cf-dev/2015-June/000423.html
[1] http://lists.cloudfoundry.org/pipermail/cf-dev/2015-May/000083.html
[2]
https://groups.google.com/a/cloudfoundry.org/forum/?utm_medium=email&utm_source=footer#!msg/vcap-dev/B1W6_vO0oyo/84X1eAtFsKoJ

On Mon, Jul 27, 2015 at 9:47 AM, Simon Johansson <simon(a)simonjohansson.com>
wrote:

This is a tricky one. Especially if you have more than one logstash
machine doing filtering as they will do filtering independently of each
other as the events come in.

The reason why CF adds a timestamp to each line is because how syslog
works, where each line is its own even.

What we tend to do in my company is to log this kind of stuff via GELF or
with Sentry.

On Mon, Jul 27, 2015 at 5:41 PM, Steve Wall <stevewallone(a)gmail.com>
wrote:

Hello,
We are sending CF logs message to an ELK stack. Multiline logs message
are broken out into several log messages in Logstash. One end per line of
the multiline log message. This is problematic when stack traces dumped to
the log. Each line of the stack trace is translated into a log message.
Trying to view this through Kibana is nearly impossible. Logstash provides
a Grok feature allowing for the manipulation of the log messages. One
common solution is to create a Grok filter that using a timestamp to
indicate when a log entry starts and to combine all lines until the next
timestamp into one log message. The problem is that CF adds a timestamp to
every line. Has anyone come up with a good Grok expression to handle
multiline log message coming out of CF?
Thanks!
Steve



_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

This is a tricky one. Especially if you have more than one logstash machine
doing filtering as they will do filtering independently of each other as
the events come in.

The reason why CF adds a timestamp to each line is because how syslog
works, where each line is its own even.

What we tend to do in my company is to log this kind of stuff via GELF or
with Sentry.

Hello,
We are sending CF logs message to an ELK stack. Multiline logs message are
broken out into several log messages in Logstash. One end per line of the
multiline log message. This is problematic when stack traces dumped to the
log. Each line of the stack trace is translated into a log message. Trying
to view this through Kibana is nearly impossible. Logstash provides a Grok
feature allowing for the manipulation of the log messages. One common
solution is to create a Grok filter that using a timestamp to indicate when
a log entry starts and to combine all lines until the next timestamp into
one log message. The problem is that CF adds a timestamp to every line. Has
anyone come up with a good Grok expression to handle multiline log message
coming out of CF?
Thanks!
Steve

On Mon, Jul 27, 2015 at 4:58 AM, Brena, Juan Antonio (ext) <
juan.brena.external(a)atos.net> wrote:

Good morning,

I have installed CF using the following installer:
*https://github.com/yudai/cf_nise_installer*
<https://github.com/yudai/cf_nise_installer>

Using the following request:

*https://api.CF_IP.xip.io/v2/info* <https://api.CF_IP.xip.io/v2/info>

Y receive the following information:

{
"name": "vcap",
"build": "2222",
"support": "http://support.cloudfoundry.com",
"version": 2,
"description": "Cloud Foundry sponsored by Pivotal",
"authorization_endpoint": "https://uaa. CF_IP.xip.io",
"token_endpoint": "https://uaa. CF_IP.xip.io",
"min_cli_version": null,
"min_recommended_cli_version": null,
"api_version": "2.25.0",
"logging_endpoint": "wss://loggregator. CF_IP.xip.io:4443"
}

I would like to know, how to get a token (Login process) to get apps:

*https://api.CF_IP.xip.io/v2/apps* <https://api.CF_IP.xip.io/v2/apps>

Many thanks in advance.

If you just want to login and use your system, install the cf cli.

https://github.com/cloudfoundry/cli/releases

Then run `cf api api.CF_IP.xip.io` followed by `cf login`. This will
prompt you for your credentials. I can't recall what that installer set's
up, but it'll be something like admin / admin or admin / admin-secret.
Check the docs, it'll probably say.

For additional help with cf, run `cf -h` to see the available commands or
`cf command -h` to get details on a particular command.


If you want to login programmatically (like if you're going to write an app
to interact with CF) then you need to go through one of the Oauth2 work
flows. If you're unfamiliar with Oauth2, google has lots of resources on
the flows and how it works.

As far as CF, a couple things to get you started...

1.) Run `CF_TRACE=true cf login` (or `set CF_TRACE=true` followed by `cf
login` on Windows) and watch the output. It'll dump the HTTP request and
response data, so you can see how the cli does it.

2.) Beyond that, more detail can be found here.

https://github.com/cloudfoundry/uaa/tree/master/docs

I have found this particular document to be useful.

https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-APIs.rst

and of course, post any follow up questions to the list.

Dan

________________________________

cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

Good morning,

I have installed CF using the following installer:
https://github.com/yudai/cf_nise_installer

Using the following request:

https://api.CF_IP.xip.io/v2/info

Y receive the following information:

{
"name": "vcap",
"build": "2222",
"support": "http://support.cloudfoundry.com",
"version": 2,
"description": "Cloud Foundry sponsored by Pivotal",
"authorization_endpoint": "https://uaa. CF_IP.xip.io",
"token_endpoint": "https://uaa. CF_IP.xip.io",
"min_cli_version": null,
"min_recommended_cli_version": null,
"api_version": "2.25.0",
"logging_endpoint": "wss://loggregator. CF_IP.xip.io:4443"
}

I would like to know, how to get a token (Login process) to get apps:

https://api.CF_IP.xip.io/v2/apps

Many thanks in advance.

Juan Antonio

This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it.
As its integrity cannot be secured on the Internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavors to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.

Este mensaje y los ficheros adjuntos pueden contener información confidencial destinada solamente a la(s) persona(s) mencionadas anteriormente y pueden estar protegidos por secreto profesional.
Si usted recibe este correo electrónico por error, gracias por informar inmediatamente al remitente y destruir el mensaje.
Al no estar asegurada la integridad de este mensaje sobre la red, Atos no se hace responsable por su contenido. Su contenido no constituye ningún compromiso para el grupo Atos, salvo ratificación escrita por ambas partes.
Aunque se esfuerza al máximo por mantener su red libre de virus, el emisor no puede garantizar nada al respecto y no será responsable de cualesquiera daños que puedan resultar de una transmisión de virus.

Happy Friday!

On behalf of the CF Core Services team I am pleased to announce v22 of cf-
mysql-release
<https://github.com/cloudfoundry/cf-mysql-release/releases/tag/v22>.

--

cf-mysql-release <https://github.com/cloudfoundry/cf-mysql-release> is a
BOSH release that delivers a MySQL-compatible DataBase-as-a-Service for
Cloud Foundry users. Through Cloud Foundry, users can provision databases
and deliver unique credentials to bound applications.

v22 is a minor update; we release regularly to make sure you have access to
all the latest features and fixes. The major changes in v22 are updated
MariaDB packages and several configuration and security changes. We're
continuing to make the included stubs easier to use, in particular there's
a new stub with this release to make it easy to customize the service
plans. We've also expanded our documentation. Please send us feedback on
how we're doing!

For all the details, please see the release notes for v22
<https://github.com/cloudfoundry/cf-mysql-release/releases/tag/v22>.

Special note for Amazon AWS users: We weren't satisfied with the difficulty
of configuring cf-mysql-release across multiple AWS AZ's, so we've put some
effort into making the stub much easier to follow. For v22, please feel
free to use this pre-release version of the stub that will appear in v23.
It's been tested and validated to work with v22:
http://bit.ly/v23-sample-aws-stub

If you'd like to know more, detailed release notes can be found on GitHub
<https://github.com/cloudfoundry/cf-mysql-release/releases/tag/v20> and
bosh.io
<http://bosh.io/releases/github.com/cloudfoundry/cf-mysql-release?version=20>.
If you'd like to know even more than that, each line contains a link to the
original story under which a feature was commissioned.

As always, we'd love to hear if you're having any problems with this
version of the software. Please open a GitHub issue
<https://github.com/cloudfoundry/cf-mysql-release/issues>. If you're
willing, we're always very happy to receive a Pull Request
<https://github.com/cloudfoundry/cf-mysql-release/pulls>.

PS - For those of who you might be wondering why we've skipped v21: A
particularly large robot in the Release Engineering Department experienced
a momentarily lapse of judgement. It did report that v21 was quite tasty,
but unfortunately no longer available for general release. We've responded
by adjusting the robot's diet and medications. Future releases should
navigate the process unharmed. We apologize for the inconvenience, and send
our condolences to v21's family and friends.

--
Marco Nicosia
Product Manager
Pivotal Software, Inc.
mnicosia(a)pivotal.io
c: 650-796-2948

I think ETags is reasonable thought as well.

--
-- Matt

James,

Yep - we're pretty much on the same page.

Only addition I would ask for is that the whitelist contain some "sensible"
defaults (eg, Trace-Id, Span-Id) that are switched on by default; since
then tight integration with tools like spring-cloud / buildpacks would work
out the box.

D

--
David Laing
logsearch.io - build your own open source cloud logging cluster
http://davidlaing.com

simon/david, did i summarize this correctly?

Spot on summarisation. :)

On Fri, Jul 24, 2015 at 5:26 PM, James Bayer <jbayer(a)pivotal.io> wrote:

shannon,

from what i'm reading here about the use case, the main interest is that a
CF operator knows that their cf installation is more deeply integrated with
a specific log parsing solution for all/many apps on that platform that
choose to use it (whether than is ELK, Zipkin, etc). it does not sound like
it is a special case with lots of variation by many different app teams on
the cf installation. rather, it sounds like this is most likely to be used
as an installation-wide option to enhance the app developer / app
operations experience.

it seems like an operator configured whitelist set of headers that get
logged with the RTR message satisfies the current needs well and is
reasonable.

if we were to find that in the future lots of variation and different app
teams on the same CF wanted to have the RTR tier log many different headers
in the access log, then we could enhance the "log the whitelist of headers
to the access log" capability to be exposed to a limited number of headers
that each route could be configured by developers to specify that would
apply in addition to the operator configured logged headers. but it sounds
like that isn't needed right now.

simon/david, did i summarize this correctly?

On Fri, Jul 24, 2015 at 7:23 AM, Simon Johansson <simon(a)simonjohansson.com

wrote:

If I understand correctly, you're proposing that an operator of

CloudFoundry configure GoRouter, which is a multi-tenant, shared service,
with knowledge specific to one or a few applications

That is indeed the proposal. In my org we work closely with the different
development streams to provide a good out of the box experience by creating
certain opt-in features that makes their life easier. This would be one of
those features, if you pass certain headers in your requests thats
standardised across the entire online organisation you will be able to
query for them in Kibana.
I understand that this is not the case in all environments.

If GoRouter logged whatever headers were included in the request,

wouldn't this satisfy your requirements?

This would indeed satisfy my requests, but as David points out("However,
not having a whitelist of headers to log opens a possible DDOS attack
vector on the GoRouter") it might now be appropriate.

Based on what you've described, the persona is the app developer.

Not necessarily, we operators are also very interested in certain headers.

so control of what is logged should be in their hands.

If one via the API could set headers that should be logged for an org,
space or application that would be magical. The need for a list of
"must-log-all-these-headers" would still be there I think as not to have to
maintain a list of these standardised headers across different objects.


On Thu, Jul 23, 2015 at 10:51 PM, Shannon Coen <scoen(a)pivotal.io> wrote:

This is not something that would be merged, as originally proposed,
without additional investigation and discussion.

If I understand correctly, you're proposing that an operator of
CloudFoundry configure GoRouter, which is a multi-tenant, shared service,
with knowledge specific to one or a few applications. This should not be an
operator responsibility, nor should the solution be specific to one or a
few applications.

The goal is "the flexibility of being able to annotate our logs with
what we consider to be important for our debugging purposes." More
specifically you're requesting logging of headers. Do you have a preference?

If GoRouter logged whatever headers were included in the request,
wouldn't this satisfy your requirements? Doesn't GoRouter do this already?

I'm interested in solving your requirement generically for all
applications, and focussing the user experience on the correct persona.
Based on what you've described, the persona is the app developer, so
control of what is logged should be in their hands. I'm also not convinced
GoRouter should have any knowledge of headers specific to one application
or another.





Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

On Wed, Jul 22, 2015 at 3:05 AM, Alex Lomov <alexander.lomov(a)altoros.com

wrote:

Some time ago routing services were discussed on a CAB [1]. Here is a
description of this proposal.

Do you think that using such service will allow your developers to
cover this requirements?

[1]
http://www.activestate.com/blog/2015/02/cloud-foundry-advisory-board-meeting-2015-february
[2]
https://docs.google.com/document/d/1bGOQxiKkmaw6uaRWGd-sXpxL0Y28d3QihcluI15FiIA/edit#heading=h.8djffzes9pnb

On Jul 21, 2015, at 4:06 PM, Simon Johansson <simon(a)simonjohansson.com>
wrote:

Howdie!

We have some devs who want to be able to trace a request troughout
their applications.

user -> a -> b -> c
|
|-> d -> e

When a user makes a request to "a" uuid is generated inside the app,
and the request to "b" from "a" will set a header(call it WAKAWAKA to
uuid), "b"'s call will passthrough WAKAWAKA to "c" and "d", "d" will
passthrough WAKAWAKA to "e". Etc.

We aggregate all RTR logs into ELK so it would be super helpful to them
to be able to filter on WAKAWAKA and get all the access logs(and app logs
aswell, they mostly use GELF so its easy for them to add whatewher field
they want) from the services involved.

I had a quick peek at the gorouter(
https://github.com/cloudfoundry/gorouter/blob/76668f5818ea8c089ff52a14fcdfbf703c8e8767/access_log/access_log_record.go#L40)
and it seems like this should be a simple PR.

1. To gorouter.yml add
passthrough_headers:
- WAKAWAKA
- X-Random-Header

2. In makeRecord at the bottom add something like(in psuedo)

data = {}
for header in passthrough_headers:
header_val = r.FormatRequestHeader("X-Forwarded-For")
if header_val:
passthrough_headers[header] = header_val

if data:
fmt.Fprintf(b, data.to_stringified_json())

That would yield a log line like
blurgh.dev.cf.private.domain.com - [21/07/2015:10:17:05 +0000] "GET
/statements?ascending=true&since=2015-06-30T14%3A10%3A03.078Z&skipStatementId=30a88204-0779-4385-9859-e4aabd30baf0
HTTP/1.1" 200 0 17 "-" "NING/1.0" 10.230.31.2:46204
x_forwarded_for:"-" vcap_request_id:1e58195a-cde6-4afd-7f03-43061c9ea91c
response_time:0.004927106 app_id:9784cd03-050d-4b74-9e90-5f17134a3f08
{"WAKAWAKA": "Space is the place", "X-Random-Header": "Once upon a midnight
dreary, while I pondered weak and weary"}

The reason for a stringified JSON is to make it easy to parse with
logstash or other loganalysis tools.

Before I spend time implementing, is this something you would merge?
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev



_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

--
Thank you,

James Bayer

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

shannon,

from what i'm reading here about the use case, the main interest is that a
CF operator knows that their cf installation is more deeply integrated with
a specific log parsing solution for all/many apps on that platform that
choose to use it (whether than is ELK, Zipkin, etc). it does not sound like
it is a special case with lots of variation by many different app teams on
the cf installation. rather, it sounds like this is most likely to be used
as an installation-wide option to enhance the app developer / app
operations experience.

it seems like an operator configured whitelist set of headers that get
logged with the RTR message satisfies the current needs well and is
reasonable.

if we were to find that in the future lots of variation and different app
teams on the same CF wanted to have the RTR tier log many different headers
in the access log, then we could enhance the "log the whitelist of headers
to the access log" capability to be exposed to a limited number of headers
that each route could be configured by developers to specify that would
apply in addition to the operator configured logged headers. but it sounds
like that isn't needed right now.

simon/david, did i summarize this correctly?

On Fri, Jul 24, 2015 at 7:23 AM, Simon Johansson <simon(a)simonjohansson.com>
wrote:

If I understand correctly, you're proposing that an operator of

CloudFoundry configure GoRouter, which is a multi-tenant, shared service,
with knowledge specific to one or a few applications

That is indeed the proposal. In my org we work closely with the different
development streams to provide a good out of the box experience by creating
certain opt-in features that makes their life easier. This would be one of
those features, if you pass certain headers in your requests thats
standardised across the entire online organisation you will be able to
query for them in Kibana.
I understand that this is not the case in all environments.

If GoRouter logged whatever headers were included in the request,

wouldn't this satisfy your requirements?

This would indeed satisfy my requests, but as David points out("However,
not having a whitelist of headers to log opens a possible DDOS attack
vector on the GoRouter") it might now be appropriate.

Based on what you've described, the persona is the app developer.

Not necessarily, we operators are also very interested in certain headers.

so control of what is logged should be in their hands.

If one via the API could set headers that should be logged for an org,
space or application that would be magical. The need for a list of
"must-log-all-these-headers" would still be there I think as not to have to
maintain a list of these standardised headers across different objects.


On Thu, Jul 23, 2015 at 10:51 PM, Shannon Coen <scoen(a)pivotal.io> wrote:

This is not something that would be merged, as originally proposed,
without additional investigation and discussion.

If I understand correctly, you're proposing that an operator of
CloudFoundry configure GoRouter, which is a multi-tenant, shared service,
with knowledge specific to one or a few applications. This should not be an
operator responsibility, nor should the solution be specific to one or a
few applications.

The goal is "the flexibility of being able to annotate our logs with
what we consider to be important for our debugging purposes." More
specifically you're requesting logging of headers. Do you have a preference?

If GoRouter logged whatever headers were included in the request,
wouldn't this satisfy your requirements? Doesn't GoRouter do this already?

I'm interested in solving your requirement generically for all
applications, and focussing the user experience on the correct persona.
Based on what you've described, the persona is the app developer, so
control of what is logged should be in their hands. I'm also not convinced
GoRouter should have any knowledge of headers specific to one application
or another.





Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

On Wed, Jul 22, 2015 at 3:05 AM, Alex Lomov <alexander.lomov(a)altoros.com>
wrote:

Some time ago routing services were discussed on a CAB [1]. Here is a
description of this proposal.

Do you think that using such service will allow your developers to cover
this requirements?

[1]
http://www.activestate.com/blog/2015/02/cloud-foundry-advisory-board-meeting-2015-february
[2]
https://docs.google.com/document/d/1bGOQxiKkmaw6uaRWGd-sXpxL0Y28d3QihcluI15FiIA/edit#heading=h.8djffzes9pnb

On Jul 21, 2015, at 4:06 PM, Simon Johansson <simon(a)simonjohansson.com>
wrote:

Howdie!

We have some devs who want to be able to trace a request troughout their
applications.

user -> a -> b -> c
|
|-> d -> e

When a user makes a request to "a" uuid is generated inside the app, and
the request to "b" from "a" will set a header(call it WAKAWAKA to uuid),
"b"'s call will passthrough WAKAWAKA to "c" and "d", "d" will passthrough
WAKAWAKA to "e". Etc.

We aggregate all RTR logs into ELK so it would be super helpful to them
to be able to filter on WAKAWAKA and get all the access logs(and app logs
aswell, they mostly use GELF so its easy for them to add whatewher field
they want) from the services involved.

I had a quick peek at the gorouter(
https://github.com/cloudfoundry/gorouter/blob/76668f5818ea8c089ff52a14fcdfbf703c8e8767/access_log/access_log_record.go#L40)
and it seems like this should be a simple PR.

1. To gorouter.yml add
passthrough_headers:
- WAKAWAKA
- X-Random-Header

2. In makeRecord at the bottom add something like(in psuedo)

data = {}
for header in passthrough_headers:
header_val = r.FormatRequestHeader("X-Forwarded-For")
if header_val:
passthrough_headers[header] = header_val

if data:
fmt.Fprintf(b, data.to_stringified_json())

That would yield a log line like
blurgh.dev.cf.private.domain.com - [21/07/2015:10:17:05 +0000] "GET
/statements?ascending=true&since=2015-06-30T14%3A10%3A03.078Z&skipStatementId=30a88204-0779-4385-9859-e4aabd30baf0
HTTP/1.1" 200 0 17 "-" "NING/1.0" 10.230.31.2:46204 x_forwarded_for:"-"
vcap_request_id:1e58195a-cde6-4afd-7f03-43061c9ea91c
response_time:0.004927106 app_id:9784cd03-050d-4b74-9e90-5f17134a3f08
{"WAKAWAKA": "Space is the place", "X-Random-Header": "Once upon a midnight
dreary, while I pondered weak and weary"}

The reason for a stringified JSON is to make it easy to parse with
logstash or other loganalysis tools.

Before I spend time implementing, is this something you would merge?
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev



_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

--
Thank you,

James Bayer

On Fri, Jul 24, 2015 at 11:17 AM, GuopingZhang <goodier_cn(a)hotmail.com>
wrote:

Dan, thanks a lot for your explanation!
So you mean, warden container can have its own sub-warden container ?

Yes. That's my understanding of it.

Dan

Guoping
------------------------------
Date: Fri, 24 Jul 2015 09:13:13 -0400
From: dmikusa(a)pivotal.io
To: cf-dev(a)lists.cloudfoundry.org
Subject: Re: [cf-dev] How cloud foundry deployed by bosh-lite manage DEA

On Fri, Jul 24, 2015 at 8:35 AM, GuopingZhang <goodier_cn(a)hotmail.com>
wrote:


I read that bosh-lite use warden as container for cloud foundry components.
I deployed two java spring apps into the local cloud foundry.

Below is my VMs (warden container), which (two) warden container is
running my 2 apps?

Or the apps are actually running as java process in my virtualbox of
unbuntu (which contains all below containers), without running inside a
warden container?


It's a little different because you're using bosh-lite. In that case, you
have one VM (probably running in Virtualbox) and that VM has some
containers on it. Those containers run the various components of CF.
Inside the DEA container (labeled "runner_z1" below), you'll find your apps
running each in it's own sub-container.

Dan





+------------------------------------+---------+---------------+--------------+
| Job/index | State | Resource Pool | IPs
|

+------------------------------------+---------+---------------+--------------+
| api_z1/0 | running | large_z1 |
10.244.0.134 |
| doppler_z1/0 | running | medium_z1 |
10.244.0.142 |
| etcd_z1/0 | running | medium_z1 |
10.244.0.42 |
| ha_proxy_z1/0 | running | router_z1 |
10.244.0.34 |
| hm9000_z1/0 | running | medium_z1 |
10.244.0.138 |
| loggregator_trafficcontroller_z1/0 | running | small_z1 |
10.244.0.146 |
| nats_z1/0 | running | medium_z1 |
10.244.0.6 |
| postgres_z1/0 | running | medium_z1 |
10.244.0.30 |
| router_z1/0 | running | router_z1 |
10.244.0.22 |
| runner_z1/0 | running | runner_z1 |
10.244.0.26 |

| uaa_z1/0 | running | medium_z1 |
10.244.0.130 |

+------------------------------------+---------+---------------+--------------+


_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev



_______________________________________________ cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

Dan, thanks a lot for your explanation!So you mean, warden container can have its own sub-warden container ?

Guoping
Date: Fri, 24 Jul 2015 09:13:13 -0400
From: dmikusa(a)pivotal.io
To: cf-dev(a)lists.cloudfoundry.org
Subject: Re: [cf-dev] How cloud foundry deployed by bosh-lite manage DEA

public static final intMAX_VALUE
<http://docs.oracle.com/javase/7/docs/api/java/lang/Integer.html#MAX_VALUE>
2147483647
that's the largest value you can set. However, I just realized, that if
you set this value, the UAA will get an overflow and the int will become
negative.


so set the value to

315 569 260


that's a 10 year expiration. the computer that retrieved that token won't
be around in 10 years so it's a safe number.

If I understand correctly, you're proposing that an operator of

CloudFoundry configure GoRouter, which is a multi-tenant, shared service,
with knowledge specific to one or a few applications

That is indeed the proposal. In my org we work closely with the different
development streams to provide a good out of the box experience by creating
certain opt-in features that makes their life easier. This would be one of
those features, if you pass certain headers in your requests thats
standardised across the entire online organisation you will be able to
query for them in Kibana.
I understand that this is not the case in all environments.

If GoRouter logged whatever headers were included in the request,

wouldn't this satisfy your requirements?

This would indeed satisfy my requests, but as David points out("However,
not having a whitelist of headers to log opens a possible DDOS attack
vector on the GoRouter") it might now be appropriate.

Based on what you've described, the persona is the app developer.

Not necessarily, we operators are also very interested in certain headers.

so control of what is logged should be in their hands.

If one via the API could set headers that should be logged for an org,
space or application that would be magical. The need for a list of
"must-log-all-these-headers" would still be there I think as not to have to
maintain a list of these standardised headers across different objects.


On Thu, Jul 23, 2015 at 10:51 PM, Shannon Coen <scoen(a)pivotal.io> wrote:

This is not something that would be merged, as originally proposed,
without additional investigation and discussion.

If I understand correctly, you're proposing that an operator of
CloudFoundry configure GoRouter, which is a multi-tenant, shared service,
with knowledge specific to one or a few applications. This should not be an
operator responsibility, nor should the solution be specific to one or a
few applications.

The goal is "the flexibility of being able to annotate our logs with what
we consider to be important for our debugging purposes." More specifically
you're requesting logging of headers. Do you have a preference?

If GoRouter logged whatever headers were included in the request, wouldn't
this satisfy your requirements? Doesn't GoRouter do this already?

I'm interested in solving your requirement generically for all
applications, and focussing the user experience on the correct persona.
Based on what you've described, the persona is the app developer, so
control of what is logged should be in their hands. I'm also not convinced
GoRouter should have any knowledge of headers specific to one application
or another.





Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

On Wed, Jul 22, 2015 at 3:05 AM, Alex Lomov <alexander.lomov(a)altoros.com>
wrote:

Some time ago routing services were discussed on a CAB [1]. Here is a
description of this proposal.

Do you think that using such service will allow your developers to cover
this requirements?

[1]
http://www.activestate.com/blog/2015/02/cloud-foundry-advisory-board-meeting-2015-february
[2]
https://docs.google.com/document/d/1bGOQxiKkmaw6uaRWGd-sXpxL0Y28d3QihcluI15FiIA/edit#heading=h.8djffzes9pnb

On Jul 21, 2015, at 4:06 PM, Simon Johansson <simon(a)simonjohansson.com>
wrote:

Howdie!

We have some devs who want to be able to trace a request troughout their
applications.

user -> a -> b -> c
|
|-> d -> e

When a user makes a request to "a" uuid is generated inside the app, and
the request to "b" from "a" will set a header(call it WAKAWAKA to uuid),
"b"'s call will passthrough WAKAWAKA to "c" and "d", "d" will passthrough
WAKAWAKA to "e". Etc.

We aggregate all RTR logs into ELK so it would be super helpful to them
to be able to filter on WAKAWAKA and get all the access logs(and app logs
aswell, they mostly use GELF so its easy for them to add whatewher field
they want) from the services involved.

I had a quick peek at the gorouter(
https://github.com/cloudfoundry/gorouter/blob/76668f5818ea8c089ff52a14fcdfbf703c8e8767/access_log/access_log_record.go#L40)
and it seems like this should be a simple PR.

1. To gorouter.yml add
passthrough_headers:
- WAKAWAKA
- X-Random-Header

2. In makeRecord at the bottom add something like(in psuedo)

data = {}
for header in passthrough_headers:
header_val = r.FormatRequestHeader("X-Forwarded-For")
if header_val:
passthrough_headers[header] = header_val

if data:
fmt.Fprintf(b, data.to_stringified_json())

That would yield a log line like
blurgh.dev.cf.private.domain.com - [21/07/2015:10:17:05 +0000] "GET
/statements?ascending=true&since=2015-06-30T14%3A10%3A03.078Z&skipStatementId=30a88204-0779-4385-9859-e4aabd30baf0
HTTP/1.1" 200 0 17 "-" "NING/1.0" 10.230.31.2:46204 x_forwarded_for:"-"
vcap_request_id:1e58195a-cde6-4afd-7f03-43061c9ea91c
response_time:0.004927106 app_id:9784cd03-050d-4b74-9e90-5f17134a3f08
{"WAKAWAKA": "Space is the place", "X-Random-Header": "Once upon a midnight
dreary, while I pondered weak and weary"}

The reason for a stringified JSON is to make it easy to parse with
logstash or other loganalysis tools.

Before I spend time implementing, is this something you would merge?
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev



_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

what an exciting effort!

lots of things work with CF, it's just a matter of curating some good
information.

maybe i can get Yudai to pair with me on some translations!

On Thu, Jul 23, 2015 at 10:41 PM, Noburou TANIGUCHI <dev(a)nota.m001.jp>
wrote:

Thank you, all.

I am very glad to see such many positive reactions.
We should consider about English version of the articles.




--
View this message in context:
http://cf-dev.70369.x6.nabble.com/cf-dev-Did-anybody-deploy-a-wiki-as-app-to-CF-tp643p873.html
Sent from the CF Dev mailing list archive at Nabble.com.
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

--
Thank you,

James Bayer

Thanks Filip.

However, everytime I set that (for example, I set it to 2542838400), I get
this:

"The request sent by the client was syntactically incorrect."

That's December 31st 2050 when decoded. Is it possible that, that number is
too large?

On Fri, Jul 24, 2015 at 8:35 AM, GuopingZhang <goodier_cn(a)hotmail.com>
wrote:

I read that bosh-lite use warden as container for cloud foundry components.
I deployed two java spring apps into the local cloud foundry.

Below is my VMs (warden container), which (two) warden container is
running my 2 apps?

Or the apps are actually running as java process in my virtualbox of
unbuntu (which contains all below containers), without running inside a
warden container?

It's a little different because you're using bosh-lite. In that case, you
have one VM (probably running in Virtualbox) and that VM has some
containers on it. Those containers run the various components of CF.
Inside the DEA container (labeled "runner_z1" below), you'll find your apps
running each in it's own sub-container.

Dan

+------------------------------------+---------+---------------+--------------+
| Job/index | State | Resource Pool | IPs
|

+------------------------------------+---------+---------------+--------------+
| api_z1/0 | running | large_z1 |
10.244.0.134 |
| doppler_z1/0 | running | medium_z1 |
10.244.0.142 |
| etcd_z1/0 | running | medium_z1 |
10.244.0.42 |
| ha_proxy_z1/0 | running | router_z1 |
10.244.0.34 |
| hm9000_z1/0 | running | medium_z1 |
10.244.0.138 |
| loggregator_trafficcontroller_z1/0 | running | small_z1 |
10.244.0.146 |
| nats_z1/0 | running | medium_z1 |
10.244.0.6 |
| postgres_z1/0 | running | medium_z1 |
10.244.0.30 |
| router_z1/0 | running | router_z1 |
10.244.0.22 |
| runner_z1/0 | running | runner_z1 |
10.244.0.26 |

| uaa_z1/0 | running | medium_z1 |

10.244.0.130 |

+------------------------------------+---------+---------------+--------------+


_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

Thank you for the answer.

I like the idea with pathing existing sources. Going to make another PR soon.

Have a good day,
Alex L.