|
Logstash and Multiline Log Entry
Hello,
We are sending CF logs message to an ELK stack. Multiline logs message are
broken out into several log messages in Logstash. One end per line of the
multiline log message. This is problematic when stack traces dumped to the
log. Each line of the stack trace is translated into a log message. Trying
to view this through Kibana is nearly impossible. Logstash provides a Grok
feature allowing for the manipulation of the log messages. One common
solution is to create a Grok filter that using a timestamp to indicate when
a log entry starts and to combine all lines until the next timestamp into
one log message. The problem is that CF adds a timestamp to every line. Has
anyone come up with a good Grok expression to handle multiline log message
coming out of CF?
Thanks!
Steve
|
|
|
Re: CF // Login using REST API
On Mon, Jul 27, 2015 at 4:58 AM, Brena, Juan Antonio (ext) < juan.brena.external(a)atos.net> wrote: Good morning,
I have installed CF using the following installer:
*https://github.com/yudai/cf_nise_installer*
<https://github.com/yudai/cf_nise_installer>
Using the following request:
*https://api.CF_IP.xip.io/v2/info* <https://api.CF_IP.xip.io/v2/info>
Y receive the following information:
{
"name": "vcap",
"build": "2222",
"support": "http://support.cloudfoundry.com",
"version": 2,
"description": "Cloud Foundry sponsored by Pivotal",
"authorization_endpoint": "https://uaa. CF_IP.xip.io",
"token_endpoint": "https://uaa. CF_IP.xip.io",
"min_cli_version": null,
"min_recommended_cli_version": null,
"api_version": "2.25.0",
"logging_endpoint": "wss://loggregator. CF_IP.xip.io:4443"
}
I would like to know, how to get a token (Login process) to get apps:
*https://api.CF_IP.xip.io/v2/apps* <https://api.CF_IP.xip.io/v2/apps>
Many thanks in advance.
If you just want to login and use your system, install the cf cli. https://github.com/cloudfoundry/cli/releasesThen run `cf api api.CF_IP.xip.io` followed by `cf login`. This will prompt you for your credentials. I can't recall what that installer set's up, but it'll be something like admin / admin or admin / admin-secret. Check the docs, it'll probably say. For additional help with cf, run `cf -h` to see the available commands or `cf command -h` to get details on a particular command. If you want to login programmatically (like if you're going to write an app to interact with CF) then you need to go through one of the Oauth2 work flows. If you're unfamiliar with Oauth2, google has lots of resources on the flows and how it works. As far as CF, a couple things to get you started... 1.) Run `CF_TRACE=true cf login` (or `set CF_TRACE=true` followed by `cf login` on Windows) and watch the output. It'll dump the HTTP request and response data, so you can see how the cli does it. 2.) Beyond that, more detail can be found here. https://github.com/cloudfoundry/uaa/tree/master/docsI have found this particular document to be useful. https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-APIs.rstand of course, post any follow up questions to the list. Dan ________________________________ cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
|
|
|
CF // Login using REST API
Brena, Juan Antonio (ext) <juan.brena.external@...>
Good morning, I have installed CF using the following installer: https://github.com/yudai/cf_nise_installerUsing the following request: https://api.CF_IP.xip.io/v2/infoY receive the following information: { "name": "vcap", "build": "2222", "support": " http://support.cloudfoundry.com", "version": 2, "description": "Cloud Foundry sponsored by Pivotal", "authorization_endpoint": " https://uaa. CF_IP.xip.io", "token_endpoint": " https://uaa. CF_IP.xip.io", "min_cli_version": null, "min_recommended_cli_version": null, "api_version": "2.25.0", "logging_endpoint": "wss://loggregator. CF_IP.xip.io:4443" } I would like to know, how to get a token (Login process) to get apps: https://api.CF_IP.xip.io/v2/appsMany thanks in advance. Juan Antonio This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavors to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. Este mensaje y los ficheros adjuntos pueden contener información confidencial destinada solamente a la(s) persona(s) mencionadas anteriormente y pueden estar protegidos por secreto profesional. Si usted recibe este correo electrónico por error, gracias por informar inmediatamente al remitente y destruir el mensaje. Al no estar asegurada la integridad de este mensaje sobre la red, Atos no se hace responsable por su contenido. Su contenido no constituye ningún compromiso para el grupo Atos, salvo ratificación escrita por ambas partes. Aunque se esfuerza al máximo por mantener su red libre de virus, el emisor no puede garantizar nada al respecto y no será responsable de cualesquiera daños que puedan resultar de una transmisión de virus.
|
|
|
Announcing cf-mysql-release v22
Happy Friday! On behalf of the CF Core Services team I am pleased to announce v22 of cf- mysql-release < https://github.com/cloudfoundry/cf-mysql-release/releases/tag/v22>. -- cf-mysql-release < https://github.com/cloudfoundry/cf-mysql-release> is a BOSH release that delivers a MySQL-compatible DataBase-as-a-Service for Cloud Foundry users. Through Cloud Foundry, users can provision databases and deliver unique credentials to bound applications. v22 is a minor update; we release regularly to make sure you have access to all the latest features and fixes. The major changes in v22 are updated MariaDB packages and several configuration and security changes. We're continuing to make the included stubs easier to use, in particular there's a new stub with this release to make it easy to customize the service plans. We've also expanded our documentation. Please send us feedback on how we're doing! For all the details, please see the release notes for v22 < https://github.com/cloudfoundry/cf-mysql-release/releases/tag/v22>. Special note for Amazon AWS users: We weren't satisfied with the difficulty of configuring cf-mysql-release across multiple AWS AZ's, so we've put some effort into making the stub much easier to follow. For v22, please feel free to use this pre-release version of the stub that will appear in v23. It's been tested and validated to work with v22: http://bit.ly/v23-sample-aws-stubIf you'd like to know more, detailed release notes can be found on GitHub < https://github.com/cloudfoundry/cf-mysql-release/releases/tag/v20> and bosh.io < http://bosh.io/releases/github.com/cloudfoundry/cf-mysql-release?version=20>. If you'd like to know even more than that, each line contains a link to the original story under which a feature was commissioned. As always, we'd love to hear if you're having any problems with this version of the software. Please open a GitHub issue < https://github.com/cloudfoundry/cf-mysql-release/issues>. If you're willing, we're always very happy to receive a Pull Request < https://github.com/cloudfoundry/cf-mysql-release/pulls>. PS - For those of who you might be wondering why we've skipped v21: A particularly large robot in the Release Engineering Department experienced a momentarily lapse of judgement. It did report that v21 was quite tasty, but unfortunately no longer available for general release. We've responded by adjusting the robot's diet and medications. Future releases should navigate the process unharmed. We apologize for the inconvenience, and send our condolences to v21's family and friends. -- Marco Nicosia Product Manager Pivotal Software, Inc. mnicosia(a)pivotal.io c: 650-796-2948
|
|
|
Re: Notifications on ORG, SPACE and USER modifications
I think ETags is reasonable thought as well.
toggle quoted messageShow quoted text
On Thu, Jul 23, 2015 at 4:39 PM, Benjamin Black <bblack(a)pivotal.io> wrote: ETags and a 304 response are specifically intended for that purpose. I'd
recommend that over relying on Last-Modified.
b
On Thu, Jul 23, 2015 at 12:34 AM, Koper, Dies <diesk(a)fast.au.fujitsu.com>
wrote:
Or setting the Last-Modified HTTP response header accordingly, and
allow clients to use HTTP caching mechanisms (Last-Modified, etc.) to get
quick empty responses with the current APIs if no changes have been made?
(Or maybe this is already working so – haven’t checked).
Regards,
Dies Koper
*From:* cf-dev-bounces(a)lists.cloudfoundry.org [mailto:
cf-dev-bounces(a)lists.cloudfoundry.org] *On Behalf Of *Matt Cowger
*Sent:* Thursday, July 23, 2015 4:45 PM
*To:* Discussions about Cloud Foundry projects and the system overall.
*Subject:* Re: [cf-dev] Notifications on ORG, SPACE and USER
modifications
I've wanted something similar as well.
On a related note, having a CC API 'serial' number (for each object in CC
- apps, spaces, etc) that increments on every change relevant to that
object would be of value for detecting if something has changed.
On Thu, Jul 23, 2015 at 3:27 PM, Dieu Cao <dcao(a)pivotal.io> wrote:
There are a few different approaches to this and different concerns that
are possible.
The requests I've seen have been around wanting to be able to subscribe
to and filter the various events that cc currently generates so that other
behavior could be triggered.
We currently have events, app usage events, and service usage events.
Is it acceptable for the notifications to be lossy? Depends on the use
case but If so, then the firehose may be an acceptable approach.
The CAPI team is currently focusing on other work in the near term, such
as the v3 API and private brokers, but would be happy to collaborate on a
proposal.
On Wed, Jul 22, 2015 at 2:05 PM, Juan Pablo Genovese <
juanpgenovese(a)gmail.com> wrote:
My take:
CC should have callbacks on for each model create, update and delete
methods. Those callbacks will send a message to an MQ, which you can
subscribe to consume those messages.
This can be expanded to pretty much every event we need to track.
What do you think?
JP
2015-07-22 17:30 GMT-03:00 Matthias X Hub <matthias.hub(a)de.ibm.com>:
Hi,
we (=IBM) are also having the need and are currently investigating how to
solve this. We plan to work on a proposal to discuss this further with the
cf community. I'll keep you updated on that.
Regards,
Matthias
From: Mike Youngstrom <youngm(a)gmail.com>
To: "Discussions about Cloud Foundry projects and the system
overall." <cf-dev(a)lists.cloudfoundry.org>
Date: 22.07.2015 20:57
Subject: Re: [cf-dev] Notifications on ORG, SPACE and USER
modifications
Sent by: cf-dev-bounces(a)lists.cloudfoundry.org
------------------------------
We have the same need. Today we are polling the CC.
It would be nice for us also if we could get CC event notifications via
something like the firehose.
Mike
On Wed, Jul 22, 2015 at 10:23 AM, Juan Pablo Genovese <
juanpgenovese(a)gmail.com> wrote:
I mean, I know you can list those events thru the API, but I want
something that will react on an event instead of having to be constantly
polling for them.
2015-07-22 13:18 GMT-03:00 Juan Pablo Genovese <juanpgenovese(a)gmail.com>:
Sree,
thanks! Any pointers on how can I hook up to these audit events?
Thank you!
2015-07-22 13:12 GMT-03:00 Sree Tummidi <stummidi(a)pivotal.io>:
I believe there are audit events generated for all these actions which
can be captured and forwarded to an SIEM solution like splunk
Thanks,
Sree
Sent from my iPhone
On Jul 22, 2015, at 8:54 AM, Juan Pablo Genovese <juanpgenovese(a)gmail.com>
wrote:
Guys,
I need to somehow hook up into the Cloud Controller (CC) to capture ORG,
SPACE and USER deletion, insertion and update.
So far, I considered some approaches, such as forking the CC (the least
favorite) and modifying the code with some hooks, tapping into Nginx to
capture the requests, and using triggers in the database to capture each
event and send the necessary info to a service.
What do you think?
Any other idea you might have?
Thanks!
--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,
Juan Pablo
------------------------------------------------------
http://www.jpgenovese.com
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,
Juan Pablo
------------------------------------------------------
http://www.jpgenovese.com
--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,
Juan Pablo
------------------------------------------------------
http://www.jpgenovese.com
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
--
Mis mejores deseos,
Best wishes,
Meilleurs vœux,
Juan Pablo
------------------------------------------------------
http://www.jpgenovese.com
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
--
-- Matt
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
--
-- Matt
|
|
|
Hello, just a test ,pls ignore
|
|
|
Re: Allow gorouter to log random headers.
James,
Yep - we're pretty much on the same page.
Only addition I would ask for is that the whitelist contain some "sensible"
defaults (eg, Trace-Id, Span-Id) that are switched on by default; since
then tight integration with tools like spring-cloud / buildpacks would work
out the box.
D
toggle quoted messageShow quoted text
On 24 July 2015 at 16:26, James Bayer <jbayer(a)pivotal.io> wrote: shannon,
from what i'm reading here about the use case, the main interest is that a
CF operator knows that their cf installation is more deeply integrated with
a specific log parsing solution for all/many apps on that platform that
choose to use it (whether than is ELK, Zipkin, etc). it does not sound like
it is a special case with lots of variation by many different app teams on
the cf installation. rather, it sounds like this is most likely to be used
as an installation-wide option to enhance the app developer / app
operations experience.
it seems like an operator configured whitelist set of headers that get
logged with the RTR message satisfies the current needs well and is
reasonable.
if we were to find that in the future lots of variation and different app
teams on the same CF wanted to have the RTR tier log many different headers
in the access log, then we could enhance the "log the whitelist of headers
to the access log" capability to be exposed to a limited number of headers
that each route could be configured by developers to specify that would
apply in addition to the operator configured logged headers. but it sounds
like that isn't needed right now.
simon/david, did i summarize this correctly?
On Fri, Jul 24, 2015 at 7:23 AM, Simon Johansson <simon(a)simonjohansson.com
wrote: If I understand correctly, you're proposing that an operator of CloudFoundry configure GoRouter, which is a multi-tenant, shared service,
with knowledge specific to one or a few applications
That is indeed the proposal. In my org we work closely with the different
development streams to provide a good out of the box experience by creating
certain opt-in features that makes their life easier. This would be one of
those features, if you pass certain headers in your requests thats
standardised across the entire online organisation you will be able to
query for them in Kibana.
I understand that this is not the case in all environments.
If GoRouter logged whatever headers were included in the request, wouldn't this satisfy your requirements?
This would indeed satisfy my requests, but as David points out("However,
not having a whitelist of headers to log opens a possible DDOS attack
vector on the GoRouter") it might now be appropriate.
Based on what you've described, the persona is the app developer. Not necessarily, we operators are also very interested in certain headers.
so control of what is logged should be in their hands. If one via the API could set headers that should be logged for an org,
space or application that would be magical. The need for a list of
"must-log-all-these-headers" would still be there I think as not to have to
maintain a list of these standardised headers across different objects.
On Thu, Jul 23, 2015 at 10:51 PM, Shannon Coen <scoen(a)pivotal.io> wrote:
This is not something that would be merged, as originally proposed,
without additional investigation and discussion.
If I understand correctly, you're proposing that an operator of
CloudFoundry configure GoRouter, which is a multi-tenant, shared service,
with knowledge specific to one or a few applications. This should not be an
operator responsibility, nor should the solution be specific to one or a
few applications.
The goal is "the flexibility of being able to annotate our logs with
what we consider to be important for our debugging purposes." More
specifically you're requesting logging of headers. Do you have a preference?
If GoRouter logged whatever headers were included in the request,
wouldn't this satisfy your requirements? Doesn't GoRouter do this already?
I'm interested in solving your requirement generically for all
applications, and focussing the user experience on the correct persona.
Based on what you've described, the persona is the app developer, so
control of what is logged should be in their hands. I'm also not convinced
GoRouter should have any knowledge of headers specific to one application
or another.
Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.
On Wed, Jul 22, 2015 at 3:05 AM, Alex Lomov <alexander.lomov(a)altoros.com
wrote: Some time ago routing services were discussed on a CAB [1]. Here is a
description of this proposal.
Do you think that using such service will allow your developers to
cover this requirements?
[1]
http://www.activestate.com/blog/2015/02/cloud-foundry-advisory-board-meeting-2015-february
[2]
https://docs.google.com/document/d/1bGOQxiKkmaw6uaRWGd-sXpxL0Y28d3QihcluI15FiIA/edit#heading=h.8djffzes9pnb
On Jul 21, 2015, at 4:06 PM, Simon Johansson <simon(a)simonjohansson.com>
wrote:
Howdie!
We have some devs who want to be able to trace a request troughout
their applications.
user -> a -> b -> c
|
|-> d -> e
When a user makes a request to "a" uuid is generated inside the app,
and the request to "b" from "a" will set a header(call it WAKAWAKA to
uuid), "b"'s call will passthrough WAKAWAKA to "c" and "d", "d" will
passthrough WAKAWAKA to "e". Etc.
We aggregate all RTR logs into ELK so it would be super helpful to them
to be able to filter on WAKAWAKA and get all the access logs(and app logs
aswell, they mostly use GELF so its easy for them to add whatewher field
they want) from the services involved.
I had a quick peek at the gorouter(
https://github.com/cloudfoundry/gorouter/blob/76668f5818ea8c089ff52a14fcdfbf703c8e8767/access_log/access_log_record.go#L40)
and it seems like this should be a simple PR.
1. To gorouter.yml add
passthrough_headers:
- WAKAWAKA
- X-Random-Header
2. In makeRecord at the bottom add something like(in psuedo)
data = {}
for header in passthrough_headers:
header_val = r.FormatRequestHeader("X-Forwarded-For")
if header_val:
passthrough_headers[header] = header_val
if data:
fmt.Fprintf(b, data.to_stringified_json())
That would yield a log line like
blurgh.dev.cf.private.domain.com - [21/07/2015:10:17:05 +0000] "GET
/statements?ascending=true&since=2015-06-30T14%3A10%3A03.078Z&skipStatementId=30a88204-0779-4385-9859-e4aabd30baf0
HTTP/1.1" 200 0 17 "-" "NING/1.0" 10.230.31.2:46204
x_forwarded_for:"-" vcap_request_id:1e58195a-cde6-4afd-7f03-43061c9ea91c
response_time:0.004927106 app_id:9784cd03-050d-4b74-9e90-5f17134a3f08
{"WAKAWAKA": "Space is the place", "X-Random-Header": "Once upon a midnight
dreary, while I pondered weak and weary"}
The reason for a stringified JSON is to make it easy to parse with
logstash or other loganalysis tools.
Before I spend time implementing, is this something you would merge?
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
--
Thank you,
James Bayer
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
|
|
|
Re: Allow gorouter to log random headers.
Simon Johansson <simon@...>
simon/david, did i summarize this correctly? Spot on summarisation. :) On Fri, Jul 24, 2015 at 5:26 PM, James Bayer <jbayer(a)pivotal.io> wrote: shannon,
from what i'm reading here about the use case, the main interest is that a
CF operator knows that their cf installation is more deeply integrated with
a specific log parsing solution for all/many apps on that platform that
choose to use it (whether than is ELK, Zipkin, etc). it does not sound like
it is a special case with lots of variation by many different app teams on
the cf installation. rather, it sounds like this is most likely to be used
as an installation-wide option to enhance the app developer / app
operations experience.
it seems like an operator configured whitelist set of headers that get
logged with the RTR message satisfies the current needs well and is
reasonable.
if we were to find that in the future lots of variation and different app
teams on the same CF wanted to have the RTR tier log many different headers
in the access log, then we could enhance the "log the whitelist of headers
to the access log" capability to be exposed to a limited number of headers
that each route could be configured by developers to specify that would
apply in addition to the operator configured logged headers. but it sounds
like that isn't needed right now.
simon/david, did i summarize this correctly?
On Fri, Jul 24, 2015 at 7:23 AM, Simon Johansson <simon(a)simonjohansson.com
wrote: If I understand correctly, you're proposing that an operator of CloudFoundry configure GoRouter, which is a multi-tenant, shared service,
with knowledge specific to one or a few applications
That is indeed the proposal. In my org we work closely with the different
development streams to provide a good out of the box experience by creating
certain opt-in features that makes their life easier. This would be one of
those features, if you pass certain headers in your requests thats
standardised across the entire online organisation you will be able to
query for them in Kibana.
I understand that this is not the case in all environments.
If GoRouter logged whatever headers were included in the request, wouldn't this satisfy your requirements?
This would indeed satisfy my requests, but as David points out("However,
not having a whitelist of headers to log opens a possible DDOS attack
vector on the GoRouter") it might now be appropriate.
Based on what you've described, the persona is the app developer. Not necessarily, we operators are also very interested in certain headers.
so control of what is logged should be in their hands. If one via the API could set headers that should be logged for an org,
space or application that would be magical. The need for a list of
"must-log-all-these-headers" would still be there I think as not to have to
maintain a list of these standardised headers across different objects.
On Thu, Jul 23, 2015 at 10:51 PM, Shannon Coen <scoen(a)pivotal.io> wrote:
This is not something that would be merged, as originally proposed,
without additional investigation and discussion.
If I understand correctly, you're proposing that an operator of
CloudFoundry configure GoRouter, which is a multi-tenant, shared service,
with knowledge specific to one or a few applications. This should not be an
operator responsibility, nor should the solution be specific to one or a
few applications.
The goal is "the flexibility of being able to annotate our logs with
what we consider to be important for our debugging purposes." More
specifically you're requesting logging of headers. Do you have a preference?
If GoRouter logged whatever headers were included in the request,
wouldn't this satisfy your requirements? Doesn't GoRouter do this already?
I'm interested in solving your requirement generically for all
applications, and focussing the user experience on the correct persona.
Based on what you've described, the persona is the app developer, so
control of what is logged should be in their hands. I'm also not convinced
GoRouter should have any knowledge of headers specific to one application
or another.
Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.
On Wed, Jul 22, 2015 at 3:05 AM, Alex Lomov <alexander.lomov(a)altoros.com
wrote: Some time ago routing services were discussed on a CAB [1]. Here is a
description of this proposal.
Do you think that using such service will allow your developers to
cover this requirements?
[1]
http://www.activestate.com/blog/2015/02/cloud-foundry-advisory-board-meeting-2015-february
[2]
https://docs.google.com/document/d/1bGOQxiKkmaw6uaRWGd-sXpxL0Y28d3QihcluI15FiIA/edit#heading=h.8djffzes9pnb
On Jul 21, 2015, at 4:06 PM, Simon Johansson <simon(a)simonjohansson.com>
wrote:
Howdie!
We have some devs who want to be able to trace a request troughout
their applications.
user -> a -> b -> c
|
|-> d -> e
When a user makes a request to "a" uuid is generated inside the app,
and the request to "b" from "a" will set a header(call it WAKAWAKA to
uuid), "b"'s call will passthrough WAKAWAKA to "c" and "d", "d" will
passthrough WAKAWAKA to "e". Etc.
We aggregate all RTR logs into ELK so it would be super helpful to them
to be able to filter on WAKAWAKA and get all the access logs(and app logs
aswell, they mostly use GELF so its easy for them to add whatewher field
they want) from the services involved.
I had a quick peek at the gorouter(
https://github.com/cloudfoundry/gorouter/blob/76668f5818ea8c089ff52a14fcdfbf703c8e8767/access_log/access_log_record.go#L40)
and it seems like this should be a simple PR.
1. To gorouter.yml add
passthrough_headers:
- WAKAWAKA
- X-Random-Header
2. In makeRecord at the bottom add something like(in psuedo)
data = {}
for header in passthrough_headers:
header_val = r.FormatRequestHeader("X-Forwarded-For")
if header_val:
passthrough_headers[header] = header_val
if data:
fmt.Fprintf(b, data.to_stringified_json())
That would yield a log line like
blurgh.dev.cf.private.domain.com - [21/07/2015:10:17:05 +0000] "GET
/statements?ascending=true&since=2015-06-30T14%3A10%3A03.078Z&skipStatementId=30a88204-0779-4385-9859-e4aabd30baf0
HTTP/1.1" 200 0 17 "-" "NING/1.0" 10.230.31.2:46204
x_forwarded_for:"-" vcap_request_id:1e58195a-cde6-4afd-7f03-43061c9ea91c
response_time:0.004927106 app_id:9784cd03-050d-4b74-9e90-5f17134a3f08
{"WAKAWAKA": "Space is the place", "X-Random-Header": "Once upon a midnight
dreary, while I pondered weak and weary"}
The reason for a stringified JSON is to make it easy to parse with
logstash or other loganalysis tools.
Before I spend time implementing, is this something you would merge?
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
--
Thank you,
James Bayer
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
|
|
|
Re: Allow gorouter to log random headers.
shannon, from what i'm reading here about the use case, the main interest is that a CF operator knows that their cf installation is more deeply integrated with a specific log parsing solution for all/many apps on that platform that choose to use it (whether than is ELK, Zipkin, etc). it does not sound like it is a special case with lots of variation by many different app teams on the cf installation. rather, it sounds like this is most likely to be used as an installation-wide option to enhance the app developer / app operations experience. it seems like an operator configured whitelist set of headers that get logged with the RTR message satisfies the current needs well and is reasonable. if we were to find that in the future lots of variation and different app teams on the same CF wanted to have the RTR tier log many different headers in the access log, then we could enhance the "log the whitelist of headers to the access log" capability to be exposed to a limited number of headers that each route could be configured by developers to specify that would apply in addition to the operator configured logged headers. but it sounds like that isn't needed right now. simon/david, did i summarize this correctly? On Fri, Jul 24, 2015 at 7:23 AM, Simon Johansson <simon(a)simonjohansson.com> wrote: If I understand correctly, you're proposing that an operator of CloudFoundry configure GoRouter, which is a multi-tenant, shared service,
with knowledge specific to one or a few applications
That is indeed the proposal. In my org we work closely with the different
development streams to provide a good out of the box experience by creating
certain opt-in features that makes their life easier. This would be one of
those features, if you pass certain headers in your requests thats
standardised across the entire online organisation you will be able to
query for them in Kibana.
I understand that this is not the case in all environments.
If GoRouter logged whatever headers were included in the request, wouldn't this satisfy your requirements?
This would indeed satisfy my requests, but as David points out("However,
not having a whitelist of headers to log opens a possible DDOS attack
vector on the GoRouter") it might now be appropriate.
Based on what you've described, the persona is the app developer. Not necessarily, we operators are also very interested in certain headers.
so control of what is logged should be in their hands. If one via the API could set headers that should be logged for an org,
space or application that would be magical. The need for a list of
"must-log-all-these-headers" would still be there I think as not to have to
maintain a list of these standardised headers across different objects.
On Thu, Jul 23, 2015 at 10:51 PM, Shannon Coen <scoen(a)pivotal.io> wrote:
This is not something that would be merged, as originally proposed,
without additional investigation and discussion.
If I understand correctly, you're proposing that an operator of
CloudFoundry configure GoRouter, which is a multi-tenant, shared service,
with knowledge specific to one or a few applications. This should not be an
operator responsibility, nor should the solution be specific to one or a
few applications.
The goal is "the flexibility of being able to annotate our logs with
what we consider to be important for our debugging purposes." More
specifically you're requesting logging of headers. Do you have a preference?
If GoRouter logged whatever headers were included in the request,
wouldn't this satisfy your requirements? Doesn't GoRouter do this already?
I'm interested in solving your requirement generically for all
applications, and focussing the user experience on the correct persona.
Based on what you've described, the persona is the app developer, so
control of what is logged should be in their hands. I'm also not convinced
GoRouter should have any knowledge of headers specific to one application
or another.
Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.
On Wed, Jul 22, 2015 at 3:05 AM, Alex Lomov <alexander.lomov(a)altoros.com>
wrote:
Some time ago routing services were discussed on a CAB [1]. Here is a
description of this proposal.
Do you think that using such service will allow your developers to cover
this requirements?
[1]
http://www.activestate.com/blog/2015/02/cloud-foundry-advisory-board-meeting-2015-february
[2]
https://docs.google.com/document/d/1bGOQxiKkmaw6uaRWGd-sXpxL0Y28d3QihcluI15FiIA/edit#heading=h.8djffzes9pnb
On Jul 21, 2015, at 4:06 PM, Simon Johansson <simon(a)simonjohansson.com>
wrote:
Howdie!
We have some devs who want to be able to trace a request troughout their
applications.
user -> a -> b -> c
|
|-> d -> e
When a user makes a request to "a" uuid is generated inside the app, and
the request to "b" from "a" will set a header(call it WAKAWAKA to uuid),
"b"'s call will passthrough WAKAWAKA to "c" and "d", "d" will passthrough
WAKAWAKA to "e". Etc.
We aggregate all RTR logs into ELK so it would be super helpful to them
to be able to filter on WAKAWAKA and get all the access logs(and app logs
aswell, they mostly use GELF so its easy for them to add whatewher field
they want) from the services involved.
I had a quick peek at the gorouter(
https://github.com/cloudfoundry/gorouter/blob/76668f5818ea8c089ff52a14fcdfbf703c8e8767/access_log/access_log_record.go#L40)
and it seems like this should be a simple PR.
1. To gorouter.yml add
passthrough_headers:
- WAKAWAKA
- X-Random-Header
2. In makeRecord at the bottom add something like(in psuedo)
data = {}
for header in passthrough_headers:
header_val = r.FormatRequestHeader("X-Forwarded-For")
if header_val:
passthrough_headers[header] = header_val
if data:
fmt.Fprintf(b, data.to_stringified_json())
That would yield a log line like
blurgh.dev.cf.private.domain.com - [21/07/2015:10:17:05 +0000] "GET
/statements?ascending=true&since=2015-06-30T14%3A10%3A03.078Z&skipStatementId=30a88204-0779-4385-9859-e4aabd30baf0
HTTP/1.1" 200 0 17 "-" "NING/1.0" 10.230.31.2:46204 x_forwarded_for:"-"
vcap_request_id:1e58195a-cde6-4afd-7f03-43061c9ea91c
response_time:0.004927106 app_id:9784cd03-050d-4b74-9e90-5f17134a3f08
{"WAKAWAKA": "Space is the place", "X-Random-Header": "Once upon a midnight
dreary, while I pondered weak and weary"}
The reason for a stringified JSON is to make it easy to parse with
logstash or other loganalysis tools.
Before I spend time implementing, is this something you would merge?
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
-- Thank you, James Bayer
|
|
|
Re: How cloud foundry deployed by bosh-lite manage DEA
On Fri, Jul 24, 2015 at 11:17 AM, GuopingZhang <goodier_cn(a)hotmail.com> wrote: Dan, thanks a lot for your explanation!
So you mean, warden container can have its own sub-warden container ?
Yes. That's my understanding of it. Dan
Guoping
------------------------------
Date: Fri, 24 Jul 2015 09:13:13 -0400
From: dmikusa(a)pivotal.io
To: cf-dev(a)lists.cloudfoundry.org
Subject: Re: [cf-dev] How cloud foundry deployed by bosh-lite manage DEA
On Fri, Jul 24, 2015 at 8:35 AM, GuopingZhang <goodier_cn(a)hotmail.com>
wrote:
I read that bosh-lite use warden as container for cloud foundry components.
I deployed two java spring apps into the local cloud foundry.
Below is my VMs (warden container), which (two) warden container is
running my 2 apps?
Or the apps are actually running as java process in my virtualbox of
unbuntu (which contains all below containers), without running inside a
warden container?
It's a little different because you're using bosh-lite. In that case, you
have one VM (probably running in Virtualbox) and that VM has some
containers on it. Those containers run the various components of CF.
Inside the DEA container (labeled "runner_z1" below), you'll find your apps
running each in it's own sub-container.
Dan
+------------------------------------+---------+---------------+--------------+
| Job/index | State | Resource Pool | IPs
|
+------------------------------------+---------+---------------+--------------+
| api_z1/0 | running | large_z1 |
10.244.0.134 |
| doppler_z1/0 | running | medium_z1 |
10.244.0.142 |
| etcd_z1/0 | running | medium_z1 |
10.244.0.42 |
| ha_proxy_z1/0 | running | router_z1 |
10.244.0.34 |
| hm9000_z1/0 | running | medium_z1 |
10.244.0.138 |
| loggregator_trafficcontroller_z1/0 | running | small_z1 |
10.244.0.146 |
| nats_z1/0 | running | medium_z1 |
10.244.0.6 |
| postgres_z1/0 | running | medium_z1 |
10.244.0.30 |
| router_z1/0 | running | router_z1 |
10.244.0.22 |
| runner_z1/0 | running | runner_z1 |
10.244.0.26 |
| uaa_z1/0 | running | medium_z1 |
10.244.0.130 |
+------------------------------------+---------+---------------+--------------+
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________ cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
|
|
|
Re: How cloud foundry deployed by bosh-lite manage DEA
Dan, thanks a lot for your explanation!So you mean, warden container can have its own sub-warden container ?
Guoping
Date: Fri, 24 Jul 2015 09:13:13 -0400
From: dmikusa(a)pivotal.io
To: cf-dev(a)lists.cloudfoundry.org
Subject: Re: [cf-dev] How cloud foundry deployed by bosh-lite manage DEA
toggle quoted messageShow quoted text
On Fri, Jul 24, 2015 at 8:35 AM, GuopingZhang <goodier_cn(a)hotmail.com> wrote: I read that bosh-lite use warden as container for cloud foundry components.I deployed two java spring apps into the local cloud foundry. Below is my VMs (warden container), which (two) warden container is running my 2 apps? Or the apps are actually running as java process in my virtualbox of unbuntu (which contains all below containers), without running inside a warden container? It's a little different because you're using bosh-lite. In that case, you have one VM (probably running in Virtualbox) and that VM has some containers on it. Those containers run the various components of CF. Inside the DEA container (labeled "runner_z1" below), you'll find your apps running each in it's own sub-container. Dan +------------------------------------+---------+---------------+--------------+| Job/index | State | Resource Pool | IPs |+------------------------------------+---------+---------------+--------------+| api_z1/0 | running | large_z1 | 10.244.0.134 || doppler_z1/0 | running | medium_z1 | 10.244.0.142 || etcd_z1/0 | running | medium_z1 | 10.244.0.42 || ha_proxy_z1/0 | running | router_z1 | 10.244.0.34 || hm9000_z1/0 | running | medium_z1 | 10.244.0.138 || loggregator_trafficcontroller_z1/0 | running | small_z1 | 10.244.0.146 || nats_z1/0 | running | medium_z1 | 10.244.0.6 || postgres_z1/0 | running | medium_z1 | 10.244.0.30 || router_z1/0 | running | router_z1 | 10.244.0.22 || runner_z1/0 | running | runner_z1 | 10.244.0.26 | | uaa_z1/0 | running | medium_z1 | 10.244.0.130 |+------------------------------------+---------+---------------+--------------+ _______________________________________________ cf-dev mailing list cf-dev(a)lists.cloudfoundry.org https://lists.cloudfoundry.org/mailman/listinfo/cf-dev_______________________________________________ cf-dev mailing list cf-dev(a)lists.cloudfoundry.org https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
|
|
|
Re: UAA: How to set client_credentials token grant type to not expire
public static final intMAX_VALUE < http://docs.oracle.com/javase/7/docs/api/java/lang/Integer.html#MAX_VALUE> 2147483647 that's the largest value you can set. However, I just realized, that if you set this value, the UAA will get an overflow and the int will become negative. so set the value to 315 569 260 that's a 10 year expiration. the computer that retrieved that token won't be around in 10 years so it's a safe number.
On Friday, July 24, 2015, Kayode Odeyemi <dreyemi(a)gmail.com> wrote: Thanks Filip.
However, everytime I set that (for example, I set it to 2542838400), I get
this:
"The request sent by the client was syntactically incorrect."
That's December 31st 2050 when decoded. Is it possible that, that number
is too large?
On Thu, Jul 23, 2015 at 7:09 PM, Filip Hanik <fhanik(a)pivotal.io
<javascript:_e(%7B%7D,'cvml','fhanik(a)pivotal.io');>> wrote:
https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-APIs.rst#register-client-post-oauthclients
access_token_validity - int Optional Value in seconds for how long an
access token is valid for
Set this field to a very large value, like
http://docs.oracle.com/javase/7/docs/api/constant-values.html#java.lang.Integer.MAX_VALUE
On Thu, Jul 23, 2015 at 11:05 AM, Kayode Odeyemi <dreyemi(a)gmail.com
<javascript:_e(%7B%7D,'cvml','dreyemi(a)gmail.com');>> wrote:
Hi,
I have some trusted clients set up to use client_credentials token
grant. I'll like to set their tokens not to expire.
How do I achieve this?
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
<javascript:_e(%7B%7D,'cvml','cf-dev(a)lists.cloudfoundry.org');>
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
<javascript:_e(%7B%7D,'cvml','cf-dev(a)lists.cloudfoundry.org');>
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
|
|
|
Re: Allow gorouter to log random headers.
Simon Johansson <simon@...>
If I understand correctly, you're proposing that an operator of CloudFoundry configure GoRouter, which is a multi-tenant, shared service, with knowledge specific to one or a few applications That is indeed the proposal. In my org we work closely with the different development streams to provide a good out of the box experience by creating certain opt-in features that makes their life easier. This would be one of those features, if you pass certain headers in your requests thats standardised across the entire online organisation you will be able to query for them in Kibana. I understand that this is not the case in all environments. If GoRouter logged whatever headers were included in the request, wouldn't this satisfy your requirements? This would indeed satisfy my requests, but as David points out("However, not having a whitelist of headers to log opens a possible DDOS attack vector on the GoRouter") it might now be appropriate. Based on what you've described, the persona is the app developer. Not necessarily, we operators are also very interested in certain headers. so control of what is logged should be in their hands. If one via the API could set headers that should be logged for an org, space or application that would be magical. The need for a list of "must-log-all-these-headers" would still be there I think as not to have to maintain a list of these standardised headers across different objects. On Thu, Jul 23, 2015 at 10:51 PM, Shannon Coen <scoen(a)pivotal.io> wrote: This is not something that would be merged, as originally proposed,
without additional investigation and discussion.
If I understand correctly, you're proposing that an operator of
CloudFoundry configure GoRouter, which is a multi-tenant, shared service,
with knowledge specific to one or a few applications. This should not be an
operator responsibility, nor should the solution be specific to one or a
few applications.
The goal is "the flexibility of being able to annotate our logs with what
we consider to be important for our debugging purposes." More specifically
you're requesting logging of headers. Do you have a preference?
If GoRouter logged whatever headers were included in the request, wouldn't
this satisfy your requirements? Doesn't GoRouter do this already?
I'm interested in solving your requirement generically for all
applications, and focussing the user experience on the correct persona.
Based on what you've described, the persona is the app developer, so
control of what is logged should be in their hands. I'm also not convinced
GoRouter should have any knowledge of headers specific to one application
or another.
Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.
On Wed, Jul 22, 2015 at 3:05 AM, Alex Lomov <alexander.lomov(a)altoros.com>
wrote:
Some time ago routing services were discussed on a CAB [1]. Here is a
description of this proposal.
Do you think that using such service will allow your developers to cover
this requirements?
[1]
http://www.activestate.com/blog/2015/02/cloud-foundry-advisory-board-meeting-2015-february
[2]
https://docs.google.com/document/d/1bGOQxiKkmaw6uaRWGd-sXpxL0Y28d3QihcluI15FiIA/edit#heading=h.8djffzes9pnb
On Jul 21, 2015, at 4:06 PM, Simon Johansson <simon(a)simonjohansson.com>
wrote:
Howdie!
We have some devs who want to be able to trace a request troughout their
applications.
user -> a -> b -> c
|
|-> d -> e
When a user makes a request to "a" uuid is generated inside the app, and
the request to "b" from "a" will set a header(call it WAKAWAKA to uuid),
"b"'s call will passthrough WAKAWAKA to "c" and "d", "d" will passthrough
WAKAWAKA to "e". Etc.
We aggregate all RTR logs into ELK so it would be super helpful to them
to be able to filter on WAKAWAKA and get all the access logs(and app logs
aswell, they mostly use GELF so its easy for them to add whatewher field
they want) from the services involved.
I had a quick peek at the gorouter(
https://github.com/cloudfoundry/gorouter/blob/76668f5818ea8c089ff52a14fcdfbf703c8e8767/access_log/access_log_record.go#L40)
and it seems like this should be a simple PR.
1. To gorouter.yml add
passthrough_headers:
- WAKAWAKA
- X-Random-Header
2. In makeRecord at the bottom add something like(in psuedo)
data = {}
for header in passthrough_headers:
header_val = r.FormatRequestHeader("X-Forwarded-For")
if header_val:
passthrough_headers[header] = header_val
if data:
fmt.Fprintf(b, data.to_stringified_json())
That would yield a log line like
blurgh.dev.cf.private.domain.com - [21/07/2015:10:17:05 +0000] "GET
/statements?ascending=true&since=2015-06-30T14%3A10%3A03.078Z&skipStatementId=30a88204-0779-4385-9859-e4aabd30baf0
HTTP/1.1" 200 0 17 "-" "NING/1.0" 10.230.31.2:46204 x_forwarded_for:"-"
vcap_request_id:1e58195a-cde6-4afd-7f03-43061c9ea91c
response_time:0.004927106 app_id:9784cd03-050d-4b74-9e90-5f17134a3f08
{"WAKAWAKA": "Space is the place", "X-Random-Header": "Once upon a midnight
dreary, while I pondered weak and weary"}
The reason for a stringified JSON is to make it easy to parse with
logstash or other loganalysis tools.
Before I spend time implementing, is this something you would merge?
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
|
|
|
Re: Did anybody deploy a wiki as app to CF?
|
|
|
Re: UAA: How to set client_credentials token grant type to not expire
Thanks Filip.
However, everytime I set that (for example, I set it to 2542838400), I get
this:
"The request sent by the client was syntactically incorrect."
That's December 31st 2050 when decoded. Is it possible that, that number is
too large?
toggle quoted messageShow quoted text
|
|
|
Re: How cloud foundry deployed by bosh-lite manage DEA
On Fri, Jul 24, 2015 at 8:35 AM, GuopingZhang <goodier_cn(a)hotmail.com> wrote:
I read that bosh-lite use warden as container for cloud foundry components.
I deployed two java spring apps into the local cloud foundry.
Below is my VMs (warden container), which (two) warden container is
running my 2 apps?
Or the apps are actually running as java process in my virtualbox of
unbuntu (which contains all below containers), without running inside a
warden container?
It's a little different because you're using bosh-lite. In that case, you have one VM (probably running in Virtualbox) and that VM has some containers on it. Those containers run the various components of CF. Inside the DEA container (labeled "runner_z1" below), you'll find your apps running each in it's own sub-container. Dan
+------------------------------------+---------+---------------+--------------+
| Job/index | State | Resource Pool | IPs
|
+------------------------------------+---------+---------------+--------------+
| api_z1/0 | running | large_z1 |
10.244.0.134 |
| doppler_z1/0 | running | medium_z1 |
10.244.0.142 |
| etcd_z1/0 | running | medium_z1 |
10.244.0.42 |
| ha_proxy_z1/0 | running | router_z1 |
10.244.0.34 |
| hm9000_z1/0 | running | medium_z1 |
10.244.0.138 |
| loggregator_trafficcontroller_z1/0 | running | small_z1 |
10.244.0.146 |
| nats_z1/0 | running | medium_z1 |
10.244.0.6 |
| postgres_z1/0 | running | medium_z1 |
10.244.0.30 |
| router_z1/0 | running | router_z1 |
10.244.0.22 |
| runner_z1/0 | running | runner_z1 |
10.244.0.26 |
| uaa_z1/0 | running | medium_z1 | 10.244.0.130 |
+------------------------------------+---------+---------------+--------------+
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
|
|
|
Re: How to update blobs in blob.cfblob.com ?
Alexander Lomov <alexander.lomov@...>
Thank you for the answer.
I like the idea with pathing existing sources. Going to make another PR soon.
Have a good day,
Alex L.
toggle quoted messageShow quoted text
On Jul 24, 2015, at 3:36 PM, Matthew Sykes <matthew.sykes(a)gmail.com<mailto:matthew.sykes(a)gmail.com>> wrote: Hi. This isn't what I expected. You've basically changed the bucket configuration to point to your own and uploaded the blobs to that bucket. That's why bosh is telling you there's nothing to upload. There's also a general expectation that blobs are pristine artifacts from a well known distribution point. In this case, that's not true. You've used a script to modify some content and there's no way for someone to know that without looking in detail so it's going to be tough to trust what's there. Regardless, given what your scripts are doing, you should be able to generate patches for each of the packages, add them as source artifacts, and update the packaging scripts to apply the patches before the build. That's probably how this should be done to keep things sane. On Fri, Jul 24, 2015 at 4:37 AM, Lomov Alexander <alexander.lomov(a)altoros.com<mailto:alexander.lomov(a)altoros.com>> wrote: Hi, Matthew. After I made `bosh upload blobs`, `bosh blobs` command tells me `No blobs to upload`. Still I created a pull request where you can figure out what blobs are changed from `config/blobs.yml` file [1]. Could you tell if it is okey? [1] https://github.com/cloudfoundry/bosh/pull/892On Jul 1, 2015, at 5:38 PM, Matthew Sykes <matthew.sykes(a)gmail.com<mailto:matthew.sykes(a)gmail.com>> wrote: Since you won't be able to upload the blobs to the cf-release bucket, I'd suggest you capture the output of `bosh blobs` in your pull request. That command should enumerate all of the new blobs and their sizes. For each entry that's there, point to a publicly available URL and a hash that can be used to verify it. When the PR is reviewed, if things look good, the pair will likely pull the blobs down to evaluate them and test the overall function. On Wed, Jul 1, 2015 at 6:57 AM, Alexander Lomov <alexander.lomov(a)altoros.com<mailto:alexander.lomov(a)altoros.com>> wrote: Hi, all. I work on adding support of Power architecture to CF. During the work I needed to update not only cf-release, but existing blobs (postgresql, mysql client and etc.). I wonder how I can make PR to cf-release project with updated blobs. I couldn't find any clue in the contributing guild [1] , so I've decided to write here. [1] https://github.com/cloudfoundry/cf-release/blob/master/CONTRIBUTING.mdThank you, Alex L. ------------------------ Alex Lomov Altoros — Cloud Foundry deployment, training and integration Twitter: @code1n< https://twitter.com/code1n> GitHub: @allomov< https://gist.github.com/allomov> _______________________________________________ cf-dev mailing list cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org> https://lists.cloudfoundry.org/mailman/listinfo/cf-dev-- Matthew Sykes matthew.sykes(a)gmail.com<mailto:matthew.sykes(a)gmail.com> _______________________________________________ cf-dev mailing list cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org> https://lists.cloudfoundry.org/mailman/listinfo/cf-dev_______________________________________________ cf-dev mailing list cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org> https://lists.cloudfoundry.org/mailman/listinfo/cf-dev-- Matthew Sykes matthew.sykes(a)gmail.com<mailto:matthew.sykes(a)gmail.com> _______________________________________________ cf-dev mailing list cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org> https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
|
|
|
Re: How to update blobs in blob.cfblob.com ?
Matthew Sykes <matthew.sykes@...>
Hi. This isn't what I expected. You've basically changed the bucket configuration to point to your own and uploaded the blobs to that bucket. That's why bosh is telling you there's nothing to upload. There's also a general expectation that blobs are pristine artifacts from a well known distribution point. In this case, that's not true. You've used a script to modify some content and there's no way for someone to know that without looking in detail so it's going to be tough to trust what's there. Regardless, given what your scripts are doing, you should be able to generate patches for each of the packages, add them as source artifacts, and update the packaging scripts to apply the patches before the build. That's probably how this should be done to keep things sane. On Fri, Jul 24, 2015 at 4:37 AM, Lomov Alexander < alexander.lomov(a)altoros.com> wrote: Hi, Matthew.
After I made `bosh upload blobs`, `bosh blobs` command tells me `No
blobs to upload`.
Still I created a pull request where you can figure out what blobs are
changed from `config/blobs.yml` file [1].
Could you tell if it is okey?
[1] https://github.com/cloudfoundry/bosh/pull/892
On Jul 1, 2015, at 5:38 PM, Matthew Sykes <matthew.sykes(a)gmail.com>
wrote:
Since you won't be able to upload the blobs to the cf-release bucket,
I'd suggest you capture the output of `bosh blobs` in your pull request.
That command should enumerate all of the new blobs and their sizes.
For each entry that's there, point to a publicly available URL and a
hash that can be used to verify it.
When the PR is reviewed, if things look good, the pair will likely pull
the blobs down to evaluate them and test the overall function.
On Wed, Jul 1, 2015 at 6:57 AM, Alexander Lomov <
alexander.lomov(a)altoros.com> wrote:
Hi, all.
I work on adding support of Power architecture to CF. During the work I
needed to update not only cf-release, but existing blobs (postgresql, mysql
client and etc.). I wonder how I can make PR to cf-release project with
updated blobs.
I couldn't find any clue in the contributing guild [1] , so I've decided
to write here.
[1]
https://github.com/cloudfoundry/cf-release/blob/master/CONTRIBUTING.md
Thank you,
Alex L.
------------------------
Alex Lomov
*Altoros* — Cloud Foundry deployment, training and integration
*Twitter:* @code1n <https://twitter.com/code1n> *GitHub:* @allomov
<https://gist.github.com/allomov>
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
--
Matthew Sykes
matthew.sykes(a)gmail.com
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
-- Matthew Sykes matthew.sykes(a)gmail.com
|
|
|
How cloud foundry deployed by bosh-lite manage DEA
I read that bosh-lite use warden as container for cloud foundry components.I deployed two java spring apps into the local cloud foundry.
Below is my VMs (warden container), which (two) warden container is running my 2 apps?
Or the apps are actually running as java process in my virtualbox of unbuntu (which contains all below containers), without running inside a warden container?
+------------------------------------+---------+---------------+--------------+| Job/index | State | Resource Pool | IPs |+------------------------------------+---------+---------------+--------------+| api_z1/0 | running | large_z1 | 10.244.0.134 || doppler_z1/0 | running | medium_z1 | 10.244.0.142 || etcd_z1/0 | running | medium_z1 | 10.244.0.42 || ha_proxy_z1/0 | running | router_z1 | 10.244.0.34 || hm9000_z1/0 | running | medium_z1 | 10.244.0.138 || loggregator_trafficcontroller_z1/0 | running | small_z1 | 10.244.0.146 || nats_z1/0 | running | medium_z1 | 10.244.0.6 || postgres_z1/0 | running | medium_z1 | 10.244.0.30 || router_z1/0 | running | router_z1 | 10.244.0.22 || runner_z1/0 | running | runner_z1 | 10.244.0.26 || uaa_z1/0 | running | medium_z1 | 10.244.0.130 |+------------------------------------+---------+---------------+--------------+
|
|
|
Re: Allow gorouter to log random headers.
Shannon, Simon, As the lead of the logsearch.io (ELK) project; I'm also interested in having GoRouter log additional headers. Specifically Trace-Id and Span-Id generated by the spring-cloud-sleuth project ( https://github.com/spring-cloud-incubator/spring-cloud-sleuth ). If GoRouter logged whatever headers were included in the request, wouldn't
this satisfy your requirements? This would certainly satisfy my requirements, and I think Simon's too. However, not having a whitelist of headers to log opens a possible DDOS attack vector on the GoRouter, so I think having a operator configureable whitelist (with some sensible defaults like Trace-Id and Span-Id) is the right approach. Doesn't GoRouter do this already? I don't think so. Specifically, sending the following curl to an app hosted on PWS: curl --header "Trace-Id: 1c884728-466c-4ba3-8caa-a02a780c6d56" http://www.birdsangola.org/Gives the following [RTR] log from loggregator: Fri Jul 24 2015 13:10:52 GMT+0100 (BST) [RTR] OUT www.birdsangola.org - [24/07/2015:12:10:52 +0000] "GET / HTTP/1.1" 200 0 7772 "-" "curl/7.30.0" 10.10.2.185:46765 x_forwarded_for:"92.40.249.226" vcap_request_id:3a33d5f6-dc11-42c4-61c7-32a1a2557200 response_time:0.001380276 app_id:0c34cc9f-45a8-440e-b876-b0cde564fbe3 It doesn't look like the extra Trace-Id header has been passed through to the loggregator [RTR] log. I'd be happy to work with Simon to contribute to a PR that implements the "above whitelist of headers to log" feature. Thoughts? :D -- View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-Allow-gorouter-to-log-random-headers-tp800p877.htmlSent from the CF Dev mailing list archive at Nabble.com.
|
|
|
