|
be there for IPM
Filip Hanik
i may miss standup but I'll be there for IPM
|
|
|
|
Re: Cloudfoundry UAA / Questions
Frans Thamura
fyi, we use UAA for our social login , take a look www.merv.id
toggle quoted messageShow quoted text
F -- Frans Thamura (曽志胜) Java Champion Shadow Master and Lead Investor Meruvian. Integrated Hypermedia Java Solution Provider. Mobile: +628557888699 Blog: http://blogs.mervpolis.com/roller/flatburger (id) FB: http://www.facebook.com/meruvian TW: http://www.twitter.com/meruvian / @meruvian Website: http://www.meruvian.org "We grow because we share the same belief."
On Sun, May 31, 2015 at 1:11 AM, Filip Hanik <fhanik(a)pivotal.io> wrote:
For users created in UAA database, are there any policies we could apply
|
|
|
|
Re: Cloudfoundry UAA / Questions
Filip Hanik
1. For users created in UAA database, are there any policies we could
apply regarding password expiry/strength of the password/lockout on repeated retry failures etc..? Currently there is a password score calculator. There is a feature being implemented for a more clearly configurable password strength. Expect it to be in the next release. Lockout is implemented, and will also be configurable in the next release. 2. Is there any pluggable mechanism for user creation in UAA that we could use to create them say in AD – instead of in UAA user database? The UAA can integrate with LDAP (AD) or with SAML IDPs. When you use one of these authentication mechanism, a shadow account will be created in the UAA. These users will only be able to authenticate against their respective identity providers. 3. Is there any work/pocs done on UAA integration with Shibboleth Identity provider to have federated identity? I.e. Integration with identity providers behind firewalls? I believe Shibboleth is a SAML v2 provider, so it should be able to be configured like any other provider. 4. Is UAA HA/DR capable if the underlying user database is replicated? Basically does it boil down to underlying UAA database HA/DR and any tenants identity provider’s HA/DR capability? Yes, that is how we run our UAA in production. It's backed by a HA/DR database. 5. Other than notion of Zones/Multi-tenants are there any advantages of using UAA over plain Spring Security OAuth2/Spring Cloud Security? Yes, most of the work has already been done for you. On Sat, May 30, 2015 at 11:58 AM, Reddy, Satyapal <satyapal.reddy(a)emc.com> wrote: Looking into using UAA and have couple of questions:
|
|
|
|
Cloudfoundry UAA / Questions
Satyapal Reddy
Looking into using UAA and have couple of questions:
1. For users created in UAA database, are there any policies we could apply regarding password expiry/strength of the password/lockout on repeated retry failures etc..? 2. Is there any pluggable mechanism for user creation in UAA that we could use to create them say in AD – instead of in UAA user database? 3. Is there any work/pocs done on UAA integration with Shibboleth Identity provider to have federated identity? I.e. Integration with identity providers behind firewalls? 4. Is UAA HA/DR capable if the underlying user database is replicated? Basically does it boil down to underlying UAA database HA/DR and any tenants identity provider’s HA/DR capability? 5. Other than notion of Zones/Multi-tenants are there any advantages of using UAA over plain Spring Security OAuth2/Spring Cloud Security? Thanks Satya
|
|
|
|
Re: Cloud Foundry install documentation
Tom Sherrod <tom.sherrod@...>
Kim and James, thanks for responding and asking clarifying questions.
toggle quoted messageShow quoted text
Regarding latest, the end manifest ended up with lucid stemcell references. I changed them to trusty and then the deploy failed with cloud property object issues, like range missing. It went downhill from there. Kim, thanks for the pointer to github docs. I will start back from a clean slate and issue/update where possible. The first example issue was name missing from the resulting deploy manifest. I need to line up the questions and possible edits with the correct page, along with re-testing. Best, Tom
On Fri, May 29, 2015 at 8:35 PM, Kim Hoffman <khoffman(a)pivotal.io> wrote:
Hi Tom,
|
|
|
|
Re: Gorouter throughput
Simon Johansson <simon@...>
Great writeup Dieu, thanks!
toggle quoted messageShow quoted text
On Fri, May 29, 2015 at 10:50 PM, Dieu Cao <dcao(a)pivotal.io> wrote:
Yes, we recently ran some performance tests with the gorouter.
|
|
|
|
Re: Cloud Foundry install documentation
Kim Hoffman <khoffman@...>
Hi Tom,
toggle quoted messageShow quoted text
The docs team was also not aware that this document isn't working. It looks like there have been various tweaks to this doc over time, including pretty recently. Do you have any more details you could share? If you do find that you know what's wrong with the topic, we welcome pull requests or git issues against our documentation. You can find this specific doc here: https://github.com/cloudfoundry/docs-deploying-cf/blob/master/openstack/install_cf_openstack.html.md Thanks! Kim
On Fri, May 29, 2015 at 4:28 PM, James Bayer <jbayer(a)pivotal.io> wrote:
i was not aware that the documentation was not working for the latest
|
|
|
|
Re: Cloud Foundry install documentation
James Bayer
i was not aware that the documentation was not working for the latest
toggle quoted messageShow quoted text
cf-release versions. did you find that the documentation was out of date?
On Fri, May 29, 2015 at 7:30 AM, Tom Sherrod <tom.sherrod(a)gmail.com> wrote:
What version of Cloud Foundry works with --
Thank you, James Bayer
|
|
|
|
Re: Gorouter throughput
Dieu Cao <dcao@...>
Yes, we recently ran some performance tests with the gorouter.
You can find the results in this doc [1] and raw results and additional graphs [2] Related stories in tracker [3][4] [image: Inline image 1] [image: Inline image 2] [1] Google doc: https://docs.google.com/document/d/18rrh0MNjCljd1Kt4L2mZuV2GPvO-SZZ2rk2eE769JZY/edit?usp=sharing [2] Excel sheet: https://docs.google.com/spreadsheets/d/1uulkoXtlV7haH0oroEKz7zQ5hxeeY8eYA3D7I7jAX9g/edit?usp=sharing [3] https://www.pivotaltracker.com/story/show/92895056 [4] https://www.pivotaltracker.com/story/show/93362206 On Fri, May 29, 2015 at 1:14 PM, john mcteague <john.mcteague(a)gmail.com> wrote: Is there any perf test data on the gorouter? Number of parallel
|
|
|
|
Gorouter throughput
john mcteague <john.mcteague@...>
Is there any perf test data on the gorouter? Number of parallel connections
possible given a specific VM size would help us in our sizing efforts. Thanks
|
|
|
|
Re: Setting Org Manager via API
Daniel Jones
Hi Dieu,
toggle quoted messageShow quoted text
Thanks for the response. Yep, that answers my question, and addresses some of the assumptions I'd been making. Good to hear the changes will be coming in v3. Have a good weekend!
On Fri, May 29, 2015 at 6:37 PM, Dieu Cao <dcao(a)pivotal.io> wrote:
Yes, we'd recommend using only the role methods on the organization --
Regards, Daniel Jones EngineerBetter.com
|
|
|
|
Re: Is CF etcd job using the latest etcd 2.0 release?
John Wong
Thank you Dieu.
toggle quoted messageShow quoted text
This is great to know. John
On Fri, May 29, 2015 at 1:11 PM, Dieu Cao <dcao(a)pivotal.io> wrote:
In cf-release v210 [1] we upgraded etcd to v2.0.1.
|
|
|
|
Re: Monitor all outbound connections from apps in warden
Dieu Cao <dcao@...>
You could set up a security group that logs all outbound connections.
These are logged on the DEAs. You would then need to correlate the warden handle with the application. I'm working with the docs team on getting this feature properly documented. Relevant stories where this feature was added. [1] https://www.pivotaltracker.com/story/show/73905126 [2] https://www.pivotaltracker.com/story/show/90078842 I don't know how you would do this via buildpacks. -Dieu CF Runtime PM On Fri, May 29, 2015 at 6:59 AM, Michael Grifalconi < michael.grifalconi(a)studenti.unimi.it> wrote: Hello all,
|
|
|
|
Re: Setting Org Manager via API
Dieu Cao <dcao@...>
Yes, we'd recommend using only the role methods on the organization
resource as a general rule. Those roles are org specific so yes the association only exists to facillitate granting of org roles. I'm not sure if that answers your question? The /v2 end points have a certain amount of difficult to change meta magic. It's a known issue that deletes are returning 201's but it is actually surprisingly hard to fix. We'll address this as things move over to /v3 end points. -Dieu On Fri, May 29, 2015 at 1:59 AM, Daniel Jones < daniel.jones(a)engineerbetter.com> wrote: Thanks for the clarification.
|
|
|
|
Re: Is CF etcd job using the latest etcd 2.0 release?
Dieu Cao <dcao@...>
In cf-release v210 [1] we upgraded etcd to v2.0.1.
toggle quoted messageShow quoted text
We're currently running it with 3 nodes in our CI and Prod environments. We'll be looking at upgrading to v2.0.11 in the next couple of weeks. -Dieu [1] https://github.com/cloudfoundry/cf-release/releases/tag/v210
On Fri, May 29, 2015 at 8:08 AM, John Wong <gokoproject(a)gmail.com> wrote:
I remember in the older version of CF release, CF was using an older
|
|
|
|
Is CF etcd job using the latest etcd 2.0 release?
John Wong
I remember in the older version of CF release, CF was using an older
version of etcd (v.0,4.x), which has issue running etcd in cluster mode from time to time, and there was a discussion that we would move to v0.5.x which has been renamed to v2.X. Have we upgraded to the latest release? Previous discussion: https://groups.google.com/a/cloudfoundry.org/forum/#!searchin/vcap-dev/etcd$20Raft/vcap-dev/fQ0PD3oPh90/joW4fHBx5H0J Thanks. John
|
|
|
|
Re: api and api_worker jobs fail to bosh update, but monit start OK
For similar further diagnostics, I've updated docs with a working way to be
toggle quoted messageShow quoted text
able to invoke steno-prettify to get cc_ng logs as timestamps, cf https://github.com/cloudfoundry/docs-running-cf/pull/7/files BTW, has anyone tried a log conversion for cc_ng logs collected into a syslog endpoint (such as a logstash filter that invokes the steno-prettify command or an equivalent ) ? Besides, I ran into the bin/console pry shell that seems to open interesting diagnostic/db interaction opportunities. If there are example of common cases using it, I'd be happy to test and report them in cf docs, to refine [2] [1] https://github.com/cloudfoundry/docs-running-cf/pull/7/files [2] https://github.com/Orange-OpenSource/docs-running-cf/commit/cc46acc26eff50988a652acc3582c7573d6c8c8e
|
|
|
|
Cloud Foundry install documentation
Tom Sherrod <tom.sherrod@...>
What version of Cloud Foundry works with
http://docs.cloudfoundry.org/deploying/openstack/install_cf_openstack.html Any pointers for the latest versions? How can we get this doc updated? Tom
|
|
|
|
Monitor all outbound connections from apps in warden
Michael Grifalconi <michael.grifalconi@...>
Hello all,
How can I monitor (and log) all the outbound connection made from an application? I would like to do by editing buildpacks: edit the buildpack to run a netstat command every 10 sec and send a log of the estabilished connections.. I would also be able to sniff the traffic, is it possible to run a tcpdump with some filters and send logs with the result? All by editing the buildpack. I think the process will not have the necessary privileges.. Any hint is appreciated! Thank you! Michael **************** Per destinare il 5x1000 all'Universita' degli Studi di Milano: indicare nella dichiarazione dei redditi il codice fiscale 80012650158. http://www.unimi.it/13084.htm?utm_source=firmaMail&utm_medium=email&utm_content=linkFirmaEmail&utm_campaign=5xmille
|
|
|
|
Re: Setting Org Manager via API
Daniel Jones
Thanks for the clarification.
toggle quoted messageShow quoted text
Would you recommend using only the role methods on the organization resource (as opposed to on /users/) as a general rule? Just for my own understanding, would it be correct to say the org-user association exists under the hood to facilitate the granting of org roles? Does this association get used anywhere other than determining roles on orgs? I know it sounds like a bit of a daft question, but I'd always assumed users and orgs were linked *only* if they had a role. Is it intentional that Remove Auditor from the Organization <http://apidocs.cloudfoundry.org/210/organizations/remove_auditor_from_the_organization.html> returns a "201 Created" for a delete request?
On Fri, May 29, 2015 at 12:20 AM, CF Runtime <cfruntime(a)gmail.com> wrote:
Hi Daniel, --
Regards, Daniel Jones EngineerBetter.com
|
|
|
