1. Topics
  2. Cannot start access_z1

Cannot start access_z1

Stanley Shen <meteorping@...>
 

Hello, all

I am trying to deploy cf+diego to AWS based on the minimal-aws.yml provided in cf-release project.
And I add some jobs for diego.

Right now the access_z1 is not started up and here are the errors:

====================================
head ssh_proxy.stderr.log
panic: uaaTokenURL is required for Cloud Foundry authentication

goroutine 1 [running]:
github.com/pivotal-golang/lager.(*logger).Fatal(0xc20805c120, 0xa162b0, 0x10, 0x7f5b697e8b40, 0xc20802aab0, 0x0, 0x0, 0x0)
/var/vcap/packages/ssh_proxy/src/github.com/pivotal-golang/lager/logger.go:152 +0x5d0
main.configureProxy(0x7f5b697ed770, 0xc20805c120, 0xc2080a5ef0, 0x0, 0x0)
/var/vcap/packages/ssh_proxy/src/github.com/cloudfoundry-incubator/diego-ssh/cmd/ssh-proxy/main.go:205 +0x9b7
main.main()
/var/vcap/packages/ssh_proxy/src/github.com/cloudfoundry-incubator/diego-ssh/cmd/ssh-proxy/main.go:137 +0x1ab
=============================
head ssh_proxy.stdout.log
{"timestamp":"1453790308.941943645","source":"ssh-proxy","message":"ssh-proxy.uaa-url-required","log_level":3,"data":{"error":"uaaTokenURL is required for Cloud Foundry authentication","trace":"goroutine 1 [running]:\ngithub.com/pivotal-golang/lager.(*logger).Fatal(0xc20805c120, 0xa162b0, 0x10, 0x7f5b697e8b40, 0xc20802aab0, 0x0, 0x0, 0x0)\n\t/var/vcap/packages/ssh_proxy/src/github.com/pivotal-golang/lager/logger.go:131 +0xc8\nmain.configureProxy(0x7f5b697ed770, 0xc20805c120, 0xc2080a5ef0, 0x0, 0x0)\n\t/var/vcap/packages/ssh_proxy/src/github.com/cloudfoundry-incubator/diego-ssh/cmd/ssh-proxy/main.go:205 +0x9b7\nmain.main()\n\t/var/vcap/packages/ssh_proxy/src/github.com/cloudfoundry-incubator/diego-ssh/cmd/ssh-proxy/main.go:137 +0x1ab\n"}}

From the error message it's about the uaa_token_url is not provided.
But I did provided it in deployment like this:
=====================================
ssh_proxy:
bbs:
api_location: bbs.service.cf.internal:8889
ca_cert: |+
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
client_cert: |+
-----END CERTIFICATE-----
client_key: |+
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
client_session_cache_size: null
max_idle_conns_per_host: null
require_ssl: false
diego_credentials: null
enable_cf_auth: true
enable_diego_auth: false
host_key: |+
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
servers:
- 10.0.16.106
uaa_secret: null
uaa_token_url: https://uaa.MyDomain/oauth/token
ssl:
skip_cert_verify: true


And my env is:
================================
+--------------+-----------------+-------------+
| Name | Versions | Commit Hash |
+--------------+-----------------+-------------+
| cf | 226+dev.1* | 5de34b6a |
| diego | 0.1442.0+dev.1* | 375c6064 |
| etcd | 18* | 52f3a004+ |
| garden-linux | 0.328.0* | ce51a708 |
+--------------+-----------------+-------------+

+-----------------------------------------+---------------+---------+--------------------+
| Name | OS | Version | CID |
+-----------------------------------------+---------------+---------+--------------------+
| bosh-aws-xen-hvm-ubuntu-trusty-go_agent | ubuntu-trusty | 3177* | ami-7eafb41f light |
+-----------------------------------------+---------------+---------+--------------------+


Can someone help on it, do I missed any configuration to make access running up?
Eric Malm <emalm@...>
 

Hi, Stanley,

I think you're missing the 'ssh_proxy.uaa_secret' value in your manifest.
This should be the same value as the secret in the 'ssh-proxy' client
that's registered with UAA. The Diego team just finished a story (
https://www.pivotaltracker.com/story/show/109642196) to make this
configuration more transparent, and we'll be doing one shortly (
https://www.pivotaltracker.com/story/show/107970964) to update the SSH
configuration docs to explain the UAA configuration that's required. For
now, it should suffice for you to add a client like the one at
https://github.com/cloudfoundry/cf-release/blob/master/bosh-lite/stubs/enable-diego-ssh.yml#L11-L17
to the list of UAA clients in your CF manifest, if you haven't done so
already.

Thanks,
Eric, CF Runtime Diego PM

On Mon, Jan 25, 2016 at 11:24 PM, Stanley Shen <meteorping(a)gmail.com> wrote:

Hello, all

I am trying to deploy cf+diego to AWS based on the minimal-aws.yml
provided in cf-release project.
And I add some jobs for diego.

Right now the access_z1 is not started up and here are the errors:

====================================
head ssh_proxy.stderr.log
panic: uaaTokenURL is required for Cloud Foundry authentication

goroutine 1 [running]:
github.com/pivotal-golang/lager.(*logger).Fatal(0xc20805c120, 0xa162b0,
0x10, 0x7f5b697e8b40, 0xc20802aab0, 0x0, 0x0, 0x0)
/var/vcap/packages/ssh_proxy/src/
github.com/pivotal-golang/lager/logger.go:152 +0x5d0
main.configureProxy(0x7f5b697ed770, 0xc20805c120, 0xc2080a5ef0, 0x0, 0x0)
/var/vcap/packages/ssh_proxy/src/
github.com/cloudfoundry-incubator/diego-ssh/cmd/ssh-proxy/main.go:205
+0x9b7
main.main()
/var/vcap/packages/ssh_proxy/src/
github.com/cloudfoundry-incubator/diego-ssh/cmd/ssh-proxy/main.go:137
+0x1ab
=============================
head ssh_proxy.stdout.log
{"timestamp":"1453790308.941943645","source":"ssh-proxy","message":"ssh-proxy.uaa-url-required","log_level":3,"data":{"error":"uaaTokenURL
is required for Cloud Foundry authentication","trace":"goroutine 1
[running]:\ngithub.com/pivotal-golang/lager.(*logger).Fatal(0xc20805c120,
0xa162b0, 0x10, 0x7f5b697e8b40, 0xc20802aab0, 0x0, 0x0,
0x0)\n\t/var/vcap/packages/ssh_proxy/src/
github.com/pivotal-golang/lager/logger.go:131
+0xc8\nmain.configureProxy(0x7f5b697ed770, 0xc20805c120, 0xc2080a5ef0, 0x0,
0x0)\n\t/var/vcap/packages/ssh_proxy/src/
github.com/cloudfoundry-incubator/diego-ssh/cmd/ssh-proxy/main.go:205
+0x9b7\nmain.main()\n\t/var/vcap/packages/ssh_proxy/src/
github.com/cloudfoundry-incubator/diego-ssh/cmd/ssh-proxy/main.go:137
+0x1ab\n"}}

From the error message it's about the uaa_token_url is not provided.
But I did provided it in deployment like this:
=====================================
ssh_proxy:
bbs:
api_location: bbs.service.cf.internal:8889
ca_cert: |+
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
client_cert: |+
-----END CERTIFICATE-----
client_key: |+
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
client_session_cache_size: null
max_idle_conns_per_host: null
require_ssl: false
diego_credentials: null
enable_cf_auth: true
enable_diego_auth: false
host_key: |+
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
servers:
- 10.0.16.106
uaa_secret: null
uaa_token_url: https://uaa.MyDomain/oauth/token
ssl:
skip_cert_verify: true


And my env is:
================================
+--------------+-----------------+-------------+
| Name | Versions | Commit Hash |
+--------------+-----------------+-------------+
| cf | 226+dev.1* | 5de34b6a |
| diego | 0.1442.0+dev.1* | 375c6064 |
| etcd | 18* | 52f3a004+ |
| garden-linux | 0.328.0* | ce51a708 |
+--------------+-----------------+-------------+


+-----------------------------------------+---------------+---------+--------------------+
| Name | OS | Version | CID
|

+-----------------------------------------+---------------+---------+--------------------+
| bosh-aws-xen-hvm-ubuntu-trusty-go_agent | ubuntu-trusty | 3177* |
ami-7eafb41f light |

+-----------------------------------------+---------------+---------+--------------------+


Can someone help on it, do I missed any configuration to make access
running up?

?
attachment.html

Stanley Shen <meteorping@...>
 

Thanks Eric for detail explanation and it works for me.
1 - 3 of 3