Pas Apicella

Subscribe to Pas Apicella feed
Information on Pivotal Cloud Foundry (PAS/PKS/PFS) - Continuously deliver any app to every major private and public cloud with a single platformPas Apicellahttp://www.blogger.com/profile/09389663166398991762noreply@blogger.comBlogger431125
Updated: 15 hours 40 min ago

Wiring kubectl / Setup external LB on GCP into Pivotal Container Service (PKS) clusters to get started

Tue, 2018-04-03 22:45
Now that I have PCF 2.1 running with PKS 1.0 installed and a cluster up and running how would I get started accessing that cluster? Here are the steps for GCP (Google Cloud Platform) install of PCF 2.1 with PKS 1.0. It goes through the requirements around an External LB for the cluster as well as wiring kubectl into the cluster to get started creating deployments.

Previous blog as follows:

http://theblasfrompas.blogspot.com.au/2018/04/install-pivotal-container-service-pks.html

1. First we will want an external Load Balancer for our K8's clusters which will need to exist and it would be a TCP Load balancer using Port 8443 which is the port the master node would run on. The external IP address is what you will need to use in the next step



2. Create a Firewall Rule for the LB with details as follows.

Note: the LB name is "pks-cluster-api-1". Make sure to include the network tag and select the network you installed PKS on.

  • Network: Make sure to select the right network. Choose the value that matches with the VPC Network name you installed PKS on
  • Ingress - Allow
  • Target: pks-cluster-api-1
  • Source: 0.0.0.0/0
  • Ports: tcp:8443





3. Now you could easily just create a cluster using the external IP address from above or use a DNS entry which is mapped to the external IP address which is what I have done so I have use a FQDN instead

pasapicella@pas-macbook:~$ pks create-cluster my-cluster --external-hostname cluster1.pks.pas-apples.online --plan small

Name:                     my-cluster
Plan Name:                small
UUID:                     64a086ce-c94f-4c51-95f8-5a5edb3d1476
Last Action:              CREATE
Last Action State:        in progress
Last Action Description:  Creating cluster
Kubernetes Master Host:   cluster1.pks.pas-apples.online
Kubernetes Master Port:   8443
Worker Instances:         3
Kubernetes Master IP(s):  In Progress


4. Now just wait a while while it creates a VM's and runs some tests , it's roughly around 10 minutes. Once done you will see the cluster as created as follows

pasapicella@pas-macbook:~/pivotal/GCP/install/21/PKS$ pks list-clusters

Name        Plan Name  UUID                                  Status     Action
my-cluster  small      64a086ce-c94f-4c51-95f8-5a5edb3d1476  succeeded  CREATE

5. Now one of the VM's created would be the master Vm for the cluster , their a few ways to determine the master VM as shown below.

5.1. Use GCP Console VM instances page and filter by "master"



5.2. Run a bosh command to view the VM's of your deployments. We are interested in the VM's for our cluster service. The master instance is named as "master/ID" as shown below.

$ bosh -e gcp vms --column=Instance --column "Process State" --column "VM CID"

Task 187. Done

Deployment 'service-instance_64a086ce-c94f-4c51-95f8-5a5edb3d1476'

Instance                                     Process State  VM CID
master/13b42afb-bd7c-4141-95e4-68e8579b015e  running        vm-4cfe9d2e-b26c-495c-4a62-77753ce792ca
worker/490a184e-575b-43ab-b8d0-169de6d708ad  running        vm-70cd3928-317c-400f-45ab-caf6fa8bd3a4
worker/79a51a29-2cef-47f1-a6e1-25580fcc58e5  running        vm-e3aa47d8-bb64-4feb-4823-067d7a4d4f2c
worker/f1f093e2-88bd-48ae-8ffe-b06944ea0a9b  running        vm-e14dde3f-b6fa-4dca-7f82-561da9c03d33

4 vms

6. Attach the VM to the load balancer backend configuration as shown below.



7. Now we can get the credentials from PKS CLI and pass them to kubectl as shown below

pasapicella@pas-macbook:~/pivotal/GCP/install/21/PKS$ pks get-credentials my-cluster

Fetching credentials for cluster my-cluster.
Context set for cluster my-cluster.

You can now switch between clusters by using:
$kubectl config use-context

pasapicella@pas-macbook:~/pivotal/GCP/install/21/PKS$ kubectl cluster-info
Kubernetes master is running at https://cluster1.pks.domain-name:8443
Heapster is running at https://cluster1.pks.domain-name:8443/api/v1/namespaces/kube-system/services/heapster/proxy
KubeDNS is running at https://cluster1.pks.domain-name:8443/api/v1/namespaces/kube-system/services/kube-dns/proxy
monitoring-influxdb is running at https://cluster1.pks.domain-name:8443/api/v1/namespaces/kube-system/services/monitoring-influxdb/proxy

8. To verify it worked for you here are some commands you would run. The "kubectl cluster-info" is one of those.

pasapicella@pas-macbook:~/pivotal/GCP/install/21/PKS$ kubectl get componentstatus
NAME                 STATUS    MESSAGE              ERROR
controller-manager   Healthy   ok
scheduler            Healthy   ok
etcd-0               Healthy   {"health": "true"}

pasapicella@pas-macbook:~/pivotal/GCP/install/21/PKS$ kubectl get pods
No resources found.

pasapicella@pas-macbook:~/pivotal/GCP/install/21/PKS$ kubectl get deployments
No resources found.

9. Finally lets start the Kubernetes UI to monitor this cluster. We do that as easily as this.

pasapicella@pas-macbook:~/pivotal/GCP/install/21/PKS$ kubectl proxy
Starting to serve on 127.0.0.1:8001  

The UI URL requires you to append /ui to the url above

Eg: http://127.0.0.1:8001/ui

Note: It will prompt you for the kubectl config file which would be in the $HOME/.kube/config file. Failure to present this means the UI won't show you much and give lost of warnings




More Info

https://docs.pivotal.io/runtimes/pks/1-0/index.html
Categories: Fusion Middleware

Install Pivotal Container Service (PKS) on GCP and getting started

Tue, 2018-04-03 20:15
With the release of Pivotal Cloud Foundry 2.1 (PCF) I decided this time to install Pivotal Application Service (PAS) as well as Pivotal Container Service (PKS) using the one Bosh Director which isn't recommended for production installs BUT ok for dev installs. Once installed you will have both the PAS tile and PKS tile as shown below.

https://content.pivotal.io/blog/pivotal-cloud-foundry-2-1-adds-cloud-native-net-envoy-native-service-discovery-to-boost-your-transformation


So here is how to get started with PKS once it's installed

1. Create a user for the PKS client to login with.

1.1. ssh into the ops manager VM

1.2. Target the UAA endpoint for PKS this was setup in the PKS tile

ubuntu@opsman-pcf:~$ uaac target https://PKS-ENDPOINT:8443 --skip-ssl-validation
Unknown key: Max-Age = 86400

Target: https://PKS-ENDPOINT:8443

1.3. Authenticate with UAA using the secret you retrieve from the PKS tile / Credentials tab as shown in the image below. Run the following command, replacing UAA-ADMIN-SECRET with your UAA admin secret

ubuntu@opsman-pcf:~$ uaac token client get admin -s UAA-ADMIN-SECRET
Unknown key: Max-Age = 86400

Successfully fetched token via client credentials grant.
Target: https://PKS-ENDPIONT:8443
Context: admin, from client admin



1.4. Create an ADMIN user as shown below using the UAA-ADMIN-SECRET password obtained form ops manager UI as shown above

ubuntu@opsman-pcf:~$ uaac user add pas --emails papicella@pivotal.io -p PASSWD
user account successfully added

ubuntu@opsman-pcf:~$ uaac member add pks.clusters.admin pas
success

2. Now lets login using the PKS CLI with a new admin user we created

pasapicella@pas-macbook:~$ pks login -a PKS-ENDPOINT -u pas -p PASSWD -k

API Endpoint: pks-api.pks.pas-apples.online
User: pas

3. You can test whether you have a DNS issue with a command as follows. 

Note: A test as follows determines any DNS issues you may have

pasapicella@pas-macbook:~$ nc -vz PKS-ENDPOINT 8443
found 0 associations
found 1 connections:
     1: flags=82
outif en0
src 192.168.1.111 port 62124
dst 35.189.1.209 port 8443
rank info not available
TCP aux info available

Connection to PKS-ENDPOINT port 8443 [tcp/pcsync-https] succeeded!

4. You can run a simple command to verify your connected as follows, below shows no K8's clusters exist at this stage

pasapicella@pas-macbook:~$ pks list-clusters

Name  Plan Name  UUID  Status  Action

You can use PKS CLI to create a new cluster, view clusters, resize clusters etc

pasapicella@pas-macbook:~$ pks

The Pivotal Container Service (PKS) CLI is used to create, manage, and delete Kubernetes clusters. To deploy workloads to a Kubernetes cluster created using the PKS CLI, use the Kubernetes CLI, kubectl.

Version: 1.0.0-build.3

Note: The PKS CLI is under development, and is subject to change at any time.

Usage:
  pks [command]

Available Commands:
  cluster         View the details of the cluster
  clusters        Show all clusters created with PKS
  create-cluster  Creates a kubernetes cluster, requires cluster name and an external host name
  delete-cluster  Deletes a kubernetes cluster, requires cluster name
  get-credentials Allows you to connect to a cluster and use kubectl
  help            Help about any command
  login           Login to PKS
  logout          Logs user out of the PKS API
  plans           View the preconfigured plans available
  resize          Increases the number of worker nodes for a cluster

Flags:
  -h, --help      help for pks
      --version   version for pks

Use "pks [command] --help" for more information about a command.

5. You would create a cluster as follows now you have logged in and yu will get aK8's cluster to begin working with

pasapicella@pas-macbook:~$ pks create-cluster my-cluster --external-hostname EXT-LB-HOST --plan small

Name:                     my-cluster
Plan Name:                small
UUID:                     64a086ce-c94f-4c51-95f8-5a5edb3d1476
Last Action:              CREATE
Last Action State:        in progress
Last Action Description:  Creating cluster
Kubernetes Master Host:   cluster1.FQDN
Kubernetes Master Port:   8443
Worker Instances:         3
Kubernetes Master IP(s):  In Progress

Finally when done you will see "Last Action:" as "succeeded" as shown below

pasapicella@pas-macbook:~$ pks cluster my-cluster

Name:                     my-cluster
Plan Name:                small
UUID:                     64a086ce-c94f-4c51-95f8-5a5edb3d1476
Last Action:              CREATE
Last Action State:        succeeded
Last Action Description:  Instance provisioning completed
Kubernetes Master Host:   cluster1.FQDN
Kubernetes Master Port:   8443
Worker Instances:         3
Kubernetes Master IP(s):  MASTER-IP-ADDRESS

More Info

https://docs.pivotal.io/runtimes/pks/1-0/index.html


Categories: Fusion Middleware

Pivotal Cloud Foundry Healthwatch for Pivotal Cloud Foundry 2.0 on GCP

Thu, 2018-03-15 01:29
I decided to eventually install PCF Healthwatch on my Google Cloud Platform PCF 2.0 instance. Installing it is straight forward using Ops Manager UI and once installed it will look like this.

Note: This is PCF 2.0 on GCP


Once installed the application for the Web UI end point would be as follows. The login username and password is the UAA admin user . By default the property "healthwatch.read" credential is given to this user only. You can always create a new user that has this credential role if you like.

https://healthwatch.SYSTEM-DOMAIN

The main page has various useful information and more then enough to show you what's happening in your PCF instance as shown below.



Clicking on any of the headings for each tile you can get more detailed information. The two screen shots below show some CF CLI command history tests like a "cf push" , "cf logs" and also what is happening within the Diego cells in terms of "Memory, Disk and the Containers" themselves.




More Information

https://docs.pivotal.io/pcf-healthwatch/1-1/index.html
Categories: Fusion Middleware

Just gave CFDEV a quick test and it's easy and includes BOSH!!!!

Sun, 2018-03-11 01:57
CF Dev is a new distribution of Cloud Foundry designed to run on a developer’s laptop or workstation using native hypervisors and a fully functional BOSH Director.

I decided to give it a test run today and it's fast and easy full CF experience deployed through the CF CLI plugin as described in the GitHub project

  https://github.com/pivotal-cf/cfdev

Here we run some bosh commands once it's up and running. You can't run BOSH commands without first setting your ENV to use the correct bosh director which you do as follows

  $ eval "$(cf dev bosh env)"

pasapicella@pas-macbook:~/apps/ENV/cfdev$ bosh deployments
Using environment '10.245.0.2' as client 'admin'

Name  Release(s)                    Stemcell(s)                                          Team(s)  Cloud Config
cf    binary-buildpack/1.0.15       bosh-warden-boshlite-ubuntu-trusty-go_agent/3468.17  -        latest
      bosh-dns/0.2.0
      capi/1.46.0
      cf-mysql/36.10.0
      cf-networking/1.9.0
      cf-smoke-tests/40
      cf-syslog-drain/5
      cflinuxfs2/1.179.0
      consul/191
      diego/1.32.1
      dotnet-core-buildpack/1.0.32
      garden-runc/1.10.0
      go-buildpack/1.8.15
      grootfs/0.30.0
      java-buildpack/4.7.1
      loggregator/99
      nats/22
      nodejs-buildpack/1.6.13
      php-buildpack/4.3.46
      python-buildpack/1.6.4
      routing/0.169.0
      ruby-buildpack/1.7.8
      staticfile-buildpack/1.4.20
      statsd-injector/1.0.30
      uaa/53.3

1 deployments

Succeeded

pasapicella@pas-macbook:~/apps/ENV/cfdev$ bosh stemcells
Using environment '10.245.0.2' as client 'admin'

Name                                         Version   OS             CPI  CID
bosh-warden-boshlite-ubuntu-trusty-go_agent  3468.17*  ubuntu-trusty  -    54a8d4c1-5a02-4d89-5648-1132914a0cb8

(*) Currently deployed

1 stemcells

Succeeded

You can simply use the CF CLI as follows once you target the correct API endpoint and login as follows

pasapicella@pas-macbook:~/apps/ENV/cfdev$ cf api https://api.v3.pcfdev.io --skip-ssl-validation
Setting api endpoint to https://api.v3.pcfdev.io...
OK

api endpoint:   https://api.v3.pcfdev.io
api version:    2.100.0
Not logged in. Use 'cf login' to log in.

and to log in ...

pasapicella@pas-macbook:~/apps/ENV/cfdev$ cf login -o cfdev-org -u admin -p admin
API endpoint: https://api.v3.pcfdev.io
Authenticating...
OK

Targeted org cfdev-org

Targeted space cfdev-space

API endpoint:   https://api.v3.pcfdev.io (API version: 2.100.0)
User:           admin
Org:            cfdev-org
Space:          cfdev-space
Categories: Fusion Middleware

Spring boot 2 Actuator Support and Pivotal Cloud Foundry 2.0

Sun, 2018-03-04 04:29
With Spring Boot Actuator you get production-ready features to your application. The main benefit of this library is that we can get production grade tools without having to actually implement these features ourselves.

Actuator is mainly used to expose operational information about the running application – health, metrics, info, dump, env, etc. It uses HTTP endpoints or JMX beans to enable us to interact with it.

In this post we will show how Spring Boot 2.0 Actuator endpoints are automatically integrated into Pivotal Cloud Foundry Apps Manager.

1. Clone the following project as shown below

pasapicella@pas-macbook:~/temp$ git clone https://github.com/papicella/springboot-actuator-2-demo.git
Cloning into 'springboot-actuator-2-demo'...
remote: Counting objects: 57, done.
remote: Compressing objects: 100% (8/8), done.
remote: Total 57 (delta 0), reused 6 (delta 0), pack-reused 48
Unpacking objects: 100% (57/57), done.

2. Package as follows

pasapicella@pas-macbook:~/temp/springboot-actuator-2-demo$ mvn package
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building springboot-autuator-2-demo 0.0.1-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- maven-resources-plugin:3.0.1:resources (default-resources) @ springboot-autuator-2-demo ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO] Copying 1 resource

...

[INFO]
[INFO] --- maven-jar-plugin:3.0.2:jar (default-jar) @ springboot-autuator-2-demo ---
[INFO] Building jar: /Users/pasapicella/temp/springboot-actuator-2-demo/target/springboot-autuator-2-demo-0.0.1-SNAPSHOT.jar
[INFO]
[INFO] --- spring-boot-maven-plugin:2.0.0.M7:repackage (default) @ springboot-autuator-2-demo ---
[INFO]
[INFO] --- maven-dependency-plugin:3.0.1:unpack (unpack) @ springboot-autuator-2-demo ---
[INFO] Configured Artifact: com.example:springboot-autuator-2-demo:0.0.1-SNAPSHOT:jar
[INFO] Unpacking /Users/pasapicella/temp/springboot-actuator-2-demo/target/springboot-autuator-2-demo-0.0.1-SNAPSHOT.jar to /Users/pasapicella/temp/springboot-actuator-2-demo/target/dependency with includes "" and excludes ""
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3.650 s
[INFO] Finished at: 2018-03-04T21:04:08+11:00
[INFO] Final Memory: 46M/594M
[INFO] ------------------------------------------------------------------------

3. Deploy as follows

pasapicella@pas-macbook:~/temp/springboot-actuator-2-demo$ cf push
Pushing from manifest to org apples-pivotal-org / space development as papicella@pivotal.io...
Using manifest file /Users/pasapicella/temp/springboot-actuator-2-demo/manifest.yml
Getting app info...
Updating app with these attributes...
  name:                springboot-actuator-appsmanager
  path:                /Users/pasapicella/temp/springboot-actuator-2-demo/target/springboot-autuator-2-demo-0.0.1-SNAPSHOT.jar
  buildpack:           client-certificate-mapper=1.5.0_RELEASE container-security-provider=1.13.0_RELEASE java-buildpack=v4.9-offline-https://github.com/cloudfoundry/java-buildpack.git#830f4c3 java-main java-opts java-security jvmkill-agent=1.12.0_RELEASE open-jdk-l...
  command:             JAVA_OPTS="-agentpath:$PWD/.java-buildpack/open_jdk_jre/bin/jvmkill-1.12.0_RELEASE=printHeapHistogram=1 -Djava.io.tmpdir=$TMPDIR -Djava.ext.dirs=$PWD/.java-buildpack/container_security_provider:$PWD/.java-buildpack/open_jdk_jre/lib/ext -Djava.security.properties=$PWD/.java-buildpack/java_security/java.security $JAVA_OPTS" && CALCULATED_MEMORY=$($PWD/.java-buildpack/open_jdk_jre/bin/java-buildpack-memory-calculator-3.10.0_RELEASE -totMemory=$MEMORY_LIMIT -stackThreads=250 -loadedClasses=17785 -poolType=metaspace -vmOptions="$JAVA_OPTS") && echo JVM Memory Configuration: $CALCULATED_MEMORY && JAVA_OPTS="$JAVA_OPTS $CALCULATED_MEMORY" && MALLOC_ARENA_MAX=2 SERVER_PORT=$PORT eval exec $PWD/.java-buildpack/open_jdk_jre/bin/java $JAVA_OPTS -cp $PWD/. org.springframework.boot.loader.JarLauncher
  disk quota:          1G
  health check type:   port
  instances:           1
  memory:              1G
  stack:               cflinuxfs2
  routes:
    springboot-actuator-appsmanager-forgiving-camel.cfapps.io

Updating app springboot-actuator-appsmanager...
Mapping routes...
Comparing local files to remote cache...
Packaging files to upload...
Uploading files...

...

Waiting for app to start...

name:              springboot-actuator-appsmanager
requested state:   started
instances:         1/1
usage:             1G x 1 instances
routes:            springboot-actuator-appsmanager-forgiving-camel.cfapps.io
last uploaded:     Sun 04 Mar 21:07:03 AEDT 2018
stack:             cflinuxfs2
buildpack:         client-certificate-mapper=1.5.0_RELEASE container-security-provider=1.13.0_RELEASE java-buildpack=v4.9-offline-https://github.com/cloudfoundry/java-buildpack.git#830f4c3
                   java-main java-opts java-security jvmkill-agent=1.12.0_RELEASE open-jdk-l...
start command:     JAVA_OPTS="-agentpath:$PWD/.java-buildpack/open_jdk_jre/bin/jvmkill-1.12.0_RELEASE=printHeapHistogram=1 -Djava.io.tmpdir=$TMPDIR
                   -Djava.ext.dirs=$PWD/.java-buildpack/container_security_provider:$PWD/.java-buildpack/open_jdk_jre/lib/ext -Djava.security.properties=$PWD/.java-buildpack/java_security/java.security
                   $JAVA_OPTS" && CALCULATED_MEMORY=$($PWD/.java-buildpack/open_jdk_jre/bin/java-buildpack-memory-calculator-3.10.0_RELEASE -totMemory=$MEMORY_LIMIT -stackThreads=250 -loadedClasses=17785
                   -poolType=metaspace -vmOptions="$JAVA_OPTS") && echo JVM Memory Configuration: $CALCULATED_MEMORY && JAVA_OPTS="$JAVA_OPTS $CALCULATED_MEMORY" && MALLOC_ARENA_MAX=2 SERVER_PORT=$PORT
                   eval exec $PWD/.java-buildpack/open_jdk_jre/bin/java $JAVA_OPTS -cp $PWD/. org.springframework.boot.loader.JarLauncher

     state     since                  cpu      memory         disk           details
#0   running   2018-03-04T10:08:16Z   196.2%   385.7M of 1G   157.4M of 1G

4. The application.yml exposes all methods and is totally unsecure so you would not want to do this in a production application. The application is deployed using an application.yml as follows.

spring:
  application:
    name: PCFSpringBootActuatorDemo
  jpa:
    hibernate:
      ddl-auto: update
management:
  endpoint:
    health:
      show-details: true
  endpoints:
    web:
      expose: '*'
      enabled: true
    jmx:
      expose: '*'
      enabled: true

Once deployed Pivotal Cloud Foundry Apps Manager will show the Spring Icon and use the Actuator endpoints.





Lets invoke some of the Actuator endpoints using HTTPIE or CURL if you like. Remember we have exposed all web endpoints allowing us to do this. One thing that has changed form Actuator 1.x to 2.0 is the endpoints are now mapped to /actuator out of the box. You can get all that are available endpoints just by invoking /actuator as shown below using a GET RESTful call.

pasapicella@pas-macbook:~/temp/springboot-actuator-2-demo$ http http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator
HTTP/1.1 200 OK
Connection: keep-alive
Content-Type: application/vnd.spring-boot.actuator.v2+json;charset=UTF-8
Date: Sun, 04 Mar 2018 10:13:38 GMT
X-Vcap-Request-Id: 22116a58-f689-4bd9-448c-023bae2ed5ec
transfer-encoding: chunked

{
    "_links": {
        "auditevents": {
            "href": "http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/auditevents",
            "templated": false
        },
        "beans": {
            "href": "http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/beans",
            "templated": false
        },
        "conditions": {
            "href": "http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/conditions",
            "templated": false
        },
        "configprops": {
            "href": "http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/configprops",
            "templated": false
        },
        "env": {
            "href": "http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/env",
            "templated": false
        },
        "env-toMatch": {
            "href": "http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/env/{toMatch}",
            "templated": true
        },
        "health": {
            "href": "http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/health",
            "templated": false
        },
        "heapdump": {
            "href": "http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/heapdump",
            "templated": false
        },
        "info": {
            "href": "http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/info",
            "templated": false
        },
        "loggers": {
            "href": "http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/loggers",
            "templated": false
        },
        "loggers-name": {
            "href": "http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/loggers/{name}",
            "templated": true
        },
        "mappings": {
            "href": "http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/mappings",
            "templated": false
        },
        "metrics": {
            "href": "http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/metrics",
            "templated": false
        },
        "metrics-requiredMetricName": {
            "href": "http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/metrics/{requiredMetricName}",
            "templated": true
        },
        "scheduledtasks": {
            "href": "http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/scheduledtasks",
            "templated": false
        },
        "self": {
            "href": "http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator",
            "templated": false
        },
        "threaddump": {
            "href": "http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/threaddump",
            "templated": false
        },
        "trace": {
            "href": "http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/trace",
            "templated": false
        }
    }
}

pasapicella@pas-macbook:~/temp/springboot-actuator-2-demo$ http http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/health
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 183
Content-Type: application/vnd.spring-boot.actuator.v2+json;charset=UTF-8
Date: Sun, 04 Mar 2018 10:16:03 GMT
X-Vcap-Request-Id: be45c751-b77d-4e7c-77b6-0d7affa0fe16

{
    "details": {
        "db": {
            "details": {
                "database": "H2",
                "hello": 1
            },
            "status": "UP"
        },
        "diskSpace": {
            "details": {
                "free": 908681216,
                "threshold": 10485760,
                "total": 1073741824
            },
            "status": "UP"
        }
    },
    "status": "UP"
}

pasapicella@pas-macbook:~/temp/springboot-actuator-2-demo$ http http://springboot-actuator-appsmanager-forgiving-camel.cfapps.io/actuator/trace
HTTP/1.1 200 OK
Connection: keep-alive
Content-Type: application/vnd.spring-boot.actuator.v2+json;charset=UTF-8
Date: Sun, 04 Mar 2018 10:19:46 GMT
X-Vcap-Request-Id: e0c86f51-dcc4-4349-41d2-6b603677c3f4
transfer-encoding: chunked

{
    "traces": [
        {
            "info": {
                "headers": {
                    "request": {
                        "accept": "*/*",
                        "accept-encoding": "gzip, deflate",
                        "host": "springboot-actuator-appsmanager-forgiving-camel.cfapps.io",
                        "user-agent": "HTTPie/0.9.9",
                        "x-b3-spanid": "0ad427a9f13bad0c",
                        "x-b3-traceid": "0ad427a9f13bad0c",
                        "x-cf-applicationid": "c1e50a41-5e1e-475f-b9e6-116a7acd98a2",
                        "x-cf-instanceid": "db74a5d2-ac72-4c45-539a-118f",
                        "x-cf-instanceindex": "0",
                        "x-forwarded-port": "80",
                        "x-forwarded-proto": "http",
                        "x-request-start": "1520158694338",
                        "x-vcap-request-id": "5f1e5572-a841-4e3f-4b6f-2cfd0c0ccc8e"
                    },
                    "response": {
                        "Content-Type": "application/vnd.spring-boot.actuator.v2+json;charset=UTF-8",
                        "Date": "Sun, 04 Mar 2018 10:18:14 GMT",

...

More Information

https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-endpoints.html
Categories: Fusion Middleware

Pivotal Cloud Foundry App Instance Routing in HTTP Headers

Thu, 2018-01-18 04:26
Developers who want to obtain debug data for a specific instance of an app can use the HTTP header X-CF-APP-INSTANCE to make a request to an app instance. To demonstrate how we can write a Spring Boot application which simply outputs the current CF app index so we are sure we are hitting the right application container.

Simplest way to do that is to define a RestController using Spring Boot as follows which then enables us to get the current application index and verify we are hitting the right container instance.
  
package com.example.pas;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class DemoRest
{
private final String ip;
private final String index;

@Autowired
public DemoRest
(@Value("${CF_INSTANCE_IP:127.0.0.1}") String ip,
@Value("${CF_INSTANCE_INDEX:0}") String index) {
this.ip = ip;
this.index = index;
}

@RequestMapping("/")
public InstanceDetail getAppDetails()
{
InstanceDetail instanceDetail = new InstanceDetail(ip, index);

return instanceDetail;
}
}

So with the application deployed as see we have 3 instances as follows

pasapicella@pas-macbook:~$ cf app pas-pcf-routingdemo
Showing health and status for app pas-pcf-routingdemo in org pivot-papicella / space dotnet as papicella@pivotal.io...

name:                pas-pcf-routingdemo
requested state:     started
instances:           3/3
isolation segment:   main
usage:               756M x 3 instances
routes:              pas-pcf-routingdemo-incidental-curia.pcfbeta.io
last uploaded:       Thu 18 Jan 20:41:26 AEDT 2018
stack:               cflinuxfs2
buildpack:           client-certificate-mapper=1.4.0_RELEASE container-security-provider=1.11.0_RELEASE java-buildpack=v4.7.1-offline-https://github.com/cloudfoundry/java-buildpack.git#6a3361a
                     java-main java-opts java-security jvmkill-agent=1... (no decorators apply)

     state     since                  cpu    memory           disk           details
#0   running   2018-01-18T09:44:07Z   0.4%   224.8M of 756M   137.5M of 1G
#1   running   2018-01-18T09:44:13Z   0.8%   205M of 756M     137.5M of 1G
#2   running   2018-01-18T09:44:06Z   0.7%   221.1M of 756M   137.5M of 1G

Now lets simply access our application a few times using the "/" end point and verify we are accessing different application containers via round robin routing as per GoRouter

pasapicella@pas-macbook:~$ http https://pas-pcf-routingdemo-incidental-curia.pcfbeta.io/
HTTP/1.1 200 OK
Content-Length: 34
Content-Type: application/json;charset=UTF-8
Date: Thu, 18 Jan 2018 09:58:10 GMT
Set-Cookie: dtCookie=6$B570EBB532CD9D8DAA2BCAE14C4277FC|RUM+Default+Application|1; Domain=pcfbeta.io; Path=/
X-Vcap-Request-Id: 336ba633-685b-4235-467d-b9833a9e6435

{
    "index": "2",
    "ip": "192.168.16.34"
}

pasapicella@pas-macbook:~$ http https://pas-pcf-routingdemo-incidental-curia.pcfbeta.io/
HTTP/1.1 200 OK
Content-Length: 34
Content-Type: application/json;charset=UTF-8
Date: Thu, 18 Jan 2018 09:58:15 GMT
Set-Cookie: dtCookie=5$3389B3DFBAD936D68CBAF30657653465|RUM+Default+Application|1; Domain=pcfbeta.io; Path=/
X-Vcap-Request-Id: aa74e093-9031-4df5-73a5-bc9f1741a942

{
    "index": "1",
    "ip": "192.168.16.32"
}

Now we can request access to just the container with application index "1" as follows

1. First get the Application GUID as shown below

pasapicella@pas-macbook:~$ cf app pas-pcf-routingdemo --guid
5bdf2f08-34a5-402f-b7cb-f29c81d171e0

2. Now lets invoke a call to the application and set the HEADER required to instruct GoRouter to target a specific application index

eg: curl app.example.com -H "X-CF-APP-INSTANCE":"YOUR-APP-GUID:YOUR-INSTANCE-INDEX"

Example below is using HTTPie 

Accessing Instance 1

pasapicella@pas-macbook:~$ http https://pas-pcf-routingdemo-incidental-curia.pcfbeta.io/ "X-CF-APP-INSTANCE":"5bdf2f08-34a5-402f-b7cb-f29c81d171e0:1"
HTTP/1.1 200 OK
Content-Length: 34
Content-Type: application/json;charset=UTF-8
Date: Thu, 18 Jan 2018 10:20:31 GMT
Set-Cookie: dtCookie=5$FD08A5C88469AF379C8AD3F36FA7984B|RUM+Default+Application|1; Domain=pcfbeta.io; Path=/
X-Vcap-Request-Id: cb19b960-713a-49d0-4529-a0766a8880a7

{
    "index": "1",
    "ip": "192.168.16.32"
}

Accessing Instance 2 

pasapicella@pas-macbook:~$ http https://pas-pcf-routingdemo-incidental-curia.pcfbeta.io/ "X-CF-APP-INSTANCE":"5bdf2f08-34a5-402f-b7cb-f29c81d171e0:2"
HTTP/1.1 200 OK
Content-Length: 34
Content-Type: application/json;charset=UTF-8
Date: Thu, 18 Jan 2018 10:21:09 GMT
Set-Cookie: dtCookie=7$53957A744D473BB024EB1FF4F0CD60A9|RUM+Default+Application|1; Domain=pcfbeta.io; Path=/
X-Vcap-Request-Id: 33cc7922-9b43-4182-5c36-13eee42a9919

{
    "index": "2",
    "ip": "192.168.16.34"
}

More Information

https://docs.cloudfoundry.org/concepts/http-routing.html#http-headers
Categories: Fusion Middleware

Verifying PCF 2.0 with PAS small footprint with bosh CLI

Thu, 2017-12-28 22:27
After installing PCF 2.0 here is how you can verify your installation using the new bosh2 CLI. In this example I use "bosh2" BUT with PCF 2.0 you can actually use "bosh". bosh2 v2 existed for a while in PCF 1.12 and some previous versions while we left bosh v1

1. SSH into your ops manager VM as shown below, in this example we using GCP

https://docs.pivotal.io/pivotalcf/2-0/customizing/trouble-advanced.html#ssh

2. Create an alias for your ENV as shown below

Note: You will need the bosh director IP address which you can obtain using

  https://docs.pivotal.io/pivotalcf/2-0/customizing/trouble-advanced.html#gather

ubuntu@opsman-pcf:~$ bosh2 alias-env gcp -e y.y.y.y --ca-cert /var/tempest/workspaces/default/root_ca_certificate
Using environment 'y.y.y.y' as anonymous user

Name      p-bosh
UUID      3c886290-144f-4ec7-86dd-b7586b98dc3b
Version   264.4.0 (00000000)
CPI       google_cpi
Features  compiled_package_cache: disabled
          config_server: enabled
          dns: disabled
          snapshots: disabled
User      (not logged in)

Succeeded

3. Log in to the BOSH Director with UAA

Note: You will need the username / password for the bosh director which you can obtain as follows

  https://docs.pivotal.io/pivotalcf/2-0/customizing/trouble-advanced.html#gather

ubuntu@opsman-pcf:~$ bosh2 -e gcp log-in
Email (): director
Password ():

Successfully authenticated with UAA

Succeeded

4. View all the VM's managed by BOSH as follows

ubuntu@opsman-pcf:~/scripts$ bosh2 -e gcp vms --column=Instance --column="Process State" --column=AZ --column="VM Type"
Using environment 'y.y.y.y' as user 'director' (bosh.*.read, openid, bosh.*.admin, bosh.read, bosh.admin)

Task 65. Done

Deployment 'cf-adee3657c74c7b9a8e35'

Instance                                             Process State  AZ                      VM Type
backup-prepare/996340c7-4114-472e-b660-a5e353493fa4  running        australia-southeast1-a  micro
blobstore/cdd6fc8d-25c9-4cfb-9908-89eb0164fb80       running        australia-southeast1-a  medium.mem
compute/2dfcc046-c16a-4a36-9170-ef70d1881818         running        australia-southeast1-a  xlarge.disk
control/2f3d0bc6-9a2d-4c08-9ccc-a88bad6382a3         running        australia-southeast1-a  xlarge
database/da60f0e7-b8e3-4f8d-945d-306b267ac161        running        australia-southeast1-a  large.disk
mysql_monitor/a88331c4-1659-4fe4-b8e9-89ce4bf092fd   running        australia-southeast1-a  micro
router/276e308e-a476-4c8d-9555-21623dada492          running        australia-southeast1-a  micro

7 vms

Succeeded

** Few other examples **

- View all the deployments, in this example we just have the PAS small footprint tile installed so it only exists and no other bosh managed tiles xist

ubuntu@opsman-pcf:~/scripts$ bosh2 -e gcp deployments --column=name
Using environment 'y.y.y.y' as user 'director' (bosh.*.read, openid, bosh.*.admin, bosh.read, bosh.admin)

Name
cf-adee3657c74c7b9a8e35

1 deployments

Succeeded

- Run cloud check to check for issues

ubuntu@opsman-pcf:~/scripts$ bosh2 -e gcp -d cf-adee3657c74c7b9a8e35 cloud-check
Using environment 'y.y.y.y' as user 'director' (bosh.*.read, openid, bosh.*.admin, bosh.read, bosh.admin)

Using deployment 'cf-adee3657c74c7b9a8e35'

Task 66

Task 66 | 04:20:52 | Scanning 7 VMs: Checking VM states (00:00:06)
Task 66 | 04:20:58 | Scanning 7 VMs: 7 OK, 0 unresponsive, 0 missing, 0 unbound (00:00:00)
Task 66 | 04:20:58 | Scanning 3 persistent disks: Looking for inactive disks (00:00:01)
Task 66 | 04:20:59 | Scanning 3 persistent disks: 3 OK, 0 missing, 0 inactive, 0 mount-info mismatch (00:00:00)

Task 66 Started  Fri Dec 29 04:20:52 UTC 2017
Task 66 Finished Fri Dec 29 04:20:59 UTC 2017
Task 66 Duration 00:00:07
Task 66 done

#  Type  Description

0 problems

Succeeded

More Information

https://docs.pivotal.io/pivotalcf/2-0/customizing/trouble-advanced.html
Categories: Fusion Middleware

Terminating a specific application instance using it's index number in Pivotal Cloud Foundry

Tue, 2017-12-19 03:54
I was recently asked how to terminate a specific application instance rather then terminate all instances using "cf delete".

We can easily using the CF REST API or even easier the CF CLI "cf curl" command which makes it straight forward to make REST based calls into cloud foundry as shown below.

CF REST API Docs

https://apidocs.cloudfoundry.org/280/

Below assumes you already logged into PCF using the CF CLI

1. First find an application that has multiple instances

pasapicella@pas-macbook:~$ cf app pas-cf-manifest
Showing health and status for app pas-cf-manifest in org apples-pivotal-org / space development as papicella@pivotal.io...

name:              pas-cf-manifest
requested state:   started
instances:         2/2
usage:             756M x 2 instances
routes:            pas-cf-manifest.cfapps.io
last uploaded:     Sun 19 Nov 21:26:26 AEDT 2017
stack:             cflinuxfs2
buildpack:         client-certificate-mapper=1.2.0_RELEASE container-security-provider=1.8.0_RELEASE java-buildpack=v4.5-offline-https://github.com/cloudfoundry/java-buildpack.git#ffeefb9 java-main
                   java-opts jvmkill-agent=1.10.0_RELEASE open-jdk-like-jre=1.8.0_1...

     state     since                  cpu    memory           disk           details
#0   running   2017-12-16T00:11:27Z   0.0%   241.5M of 756M   139.9M of 1G
#1   running   2017-12-17T10:39:09Z   0.3%   221.3M of 756M   139.9M of 1G

2. Use a "cf curl" curl which uses the application GUID to determine which application to check all application instances and their current state

pasapicella@pas-macbook:~$ cf curl /v2/apps/`cf app pas-cf-manifest --guid`/instances
{
   "0": {
      "state": "RUNNING",
      "uptime": 293653,
      "since": 1513383087
   },
   "1": {
      "state": "RUNNING",
      "uptime": 169591,
      "since": 1513507149
   }
}

3. Now let's delete instance with index "1". Don't forget that PCF will determine the current desired state of the application is not the current state and will re-start the application instance very quickly

pasapicella@pas-macbook:~$ cf curl /v2/apps/`cf app pas-cf-manifest --guid`/instances/1 -X DELETE

Note: You won't get any output BUT you can verify it has done what you asked for by running the command at step #2 again

pasapicella@pas-macbook:~$ cf curl /v2/apps/`cf app pas-cf-manifest --guid`/instances
{
   "0": {
      "state": "RUNNING",
      "uptime": 293852,
      "since": 1513383087
   },
   "1": {
      "state": "DOWN",
      "uptime": 0
   }
}

If you run it again say 30 seconds later you should see your application instance re-started as shown below

pasapicella@pas-macbook:~$ cf curl /v2/apps/`cf app pas-cf-manifest --guid`/instances
{
   "0": {
      "state": "RUNNING",
      "uptime": 293870,
      "since": 1513383087
   },
   "1": {
      "state": "STARTING",
      "uptime": 11,
      "since": 1513676947
   }
}

pasapicella@pas-macbook:~$ cf curl /v2/apps/`cf app pas-cf-manifest --guid`/instances
{
   "0": {
      "state": "RUNNING",
      "uptime": 293924,
      "since": 1513383087
   },
   "1": {
      "state": "RUNNING",
      "uptime": 45,
      "since": 1513676965
   }
}

More Information

pasapicella@pas-macbook:~$ cf curl --help
NAME:
   curl - Executes a request to the targeted API endpoint

USAGE:
   cf curl PATH [-iv] [-X METHOD] [-H HEADER] [-d DATA] [--output FILE]

   By default 'cf curl' will perform a GET to the specified PATH. If data
   is provided via -d, a POST will be performed instead, and the Content-Type
   will be set to application/json. You may override headers with -H and the
   request method with -X.

   For API documentation, please visit http://apidocs.cloudfoundry.org.

EXAMPLES:
   cf curl "/v2/apps" -X GET -H "Content-Type: application/x-www-form-urlencoded" -d 'q=name:myapp'
   cf curl "/v2/apps" -d @/path/to/file

OPTIONS:
   -H            Custom headers to include in the request, flag can be specified multiple times
   -X            HTTP method (GET,POST,PUT,DELETE,etc)
   -d            HTTP data to include in the request body, or '@' followed by a file name to read the data from
   -i            Include response headers in the output
   --output      Write curl body to FILE instead of stdout
Categories: Fusion Middleware

Taking Pivotal Cloud Foundry Small Footprint for a test drive

Wed, 2017-11-22 21:55
Pivotal Cloud Foundry (PCF) now has a small footprint edition. It features a deployment configuration with as few as 6 VMs. Review the documentation for download and installation instructions as follows

http://docs.pivotal.io/pivotalcf/1-12/customizing/small-footprint.html

There was also a Pivotal blog post on this as follows:

https://content.pivotal.io/blog/big-things-come-in-small-packages-getting-started-with-pivotal-cloud-foundry-small-footprint

As you can see from this image it's considerably smaller control plane that's obvious.



It is important to understand what the limitations of such an install are as per the docs link below.

http://docs.pivotal.io/pivotalcf/1-12/customizing/small-footprint.html#limits

Installing the small footprint looks identical from the Operations Manager UI in fact it's still labelled ERT and from the home page of Operations Manager UI your wouldn't even know you had the small footprint



If you dig a bit further and click on the "ERT tile" and then select "Resource Config" left hand link you will then clearly know it's the Small Footprint PCF install.


I choose to use internal MySQL database and if I didn't then it could be scaled back even more then the default 7 VM's I ended up with.

Lastly I was very curious to find out what jobs are placed on which service VM's. Here is what it looked like for me when I logged into bosh director and run some bosh CLI commands
  
ubuntu@ip-10-0-0-241:~$ bosh2 -e aws vms --column=Instance --column="Process State" --column=AZ --column="VM Type"
Using environment '10.0.16.5' as user 'director' (bosh.*.read, openid, bosh.*.admin, bosh.read, bosh.admin)

Task 73. Done

Deployment 'cf-a96683b17697c86b8c90'

Instance Process State AZ VM Type
backup-prepare/16356c40-1f20-42f0-8f2e-de45549be797 running ap-southeast-2a t2.micro
blobstore/b6e22107-018b-425d-8fe4-ab47eeaf2c75 running ap-southeast-2a m4.large
compute/5439f18f-c842-40a2-b6f3-faf6b6848716 running ap-southeast-2a r4.xlarge
control/68979d93-d12b-4d87-b110-d3d41a48b261 running ap-southeast-2a r4.xlarge
database/a3efedaa-4df6-48f5-9f20-61cf3d9f3c1b running ap-southeast-2a r4.large
mysql_monitor/d40ef638-d2d0-488e-b937-99a7f5b5b334 running ap-southeast-2a t2.micro
router/f9573547-c5a1-43d4-be02-38a1d9e9c73e running ap-southeast-2a t2.micro

7 vms

Succeeded
  
ubuntu@ip-10-0-0-241:~$ bosh2 -e aws instances --ps --column=Instance --column=Process
Using environment '10.0.16.5' as user 'director' (bosh.*.read, openid, bosh.*.admin, bosh.read, bosh.admin)

Task 68. Done

Deployment 'cf-a96683b17697c86b8c90'

Instance Process
autoscaling-register-broker/9feaef45-994e-472c-8ca3-f0c39467dd6b -
autoscaling/184df31d-a64c-49e0-8b6b-27eafdb31ca0 -
backup-prepare/16356c40-1f20-42f0-8f2e-de45549be797 -
~ service-backup
blobstore/b6e22107-018b-425d-8fe4-ab47eeaf2c75 -
~ blobstore_nginx
~ blobstore_url_signer
~ consul_agent
~ metron_agent
~ route_registrar
bootstrap/0dc22a1f-a1ee-4a03-85c6-fed08f37c44a -
compute/5439f18f-c842-40a2-b6f3-faf6b6848716 -
~ consul_agent
~ garden
~ iptables-logger
~ metron_agent
~ netmon
~ nfsv3driver
~ rep
~ route_emitter
~ silk-daemon
~ vxlan-policy-agent
control/68979d93-d12b-4d87-b110-d3d41a48b261 -
~ adapter
~ auctioneer
~ bbs
~ cc_uploader
~ cloud_controller_clock
~ cloud_controller_ng
~ cloud_controller_worker_1
~ cloud_controller_worker_local_1
~ cloud_controller_worker_local_2
~ consul_agent
~ doppler
~ file_server
~ locket
~ loggregator_trafficcontroller
~ metron_agent
~ nginx_cc
~ policy-server
~ reverse_log_proxy
~ route_registrar
~ routing-api
~ scheduler
~ silk-controller
~ ssh_proxy
~ statsd_injector
~ syslog_drain_binder
~ tps_watcher
~ uaa
database/a3efedaa-4df6-48f5-9f20-61cf3d9f3c1b -
~ cluster_health_logger
~ consul_agent
~ galera-healthcheck
~ gra-log-purger-executable
~ mariadb_ctrl
~ metron_agent
~ mysql-diag-agent
~ mysql-metrics
~ nats
~ route_registrar
~ streaming-mysql-backup-tool
~ switchboard
mysql-rejoin-unsafe/01a0aec3-b103-4c09-bc69-cabc61c513cc -
mysql_monitor/d40ef638-d2d0-488e-b937-99a7f5b5b334 -
~ replication-canary
nfsbrokerpush/829f0292-59ab-4824-8b0b-c4af4bddbce0 -
notifications-ui/50972440-36cd-499d-ad7c-eef4df7e604b -
notifications/968d625e-af63-4e2f-a59c-f6b789ef1cff -
push-apps-manager/3d9760d7-6f09-453c-a052-32604b6a3235 -
push-pivotal-account/5a8782ad-82eb-4469-8242-f0873bc4a587 -
push-usage-service/9b781db1-171b-4abe-92f4-7445fd3d487f -
router/f9573547-c5a1-43d4-be02-38a1d9e9c73e -
~ consul_agent
~ gorouter
~ metron_agent
smoke-tests/a8e2ff97-bae1-4594-90fc-ec8c430fd620 -

77 instances

Succeeded

Now, with Small Footprint, you have yet another way to bring PCF to your organization!
Categories: Fusion Middleware

Using Spring Boot Actuator endpoint for Spring Boot application health check type on PCF

Sun, 2017-11-19 04:41
An application health check is a monitoring process that continually checks the status of a running Cloud Foundry application. When deploying an app, a developer can configure the health check type (port, process, or HTTP), a timeout for starting the application, and an endpoint (for HTTP only) for the application health check.

To use the HTTP option your manifest.yml would look like this

---
applications:
- name: pas-cf-manifest
  memory: 756M
  instances: 1
  hostname: pas-cf-manifest
  path: ./target/demo-0.0.1-SNAPSHOT.jar
  health-check-type: http
  health-check-http-endpoint: /health
  stack: cflinuxfs2
  timeout: 80
  env:
    JAVA_OPTS: -Djava.security.egd=file:///dev/urandom
    NAME: Apples

Using a HTTP endpoint such as "/health" is possible once you add the Spring Boot Actuator maven dependency as follows
  
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>

More Information

https://docs.run.pivotal.io/devguide/deploy-apps/healthchecks.html
Categories: Fusion Middleware

Testing network connectivity from Cloud Foundry Application Instances

Sat, 2017-10-28 04:43
This app below simply tests whether a host:port is accessible from a CF app instance. For example can my application instance access my Oracle Database Instance running outside of PCF given application instances need network access to the database database for example.

You can use bosh2 ssh to get to the Diego Cells if you have access to the environment or even "cf ssh" if that has been enabled.

GitHub URL:

https://github.com/papicella/cloudfoundry-socket-test

Success

pasapicella@pas-macbook:~$ http http://pas-cf-sockettest.cfapps.io/www.google.com.au/80
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 81
Content-Type: application/json;charset=UTF-8
Date: Wed, 25 Oct 2017 08:38:33 GMT
X-Vcap-Request-Id: 8fd05c77-f680-4966-558b-c45e71825fa0

{
"errorMessage": "N/A",
"hostname": "www.google.com.au",
"port": "80",
"res": "SUCCESS"
}
Failure

pasapicella@pas-macbook:~$ http http://pas-cf-sockettest.cfapps.io/10.0.0.10/8080
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 110
Content-Type: application/json;charset=UTF-8
Date: Wed, 25 Oct 2017 11:52:18 GMT
X-Vcap-Request-Id: 91ad2359-7d95-49c6-4538-548e480b7820

{
"errorMessage": "Connection refused (Connection refused)",
"hostname": "10.0.0.10",
"port": "8080",
"res": "FAILED"
}

Categories: Fusion Middleware

Just installed Pivotal Cloud Foundry, what's next should I login to Apps Manager?

Sun, 2017-10-22 06:50
I get this question often from customers. Pivotal Cloud Foundry has just been installed and the API endpoint to target the instance is working fine. In short we want to do the following before we get developers onto the platform to ensure we no longer using the UAA server admin login details from the CLI or Apps Manager UI.

  • Create a new ADMIN user which will be used to configure Apps Manager ORGS and spaces for the developers
  • Create an ORG
  • Create at least one Quota maybe more to control memory limit and application instances within an ORG
  • Assign the quota to your ORG
Steps

--> Create a new ADMIN user which will be used to configure Apps Manager ORGS and spaces for the developers

1. Login to Ops Manager VM using SSH for example
2. Target the UAA server as shown below

Eg: $ uaac target uaa.YOUR-DOMAIN

ubuntu@opsmanager-pcf:~$ uaac target uaa.system.YYYY --skip-ssl-validation
Unknown key: Max-Age = 2592000

Target: https://uaa.system.YYYY

3. Authenticate and obtain an access token for the admin client from the UAA server

Note: Record the uaa:admin:client_secret from your deployment manifest

ubuntu@opsmanager-pcf:~$ uaac token client get admin -s PASSWD

Successfully fetched token via client credentials grant.
Target: https://uaa.system.YYYY
Context: admin, from client admin

4. Use the uaac contexts command to display the users and applications authorized by the UAA server, and the permissions granted to each user and application. Ensure in the "scope" field that "scim.write" exists

ubuntu@opsmanager-pcf:~$ uaac contexts

[0]*[https://uaa.system.YYYY]
  skip_ssl_validation: true

  [0]*[admin]
      client_id: admin
      access_token: .....
      token_type: bearer
      expires_in: 43199
      scope: clients.read password.write clients.secret clients.write uaa.admin scim.write scim.read
      jti: b1bf094a5c4640dbac4abc5f3bf15b08

5. Run the following command to create an admin user

ubuntu@opsmanager-pcf:~$ uaac user add apples -p PASSWD --emails papicella@pivotal.io
user account successfully added

6. Run uaac member add GROUP NEW-ADMIN-USERNAME to add the new admin to the groups cloud_controller.admin, uaa.admin, scim.read, and scim.write

ubuntu@opsmanager-pcf:~$ uaac member add cloud_controller.admin apples
success
ubuntu@opsmanager-pcf:~$ uaac member add uaa.admin apples
success
ubuntu@opsmanager-pcf:~$ uaac member add scim.read apples
success
ubuntu@opsmanager-pcf:~$ uaac member add scim.write apples
success

--> Create an ORG

1. Login using the new admin user "apples"

pasapicella@pas-macbook:~$ cf login -u apples -p PASSWD -o system -s system
API endpoint: https://api.system.YYYY
Authenticating...
OK

Targeted org system

Targeted space system

API endpoint:   https://api.system.YYYY (API version: 2.94.0)
User:           papicella@pivotal.io
Org:            system
Space:          system

2. Create an ORG as follows

pasapicella@pas-macbook:~$ cf create-org myfirst-org
Creating org myfirst-org as apples...
OK

Assigning role OrgManager to user apples in org myfirst-org ...
OK

TIP: Use 'cf target -o "myfirst-org"' to target new org

--> Create at least one Quota maybe more to control memory limit and application instances within an ORG

1. Here we create what I call a medium-quota which allows 20G of memory, 2 service instances, each application instance can be no more then 1G of memory and only 20 Application Instances can be created using this quota.

pasapicella@pas-macbook:~$ cf create-quota medium-quota -m 20G -i 1G -a 20 -s 2 -r 1000 --allow-paid-service-plans
Creating quota medium-quota as apples...
OK

pasapicella@pas-macbook:~$ cf quota medium-quota
Getting quota medium-quota info as apples...
OK

Total Memory           20G
Instance Memory        1G
Routes                 1000
Services               2
Paid service plans     allowed
App instance limit     20
Reserved Route Ports   0

--> Assign the quota to your ORG

1. Assign the newly created quota to the ORG we created above

pasapicella@pas-macbook:~$ cf set-quota myfirst-org medium-quota
Setting quota medium-quota to org myfirst-org as apples...
OK

pasapicella@pas-macbook:~$ cf org myfirst-org
Getting info for org myfirst-org as apples...

name:                 myfirst-org
domains:              apps.pas-apples.online
quota:                medium-quota
spaces:
isolation segments:

Finally we can add a space to the ORG and assign privileges to a user called "pas" as shown below

- Set OrgManager role to the user "pas"

pasapicella@pas-macbook:~$ cf set-org-role pas myfirst-org OrgManager
Assigning role OrgManager to user pas in org myfirst-org as apples...
OK

- Logout as "apples" admin user as "pas" can now do his own admin for the ORG " myfirst-org"

pasapicella@pas-macbook:~$ cf logout
Logging out...
OK

- Login as pas and target the ORG

pasapicella@pas-macbook:~$ cf login -u pas -p PASSWD -o myfirst-org
API endpoint: https://api.system.YYYY
Authenticating...
OK

Targeted org myfirst-org

API endpoint:   https://api.system.YYYY (API version: 2.94.0)
User:           pas
Org:            myfirst-org
Space:          No space targeted, use 'cf target -s SPACE'

- Create a space which will set space roles for the user "pas"

pasapicella@pas-macbook:~$ cf create-space dev
Creating space dev in org myfirst-org as pas...
OK
Assigning role RoleSpaceManager to user pas in org myfirst-org / space dev as pas...
OK
Assigning role RoleSpaceDeveloper to user pas in org myfirst-org / space dev as pas...
OK

TIP: Use 'cf target -o "myfirst-org" -s "dev"' to target new space

- Target the new space

pasapicella@pas-macbook:~$ cf target -o myfirst-org -s dev
api endpoint:   https://api.system.pas-apples.online
api version:    2.94.0
user:           pas
org:            myfirst-org
space:          dev

Typically we would assign other users to the spaces using "cf set-space-role .."

pasapicella@pas-macbook:~$ cf set-space-role --help
NAME:
   set-space-role - Assign a space role to a user

USAGE:
   cf set-space-role USERNAME ORG SPACE ROLE

ROLES:
   'SpaceManager' - Invite and manage users, and enable features for a given space
   'SpaceDeveloper' - Create and manage apps and services, and see logs and reports
   'SpaceAuditor' - View logs, reports, and settings on this space

SEE ALSO:
   space-users

More Information

Creating and Managing Users with the UAA CLI (UAAC)
https://docs.pivotal.io/pivotalcf/1-12/uaa/uaa-user-management.html

Creating and Managing Users with the cf CLI
https://docs.pivotal.io/pivotalcf/1-12/adminguide/cli-user-management.html

Categories: Fusion Middleware

Pivotal Cloud Foundry 1.12 on Google Cloud Platform with VM labels

Wed, 2017-10-04 23:20
Once PCF is installed on GCP it's worth noting that viewing the "Compute Engine" labels gives you as indication of what VM each CF service is associated with. The screen shots below show's this.



Categories: Fusion Middleware

Using Cloud Foundry CUPS to inject Spring Security credentials into a Spring Boot Application

Thu, 2017-09-14 18:48
The following demo shows how to inject the Spring Security username/password credentials from a User Provided service on PCF, hence using the VCAP_SERVICES env variable to inject the values required to protect the application using HTTP Basic Authentication while running in PCF. Spring Boot automatically converts this data into a flat set of properties so you can easily get to the data as shown below.

The demo application can be found as follows

https://github.com/papicella/springsecurity-cf-cups

The application.yml would access the VCAP_SERVICES CF env variable using the the Spring Boot flat set of properties as shown below.

eg:

VCAP_SERVICES

System-Provided:
{
 "VCAP_SERVICES": {
  "user-provided": [
   {
    "credentials": {
     "password": "myadminpassword",
     "username": "myadminuser"
    },
    "label": "user-provided",
    "name": "my-cfcups-service",
    "syslog_drain_url": "",
    "tags": [],
    "volume_mounts": []
   }
  ]
 }
}
...

application.yml

spring:
  application:
    name: security-cf-cups-demo
security:
  user:
    name: ${vcap.services.my-cfcups-service.credentials.username:admin}
    password: ${vcap.services.my-cfcups-service.credentials.password:password}
Categories: Fusion Middleware

Oracle 12c Service Broker for Pivotal Cloud Foundry

Thu, 2017-09-14 00:21
The following example is a PCF 2.0 Service Broker written as a Spring Boot application. This is just an example and should be evolved to match a production type setup in terms oracle requirements. This service broker simple creates USERS and assigns then 20M of quota against a known TABLESPACE

It's all documented as follows

https://github.com/papicella/oracle-service-broker




Categories: Fusion Middleware

Introducing Pivotal MySQL*Web, Pivotal’s New Open Source Web-Based Administration UI for MySQL for Pivotal Cloud Foundry

Sun, 2017-09-03 20:13
Recently Pivotal announced "Pivotal MySQL*Web" on it's main blog page. You can read more about it here which was an Open Source project I created a while ago for Pivotal MySQL instances on Pivotal Cloud Foundry

https://content.pivotal.io/blog/introducing-pivotal-mysql-web-pivotal-s-new-open-source-web-based-administration-ui-for-mysql-for-pivotal-cloud-foundry


Categories: Fusion Middleware

Couchbase Service Broker for Pivotal Cloud Foundry

Sun, 2017-09-03 19:11
The following example is a PCF 2.0 Service Broker written as a Spring Boot application for Couchbase 4.6.x. This is just an example and should be evolved to match a production type setup in terms of bucket creation and access for created service instances.

It's all documented as follows

https://github.com/papicella/couchbase-service-broker




More Information

https://docs.pivotal.io/tiledev/service-brokers.html
Categories: Fusion Middleware

Accessing Pivotal Cloud Foundry droplet file system when "cf ssh" isn't enabled

Thu, 2017-07-27 00:03
In order to view your application layout you can simply use "cf ssh" to log into the container and then view the files created as part of the droplet. The problem is "cf ssh" isn't always enabled bye the Ops team so what is your alternative in cloud foundry?

You can use "cf curl" to invoke an endpoint using the application GUID as shown in the steps below.

** cf ssh demo **

pasapicella@pas-macbook:~/temp/droplets$ cf ssh pas-swagger-demo
vcap@ef9e4e93-0df9-47a7-5351-dccf:~$ ls -lartF
total 16
-rw-r--r-- 1 vcap vcap  675 Apr  9  2014 .profile
-rw-r--r-- 1 vcap vcap 3637 Apr  9  2014 .bashrc
-rw-r--r-- 1 vcap vcap  220 Apr  9  2014 .bash_logout
drwxr-xr-x 2 vcap vcap    6 Jun 14 03:32 deps/
drwxr-xr-x 1 vcap root   72 Jun 14 03:32 app/
-rw-r--r-- 1 vcap vcap 1087 Jun 14 03:32 staging_info.yml
drwxr-xr-x 2 vcap vcap    6 Jun 14 03:32 logs/
drwx------ 1 vcap vcap   76 Jun 14 03:32 ./
drwxr-xr-x 1 root root   18 Jul 26 23:45 ../
drwxr-xr-x 4 vcap vcap   92 Jul 26 23:48 tmp/
vcap@ef9e4e93-0df9-47a7-5351-dccf:~$

** Steps **

1. Download droplet as follows

Format:

   cf curl /v2/apps/`cf app {appname} --guid`/droplet/download > droplet.tar.gz

Example:

pasapicella@pas-macbook:~/temp/droplets$ cf curl /v2/apps/`cf app pas-swagger-demo --guid`/droplet/download > droplet.tar.gz

To determine the app name you can either use Applications manager UI or use "cf apps" to get the app name


2. This will take some time due to the size of the droplet but when done verify you have this on the file system

pasapicella@pas-macbook:~/temp/droplets$ ls -la
total 150736
drwxr-xr-x   3 pasapicella  staff       102 Jul 27 14:20 .
drwxr-xr-x  23 pasapicella  staff       782 Jul 27 14:19 ..
-rw-r--r--   1 pasapicella  staff  77173173 Jul 27 14:23 droplet.tar.gz

3. Gunzip followed by tar -xvf and you will then have a file system replicator of what your application droplet looks like in CF

pasapicella@pas-macbook:~/temp/droplets$ d
total 313408
drwxr-xr-x   2 pasapicella  staff         68 Jun 14 13:32 deps/
drwxr-xr-x   6 pasapicella  staff        204 Jun 14 13:32 app/
drwxr-xr-x   2 pasapicella  staff         68 Jun 14 13:32 tmp/
-rw-r--r--   1 pasapicella  staff       1087 Jun 14 13:32 staging_info.yml
drwxr-xr-x   2 pasapicella  staff         68 Jun 14 13:32 logs/
drwxr-xr-x  23 pasapicella  staff        782 Jul 27 14:19 ../
-rw-r--r--   1 pasapicella  staff  160460800 Jul 27 14:23 droplet.tar
drwxr-xr-x   8 pasapicella  staff        272 Jul 27 14:25 ./


You really only want to do this to see how your application was staged on the file system as the buildpack may have changed some files or added files based on what you deployed. This is not how you would debug an application but rather view what the file system looks like for your application itself and what content exists in the files should the buildpack have changed file content for example.

Categories: Fusion Middleware

Pivotal Cloud Foundry Isolation Segments Applications demo

Mon, 2017-07-24 00:16
PCF Isolation Segments Tile allows operators to isolate deployment workloads into dedicated resource pools called isolation segments. You can read more about how to install the Tile at the following location.

https://docs.pivotal.io/pivotalcf/1-11/opsguide/installing-pcf-is.html

In this demo I will show how you can configure your ORGS/spaces to use an isolation segment and then finally show that it is indeed using the isolated Diego Cells assigned to the segment tile at install time.

1. Determine the isolation segment name as per the Ops Manager title



2. Ensure you have CF CLI version as 6.26 or higher as shown below

pasapicella@pas-macbook:~$ cf --version
cf version 6.28.0+9e024bdbd.2017-06-27

3. First, you need to register an Isolation Segment with the cloud controller.

Note: you will need a prividledged user such as admin to perform this task

$ pasapicella@pas-macbook:~$ cf create-isolation-segment segment1
Creating isolation segment segment1 as admin...
OK

4. After registering the Isolation Segment, you can associate it with an Org

pasapicella@pas-macbook:~$ cf enable-org-isolation pas-org segment1
Enabling isolation segment segment1 for org pas-org as admin...
OK

5. List isolation segments against targeted ORGS as follows

pasapicella@pas-macbook:~$ cf isolation-segments
Getting isolation segments as admin...
OK

name       orgs
shared
segment1   pas-org

6. After associating an Isolation Segments with an Org, you then set it on a Space

- First target the ORG you wish to use

pasapicella@pas-macbook:~$ cf target -o pas-org
api endpoint:   https://api.yyyy.pcfdemo.yyy
api version:    2.82.0
user:           admin
org:            pas-org
No space targeted, use 'cf target -s SPACE'

- Now set the isolation segment on your desired space

pasapicella@pas-macbook:~$ cf set-space-isolation-segment isolation-segment-space segment1
Updating isolation segment of space isolation-segment-space in org pas-org as admin...
OK

In order to move running applications to this isolation segment, they must be restarted.

7. Log in as a user of the ORG/SPACE now rather then ad admin user. We will be using a
non privileged user now to push our app who has access to the ORG/Space we targeted
above. Below just shows we have switched to a different user here.

pasapicella@pas-macbook:~$ cf target
api endpoint:   https://api.yyyy.pcfdemo.yyy
api version:    2.82.0
user:           pas
org:            pas-org
space:          isolation-segment-space

8. Push an application to the space "isolation-segment-space"

pasapicella@pas-macbook:~/piv-projects/PivotalSpringBootJPA$ cf push -f manifest-inmemory-db.yml
Using manifest file manifest-inmemory-db.yml

Creating app pas-albums in org pas-org / space isolation-segment-space as pas...
OK

....

0 of 1 instances running, 1 starting
0 of 1 instances running, 1 starting
1 of 1 instances running

App started


OK

...


     state     since                    cpu      memory           disk           details
#0   running   2017-07-24 02:33:38 PM   225.3%   330.1M of 512M   162.8M of 1G

9. Identify IP address of diego CELL the app is running in

pasapicella@pas-macbook:~/piv-projects/PivotalSpringBootJPA$ cf curl /v2/apps/$(cf app pas-albums --guid)/stats | jq '.[].stats.host'
"10.10.10.71"

With this information you can verify the IP address of the Diego Cells you have for the Isolation Segment as follows using Pivotal Ops Manager Tile tabs. From the images below it's clear 10.10.10.71 is a diego cell IP address of our isolation segment.





More Information


Categories: Fusion Middleware

Swagger UI with Spring Boot 1.5.x

Tue, 2017-06-13 23:00
I recently created this demo / blog entry on using HTTPIE with Spring Boot Rest Repositories as shown below.

http://theblasfrompas.blogspot.com.au/2017/05/using-httpie-with-spring-boot-rest.html

I decided to take that same example and add Swagger UI to the RESTful endpoints. The full source code is here.

https://github.com/papicella/httpie-springboot

In short what you need is the following maven dependancies and that will add all you need. I found it works much cleaner if you use the same version of both these dependancies for some reason
  
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.6.1</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.6.1</version>
</dependency>

Finally a Class file describing the config and enabling Swagger is required as follows
  
package pivotal.io.boot.httpie.demo;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.service.ApiInfo;
import springfox.documentation.service.Contact;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2;

import static springfox.documentation.builders.PathSelectors.regex;

@Configuration
@EnableSwagger2
public class SwaggerConfig
{
@Bean
public Docket swaggerSpringMvcPlugin() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.basePackage("pivotal.io.boot.httpie.demo"))
.paths(regex("/api/employee/emps.*"))
.build()
.apiInfo(metaData());
}

private ApiInfo metaData() {
ApiInfo apiInfo = new ApiInfo(
"Spring Boot Employee REST API",
"Spring Boot Employee REST API",
"1.0",
"Terms of service",
new Contact("Pas Apicella", "https://www.blogger.com/profile/09389663166398991762", "papicella@pivotal.io"),
"Apache License Version 2.0",
"https://www.apache.org/licenses/LICENSE-2.0");
return apiInfo;
}
}

The GitHub repo also included a Pivotal Cloud Foundry manifest.yml file to make it easy to deploy to Pivotal Cloud Foundry. The example uses a static hostname BUT can easily be changed to use a random-route or alter the hostname itself.

applications:
- name: pas-swagger-demo
  memory: 1G
  instances: 1
  hostname: pas-swagger-demo
  path: ./target/httpie-springboot-0.0.1-SNAPSHOT.jar
  env:
    JAVA_OPTS: -Djava.security.egd=file:///dev/urando

Then it's the simple "cf push"

$ cf push

pasapicella@pas-macbook:~/piv-projects/httpie-springboot$ cf push
Using manifest file /Users/pasapicella/piv-projects/httpie-springboot/manifest.yml

Creating app pas-swagger-demo in org apples-pivotal-org / space development as papicella@pivotal.io...
OK

Creating route pas-swagger-demo.cfapps.io...
OK

..

Showing health and status for app pas-swagger-demo in org apples-pivotal-org / space development as papicella@pivotal.io...
OK

requested state: started
instances: 1/1
usage: 1G x 1 instances
urls: pas-swagger-demo.cfapps.io
last uploaded: Wed Jun 14 03:32:31 UTC 2017
stack: cflinuxfs2
buildpack: container-certificate-trust-store=2.0.0_RELEASE java-buildpack=v3.15-offline-https://github.com/cloudfoundry/java-buildpack.git#a3a9e61 java-main java-opts open-jdk-like-jre=1.8.0_121 open-jdk-like-memory-calculator=2.0.2_RELEASE spring-auto-reconfigur...

     state     since                    cpu      memory         disk           details
#0   running   2017-06-14 01:33:40 PM   291.5%   510.9M of 1G   154.9M of 1G


The application is running on Pivotal Web Services as follows:

http://pas-swagger-demo.cfapps.io/swagger-ui.html



Categories: Fusion Middleware

Pages