Thursday, 27 July 2017

Accessing Pivotal Cloud Foundry droplet file system when "cf ssh" isn't enabled

In order to view your application layout you can simply use "cf ssh" to log into the container and then view the files created as part of the droplet. The problem is "cf ssh" isn't always enabled bye the Ops team so what is your alternative in cloud foundry?

You can use "cf curl" to invoke an endpoint using the application GUID as shown in the steps below.

** cf ssh demo **

pasapicella@pas-macbook:~/temp/droplets$ cf ssh pas-swagger-demo
vcap@ef9e4e93-0df9-47a7-5351-dccf:~$ ls -lartF
total 16
-rw-r--r-- 1 vcap vcap  675 Apr  9  2014 .profile
-rw-r--r-- 1 vcap vcap 3637 Apr  9  2014 .bashrc
-rw-r--r-- 1 vcap vcap  220 Apr  9  2014 .bash_logout
drwxr-xr-x 2 vcap vcap    6 Jun 14 03:32 deps/
drwxr-xr-x 1 vcap root   72 Jun 14 03:32 app/
-rw-r--r-- 1 vcap vcap 1087 Jun 14 03:32 staging_info.yml
drwxr-xr-x 2 vcap vcap    6 Jun 14 03:32 logs/
drwx------ 1 vcap vcap   76 Jun 14 03:32 ./
drwxr-xr-x 1 root root   18 Jul 26 23:45 ../
drwxr-xr-x 4 vcap vcap   92 Jul 26 23:48 tmp/

** Steps **

1. Download droplet as follows


   cf curl /v2/apps/`cf app {appname} --guid`/droplet/download > droplet.tar.gz


pasapicella@pas-macbook:~/temp/droplets$ cf curl /v2/apps/`cf app pas-swagger-demo --guid`/droplet/download > droplet.tar.gz

To determine the app name you can either use Applications manager UI or use "cf apps" to get the app name

2. This will take some time due to the size of the droplet but when done verify you have this on the file system

pasapicella@pas-macbook:~/temp/droplets$ ls -la
total 150736
drwxr-xr-x   3 pasapicella  staff       102 Jul 27 14:20 .
drwxr-xr-x  23 pasapicella  staff       782 Jul 27 14:19 ..
-rw-r--r--   1 pasapicella  staff  77173173 Jul 27 14:23 droplet.tar.gz

3. Gunzip followed by tar -xvf and you will then have a file system replicator of what your application droplet looks like in CF

pasapicella@pas-macbook:~/temp/droplets$ d
total 313408
drwxr-xr-x   2 pasapicella  staff         68 Jun 14 13:32 deps/
drwxr-xr-x   6 pasapicella  staff        204 Jun 14 13:32 app/
drwxr-xr-x   2 pasapicella  staff         68 Jun 14 13:32 tmp/
-rw-r--r--   1 pasapicella  staff       1087 Jun 14 13:32 staging_info.yml
drwxr-xr-x   2 pasapicella  staff         68 Jun 14 13:32 logs/
drwxr-xr-x  23 pasapicella  staff        782 Jul 27 14:19 ../
-rw-r--r--   1 pasapicella  staff  160460800 Jul 27 14:23 droplet.tar
drwxr-xr-x   8 pasapicella  staff        272 Jul 27 14:25 ./

You really only want to do this to see how your application was staged on the file system as the buildpack may have changed some files or added files based on what you deployed. This is not how you would debug an application but rather view what the file system looks like for your application itself and what content exists in the files should the buildpack have changed file content for example.

Monday, 24 July 2017

Pivotal Cloud Foundry Isolation Segments Applications demo

PCF Isolation Segments Tile allows operators to isolate deployment workloads into dedicated resource pools called isolation segments. You can read more about how to install the Tile at the following location.

In this demo I will show how you can configure your ORGS/spaces to use an isolation segment and then finally show that it is indeed using the isolated Diego Cells assigned to the segment tile at install time.

1. Determine the isolation segment name as per the Ops Manager title

2. Ensure you have CF CLI version as 6.26 or higher as shown below

pasapicella@pas-macbook:~$ cf --version
cf version 6.28.0+9e024bdbd.2017-06-27

3. First, you need to register an Isolation Segment with the cloud controller.

Note: you will need a prividledged user such as admin to perform this task

$ pasapicella@pas-macbook:~$ cf create-isolation-segment segment1
Creating isolation segment segment1 as admin...

4. After registering the Isolation Segment, you can associate it with an Org

pasapicella@pas-macbook:~$ cf enable-org-isolation pas-org segment1
Enabling isolation segment segment1 for org pas-org as admin...

5. List isolation segments against targeted ORGS as follows

pasapicella@pas-macbook:~$ cf isolation-segments
Getting isolation segments as admin...

name       orgs
segment1   pas-org

6. After associating an Isolation Segments with an Org, you then set it on a Space

- First target the ORG you wish to use

pasapicella@pas-macbook:~$ cf target -o pas-org
api endpoint:   https://api.yyyy.pcfdemo.yyy
api version:    2.82.0
user:           admin
org:            pas-org
No space targeted, use 'cf target -s SPACE'

- Now set the isolation segment on your desired space

pasapicella@pas-macbook:~$ cf set-space-isolation-segment isolation-segment-space segment1
Updating isolation segment of space isolation-segment-space in org pas-org as admin...

In order to move running applications to this isolation segment, they must be restarted.

7. Log in as a user of the ORG/SPACE now rather then ad admin user. We will be using a
non privileged user now to push our app who has access to the ORG/Space we targeted
above. Below just shows we have switched to a different user here.

pasapicella@pas-macbook:~$ cf target
api endpoint:   https://api.yyyy.pcfdemo.yyy
api version:    2.82.0
user:           pas
org:            pas-org
space:          isolation-segment-space

8. Push an application to the space "isolation-segment-space"

pasapicella@pas-macbook:~/piv-projects/PivotalSpringBootJPA$ cf push -f manifest-inmemory-db.yml
Using manifest file manifest-inmemory-db.yml

Creating app pas-albums in org pas-org / space isolation-segment-space as pas...


0 of 1 instances running, 1 starting
0 of 1 instances running, 1 starting
1 of 1 instances running

App started



     state     since                    cpu      memory           disk           details
#0   running   2017-07-24 02:33:38 PM   225.3%   330.1M of 512M   162.8M of 1G

9. Identify IP address of diego CELL the app is running in

pasapicella@pas-macbook:~/piv-projects/PivotalSpringBootJPA$ cf curl /v2/apps/$(cf app pas-albums --guid)/stats | jq '.[]'

With this information you can verify the IP address of the Diego Cells you have for the Isolation Segment as follows using Pivotal Ops Manager Tile tabs. From the images below it's clear is a diego cell IP address of our isolation segment.

More Information