CF login not working on deployment CF on AWS.

[Sylvain Gibier]

Hi,

I followed the documentation on Bootstrap CF on AWS/VPC  (http://docs.cloudfoundry.org/deploying/ec2/bootstrap-aws-vpc.html) from an inception server ... and managed to get it running after few minor changes (preventing the bosh aws cli gem trying to remove the default DHCP route and issue with uaa pom project with git pluglin).

When I curl the api endpoint - I get valid JSON response: 

{"name":"vcap","build":"2222","support":"http://support.cloudfoundry.com","version":2,"description":"Cloud Foundry sponsored by Pivotal","authorization_endpoint":"https://login.us.cloud.munichconsulting.net","token_endpoint":"https://uaa.us.cloud.munichconsulting.net","allow_debug":true}

If I query bosh vms - all instances are running and when performing a bosh cloudcheck no problem is returned.

However once I tried to log in via CF command line ... i'm running out of luck - as cf login keeps on returning me "Server error, status code: 500, error code: , message:" - as attached cf.trace.log when enable the env variable CF_TRACE.

I know for sure that the credentials I use are correct as if I hit directly the https://uaa.us.cloud.munichconsulting.net/ and provides my credentials it works fine (or I'm misunderstanding something ?).

How can I debug the issue ? For some reason - I'm not able to ssh on any of the VM using the bosh key/pair pre-created in advanced to ssh in (directly via ssh command) as it keeps on requesting a public key file. Where is this public key file generated from ? 

The same when I tried using the bosh ssh command - it asked for a password to sudo on the vm box and a public key too. 

So ... i'm kind of stuck ;) ideas? 

--------------------------------------------------------------------------------------------------------------------

--- GENERIC INFO 

• bosh gem versions : BOSH 1.2200.0
• bosh director info : attached

• stemcell: bosh-aws-xen-ubuntu / version: 2200 / CID: ami-77f3e61e
• release : 163.3-dev (build as part of the installation doc)
• deployment manifest : attached.

[Sylvain Gibier]

Ok - I managed to ssh on the login vm via my director vm. Interesting that even if I created a key pair (named bosh) the installation must have override in AWS the original key pair file.

Anyway - the reason I can't login via cf command is a SSL certificate issue (javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated). 

How can I fix that ? 

And a general question - is there a way to have the SSL termination at AWS (Load Balancer) and have all apps running/ reverse proxied? 

Sylvain

[cpt...@gmail.com]

Ok - I moved forward and I'm able to log in / create space ... I modified my manifest to turn login protocol to use http and uaa no_ssl to false.

May be the cf-aws-stub.yml in the documentation should be updated. 

Now the new problem, I can't push the basic samples (https://github.com/cloudfoundry-samples/spring-hello-env).

The error I'm getting is the following:

RESPONSE: [2014-03-22T17:08:51Z]

HTTP/1.1 500 Internal Server Error

Content-Length: 86

Connection: keep-alive

Content-Type: application/json;charset=utf-8

Date: Sat, 22 Mar 2014 17:09:00 GMT

Server: nginx

X-Content-Type-Options: nosniff

X-Vcap-Request-Id: 3a1ecc62-0e1b-4e49-9f51-56cecff1dbdf

{"error_code":"UnknownError","description":"An unknown error occurred.","code":10001}

FAILED

Error uploading application.

Failed to unmarshal json response from resource_match request: unexpected end of JSON input

Some older posts (https://github.com/cloudfoundry-community/bosh-cloudfoundry/issues/246) mentioned a workaround i.e. restarting the vm data/0 and/or api/0.

Unfortunately - when I query all the vms - see below - I don't have anything called data/0.

+------------------------------------+---------+---------------+-------------+

| Job/index                          | State   | Resource Pool | IPs         |

+------------------------------------+---------+---------------+-------------+

| api_worker_z1/0                    | running | small_z1      | |

| api_z1/0                           | running | large_z1      |  |

| clock_global/0                     | running | medium_z1     |  |

| etcd_leader_z1/0                   | running | medium_z1     |  |

| etcd_z1/0                          | running | medium_z1     |  |

| hm9000_z1/0                        | running | medium_z1     |  |

| loggregator_trafficcontroller_z1/0 | running | small_z1      |  |

| loggregator_z1/0                   | running | medium_z1     |  |

| login_z1/0                         | running | medium_z1     |  |

| nats_z2/0                          | running | medium_z2     |  |

| router_z1/0                        | running | router_z1     |  |

| runner_z1/0                        | running | runner_z1     |  |

| uaa_z1/0                           | running | medium_z1     | |

+------------------------------------+---------+---------------+-------------+

Anyone could confirm after following the actual installation of Cloudfoundry on AWS/VPC - how many vms I'm supposed to have? Any ideas ?

Sylvain

[waha...@gmail.com]

Hi, 

Were you able to solve this? I get the same issues on cf-172..

Thanks

[Евгений Костенко]

Heh, you are not alone. I'm stuck on exactly same issue with v172 and 500 Internal server error.

пятница, 6 июня 2014 г., 16:55:07 UTC+4 пользователь waha...@gmail.com написал:

[Sylvain Gibier]

Hyia,

Assuming you are trying to deploy on AWS, it turns out that the problem was done to a misconfiguration on how AWS/S3 bucket names were generated. Please make sure that you force your fog_config entry to set the path_style property in the cf-release/templates/cf-infrastructure-aws.yml configuration files 


fog_config:
    provider: AWS
    path_style: true # allow . in the S3 bucket names

Redeploy and you should be able to push apps. I know that there has been a  push request for this simple fix a while back but still not make through yet. It will be nice that someone actually updates the documentation on how to deploy on AWS / VPC as it's far too much out of date ... with some topics around disaster recovery, VPC configuration ... in order to have actual first hints on where/what to look. I'm sure the guys from Pivotal CF if really using AWS must of in stock.

Let me know if it works for you 

Cheers,

S.

[Евгений Костенко]

понедельник, 9 июня 2014 г., 17:12:51 UTC+4 пользователь Sylvain Gibier написал:

Redeploy and you should be able to push apps. I know that there has been a  push request for this simple fix a while back but still not make through yet. It will be nice that someone actually updates the documentation on how to deploy on AWS / VPC as it's far too much out of date ... with some topics around disaster recovery, VPC configuration ... in order to have actual first hints on where/what to look. I'm sure the guys from Pivotal CF if really using AWS must of in stock.

Here is quote about "out of date" CF docs from thread https://groups.google.com/a/cloudfoundry.org/forum/#!topic/bosh-users/1dKYejTSwcI

Kim Hoffman, 28 May 2014> Right now, this work is scheduled for later in June.