vmc file could not work

36 views
Skip to first unread message

yssk22

unread,
Feb 24, 2013, 4:43:42 AM2/24/13
to vcap...@cloudfoundry.org
Hi, 

I tried the deployment of cf_release (v129) in my local and completed successfully except for vmc file(or logs) command.  I debugged my instances and found the root cause was the permission issue.

When cloud_controller (not ng) and stasger making a droplet.tgz, they make the archive with the top-level directory permission of '0700'. As a result, the droplet permission dea(ng) became as follows:

   $ sudo ls -al /var/opt/vcap/vcap_warden/container_depot_path/16mek1k7m0p/tmp/rootfs/app
   total 40
   drwx------  5 20006 20006 4096 Feb 24 09:31 .

And the file viewer on dea cannot reach this directory so that vmc file command could not work:

   $ vmc file my-app
   Getting file contents... FAILED
   Invalid path / for app identity-develop

Should I make some configurations for the droplet permission?

Thanks.

James Bayer

unread,
Feb 24, 2013, 8:15:29 PM2/24/13
to vcap...@cloudfoundry.org
I do not believe we have a known working configuration using cloud_controller v1 (not _ng) and dea_ng. That's not to say that it won't work, but I'm not familiar with an env we use that has that configuration.

Dr Nic Williams

unread,
Feb 24, 2013, 9:30:29 PM2/24/13
to vcap...@cloudfoundry.org
What changed in the dea_ng's NATS message API?

Nic
--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
twitter @drnic

Dr Nic Williams

unread,
Feb 24, 2013, 9:31:26 PM2/24/13
to vcap...@cloudfoundry.org
The current dea & cc messaging API is documented (sort of) at http://apidocs.cloudfoundry.com/dea

Nic

Yohei Sasaki

unread,
Feb 24, 2013, 10:01:07 PM2/24/13
to vcap...@cloudfoundry.org
What do you mean 'curent'? I think NATS API has no relation with this issue...?

In my investigation, there would be an architecture issue on the mix
use of Stager/CC(v1)/DEA_NG.

1. Stager make a droplet tgz with '0700' directory.
2. DEA_NG make a start up script which set umask '077' -> so the logs
are created as '0700'.
3. Warden launch the application process with the dedicated user,
which is different from the process user of DEA_NG.
4. DEA_NG serves the file viewer by directly accessing warden
container directory, which is refused by permission issue.

The permission issue can be resolved by changing #1 and #2 behavior,
which I'm not sure is correct...


2013/2/25 Dr Nic Williams <drnicw...@gmail.com>:
--
Yohei SASAKI
http://www.yssk22.info/

Dr Nic Williams

unread,
Feb 24, 2013, 10:02:11 PM2/24/13
to vcap...@cloudfoundry.org
Sorry, I meant DEA API; and by "current" I mean v1.

K_James

unread,
Apr 11, 2013, 11:03:31 PM4/11/13
to vcap...@cloudfoundry.org
hi, yssk22,

    you have deployed cf-release on your laptop successfully?  amazing job. is there any doc or manual?

在 2013年2月24日星期日UTC+8下午5时43分42秒,yssk22写道:

K_James

unread,
Apr 11, 2013, 11:03:41 PM4/11/13
to vcap...@cloudfoundry.org
hi, yssk22,

    you have deployed cf-release on your laptop successfully?  amazing job. is there any doc or manual?

在 2013年2月24日星期日UTC+8下午5时43分42秒,yssk22写道:
Hi, 
Reply all
Reply to author
Forward
0 new messages