Closed edwardstudy closed 6 years ago
@EdwardStudy we came to the conclusion that removing the registry will improve the security model of Bosh. Do you have any concerns with removing it?
Hi, @pivotal-jamil-shamy. Thanks for your reply. I thought that the registry in director would be a SPOF of bosh architecture if the registry crashed or the registry db was unable to provide service.
So, could you explain more details about the security model of Bosh?
Thank you.
Some of the reasons include that it is an extra dependency that we need to maintain (and potential for misconfiguration), but also, like you mentioned, is another point of failure as a service. Instead, we'd like to remove that layer from the stack, which will provide more direct communication between BOSH/CPI/agent and enable a few new features.
@dpb587-pivotal Great. Thank you.
As the development of SoftLayer CPI, we want to sync with the community. And we have implemented to switch to Softlayer Metadata service to store agent settings. The Softlayer Metadata service enables the user to obtain information regarding the resource from which the request originates.
Do you have any suggestions for this method: https://github.com/bluebosh/bosh-softlayer-cpi-release/commit/57a9a23edc05ab612b289ec6bde3bfa0afe6289f
Thank you. :)
@cppforlife can you provide advice for how they should handle this.
cc @maximilien let's chat about this in our next sync
The Bosh is using the NATS old password for my new deployment. Can anyone please suggest me how can we replace NATS old password into Bosh registry with linking with the new password, so my deployment get successful. Thanks!
{"timestamp":"1525120714.657526970","source":"Route Registrar","message":"Route Registrar.Running","log_level":1,"data":{}} {"timestamp":"1525120714.667801380","source":"Route Registrar","message":"Route Registrar.nats-connection-failed","log_level":2,"data":{"error":"nats: authorization violation","nats-hosts":[""]}} {"timestamp":"1525120714.667839289","source":"Route Registrar","message":"Route Registrar.Exiting with error","log_level":3,"data":{"error":"nats: authorization violation","trace":"goroutine 1 [running]:\ncode.cloudfoundry.org/lager.(*logger).Fatal(0xc420056300, 0x6a4916, 0x12, 0x7aace0, 0xc420019e90, 0x0, 0x0, 0x0)\n\t/var/vcap/packages/route_registrar/src/code.cloudfoundry.org/lager/logger.go:131 +0xc7\nmain.main()\n\t/var/vcap/packages/route_registrar/src/code.cloudfoundry.org/route-registrar/main.go:83 +0xa34\n"}} {"timestamp":"1525120754.712074280","source":"Route Registrar","message":"Route Registrar.Initializing","log_level":1,"data":{}} {"timestamp":"1525120754.712217093","source":"Route Registrar","message":"Route Registrar.creating nats connection","log_level":1,"data":{}} {"timestamp":"1525120754.712245464","source":"Route Registrar","message":"Route Registrar.Writing pid","log_level":1,"data":{"file":"/var/vcap/sys/run/route_registrar/route_registrar.pid","pid":"6671"}} {"timestamp":"1525120754.712294817","source":"Route Registrar","message":"Route Registrar.Running","log_level":1,"data":{}} {"timestamp":"1525120754.725129128","source":"Route Registrar","message":"Route Registrar.nats-connection-failed","log_level":2,"data":{"error":"nats: authorization violation","nats-hosts":["10.64.128.23:4222","10.64.128.24:4222"]}}
@wickyhasan this does not look like a problem with bosh itself. please find appropriate repo to make an issue: may be following: https://github.com/cloudfoundry/route-registrar
Hi. I found bosh's plan to remove registry. https://github.com/cloudfoundry/bosh-notes/blob/a34e33e95bda0712aa24ba03c1e49e4a1f147be1/cpi-api-v2.md https://github.com/cloudfoundry/bosh-notes/blob/master/registry-removal.md
But I did not know the reason for this? Do we have any related discussions?
Thank you.