search

cloudfoundry-community / cf-containers-broker

A generic "Containers" broker for the Cloud Foundry v2 services API
Apache License 2.0
38 stars 31 forks source link

can't create a service-broker #25

Closed buddycao closed 9 years ago

buddycao commented 9 years ago

Hi, I got somethings wrong with running "cf create-service-broker". Could you help me ?

Here is the detail message: ubuntu@bastion:~/workspace/deployments/docker-services-boshworkspace$ CF_TRACE=true cf create-service-broker docker containers containers http://cf-containers-broker.10.239.70.76.xip.io

VERSION: 6.12.2-24abed3

Creating service broker docker as admin...

REQUEST: [2015-09-02T13:42:07Z] POST /v2/service_brokers HTTP/1.1 Host: api.10.239.70.76.xip.io Accept: application/json Authorization: [PRIVATE DATA HIDDEN] Content-Type: application/json User-Agent: go-cli 6.12.2-24abed3 / linux

{"name":"docker","broker_url":"http://cf-containers-broker.10.239.70.76.xip.io","auth_username":"containers","auth_password":"containers"}

RESPONSE: [2015-09-02T13:42:07Z] HTTP/1.1 401 Unauthorized Content-Length: 97 Content-Type: application/json;charset=utf-8 Date: Wed, 02 Sep 2015 13:42:07 GMT Server: nginx X-Cf-Requestid: 30f24168-c994-497f-5be9-f282ce0291bb X-Content-Type-Options: nosniff X-Vcap-Request-Id: 1a3b8e8d-0b5c-4c6b-51c3-615ac2c6c478::2583e1eb-b44b-449f-9bbd-3e7467323fdc

{ "code": 1000, "description": "Invalid Auth Token", "error_code": "CF-InvalidAuthToken" }

REQUEST: [2015-09-02T13:42:07Z] POST /oauth/token HTTP/1.1 Host: login.10.239.70.76.xip.io Accept: application/json Authorization: [PRIVATE DATA HIDDEN] Content-Type: application/x-www-form-urlencoded User-Agent: go-cli 6.12.2-24abed3 / linux

grant_type=refresh_token&refresh_token=eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJjNThkOTRiYy1iMzM4LTQwOWYtYTg1NS1kYWMwODE0YmZmMjIiLCJzdWIiOiIzN2QzYWRhZC01ZmM1LTQ4NjMtYWE3OS00ODg3ZTk4NzFlZWUiLCJzY29wZSI6WyJzY2ltLnJlYWQiLCJjbG91ZF9jb250cm9sbGVyLmFkbWluIiwic2NpbS53cml0ZSIsImNsb3VkX2NvbnRyb2xsZXIud3JpdGUiLCJwYXNzd29yZC53cml0ZSIsIm9wZW5pZCIsImNsb3VkX2NvbnRyb2xsZXIucmVhZCIsImRvcHBsZXIuZmlyZWhvc2UiXSwiaWF0IjoxNDQxMTk0NzI5LCJleHAiOjE0NDM3ODY3MjksImNpZCI6ImNmIiwiY2xpZW50X2lkIjoiY2YiLCJpc3MiOiJodHRwczovL3VhYS4xMC4yMzkuNzAuNzYueGlwLmlvL29hdXRoL3Rva2VuIiwiemlkIjoidWFhIiwiZ3JhbnRfdHlwZSI6InBhc3N3b3JkIiwidXNlcl9uYW1lIjoiYWRtaW4iLCJ1c2VyX2lkIjoiMzdkM2FkYWQtNWZjNS00ODYzLWFhNzktNDg4N2U5ODcxZWVlIiwicmV2X3NpZyI6IjY1YjIzNDhkIiwiYXVkIjpbImNmIiwic2NpbSIsImNsb3VkX2NvbnRyb2xsZXIiLCJwYXNzd29yZCIsIm9wZW5pZCIsImRvcHBsZXIiXX0.DbqwsWoS5kiekIaZwkAiW9QD_OB-jy7Vat72aorDj1vYtqUfOOEBS3IS7KTLdWAtiJ_4g1XKHSehsP-HPKgkjBdQEcRhr9uxkLtVednP3m0yLG-vK3mzz499MedcsqijvUhbKN5VGYTZbUSHU6cCMZXEjz8r6zkAZjws79XKXaA&scope=

RESPONSE: [2015-09-02T13:42:07Z] HTTP/1.1 200 OK Transfer-Encoding: chunked Access-Control-Allow-Origin: * Cache-Control: no-cache, no-store, max-age=0, must-revalidate Cache-Control: no-store Content-Type: application/json;charset=UTF-8 Date: Wed, 02 Sep 2015 13:42:06 GMT Expires: 0 Pragma: no-cache Pragma: no-cache Server: Apache-Coyote/1.1 X-Cf-Requestid: 0415ef1b-95a5-4060-589e-cd767874d6bc X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block

870 {"access_token":"[PRIVATE DATA HIDDEN]","token_type":"bearer","refresh_token":"[PRIVATE DATA HIDDEN]","expires_in":599,"scope":"scim.read cloud_controller.admin password.write scim.write openid cloud_controller.write cloud_controller.read doppler.firehose","jti":"74d82a56-d39a-4641-9147-3ce1cecd1595"} 0

REQUEST: [2015-09-02T13:42:07Z] POST /v2/service_brokers HTTP/1.1 Host: api.10.239.70.76.xip.io Accept: application/json Authorization: [PRIVATE DATA HIDDEN] Content-Type: application/json User-Agent: go-cli 6.12.2-24abed3 / linux

{"name":"docker","broker_url":"http://cf-containers-broker.10.239.70.76.xip.io","auth_username":"containers","auth_password":"containers"}

RESPONSE: [2015-09-02T13:42:43Z] HTTP/1.1 502 Bad Gateway Content-Length: 300 Content-Type: application/json;charset=utf-8 Date: Wed, 02 Sep 2015 13:42:43 GMT Server: nginx X-Cf-Requestid: 289e3daf-ff7a-43b4-6d33-c3b76659097e X-Content-Type-Options: nosniff X-Vcap-Request-Id: e022e464-de62-4515-54b7-72e3c5acca49::19be1a4f-d49a-448f-92f8-64bf9155ca81

{ "code": 10001, "description": "The service broker could not be reached: http://cf-containers-broker.10.239.70.76.xip.io/v2/catalog", "error_code": "CF-ServiceBrokerApiUnreachable", "http": { "uri": "http://cf-containers-broker.10.239.70.76.xip.io/v2/catalog", "method": "GET" } }

FAILED Server error, status code: 502, error code: 10001, message: The service broker could not be reached: http://cf-containers-broker.10.239.70.76.xip.io/v2/catalog FAILED Server error, status code: 502, error code: 10001, message: The service broker could not be reached: http://cf-containers-broker.10.239.70.76.xip.io/v2/catalog

ubuntu@bastion:~/workspace/deployments/docker-services-boshworkspace$ curl -I -u containers:containers cf-containers-broker.10.239.70.76.xip.io/v2/catalog HTTP/1.1 200 OK Cache-Control: max-age=0, private, must-revalidate Content-Type: application/json; charset=utf-8 Date: Wed, 02 Sep 2015 13:25:10 GMT Etag: "55c466633ed95d93106f3297f4cdbdd0" Status: 200 OK X-Cf-Requestid: 64420ed2-2d21-418a-4ec0-63382bac0d24 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Request-Id: 0fc48803-a0f2-424d-b8a4-e513f81170ea X-Runtime: 0.035762 X-Xss-Protection: 1; mode=block

root@vm-bcdbe19a-dc0c-4d33-9a82-d9251d9fa122:/var/vcap/bosh_ssh/bosh_sxx1a58pj# monit summary The Monit daemon 5.2.4 uptime: 31m

Process 'docker' running Process 'cf-containers-broker' running System 'system_91ab54f0-8ce9-4a48-bca5-33d16d6da1ac' running

root@vm-bcdbe19a-dc0c-4d33-9a82-d9251d9fa122:/var/vcap/bosh_ssh/bosh_sxx1a58pj# ps aux | grep unicorn root 1446 0.0 0.8 231376 67024 ? S<l 13:14 0:01 unicorn master --daemonize -c /var/vcap/jobs/cf-containers-broker/config/unicorn.conf.rb
root 1450 0.0 0.7 232040 63188 ? S<l 13:14 0:00 unicorn worker[0] --daemonize -c /var/vcap/jobs/cf-containers-broker/config/unicorn.conf.rb
root 1453 0.0 0.7 232048 63136 ? S<l 13:14 0:00 unicorn worker[1] --daemonize -c /var/vcap/jobs/cf-containers-broker/config/unicorn.conf.rb
root 1456 0.0 0.7 231376 62684 ? S<l 13:14 0:00 unicorn worker[2] --daemonize -c /var/vcap/jobs/cf-containers-broker/config/unicorn.conf.rb

root 1459 0.0 0.7 232220 63224 ? S<l 13:14 0:00 unicorn worker[3] --daemonize -c /var/vcap/jobs/cf-containers-broker/config/unicorn.conf.rb

root@vm-bcdbe19a-dc0c-4d33-9a82-d9251d9fa122:/var/vcap/bosh_ssh/bosh_sxx1a58pj# netstat -anp | grep -i listen tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 559/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1446/unicorn.conf.r tcp 0 0 127.0.0.1:4243 0.0.0.0:* LISTEN 998/docker
tcp 0 0 127.0.0.1:33331 0.0.0.0:* LISTEN 851/bosh-agent
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 752/sshd
tcp 0 0 127.0.0.1:2822 0.0.0.0:* LISTEN 991/monit
tcp 0 0 127.0.0.1:2825 0.0.0.0:* LISTEN 851/bosh-agent
tcp 0 0 0.0.0.0:56841 0.0.0.0:* LISTEN 634/rpc.statd
tcp6 0 0 :::111 :::* LISTEN 559/rpcbind
tcp6 0 0 :::22 :::* LISTEN 752/sshd
tcp6 0 0 :::49803 :::* LISTEN 634/rpc.statd
unix 2 [ ACC ] STREAM LISTENING 1446 1/init @/com/ubuntu/upstart unix 2 [ ACC ] SEQPACKET LISTENING 10381 294/systemd-udevd /run/udev/control unix 2 [ ACC ] STREAM LISTENING 11968 998/docker /var/vcap/sys/run/docker/docker.sock unix 2 [ ACC ] STREAM LISTENING 9173 559/rpcbind /run/rpcbind.sock

frodenas commented 9 years ago

Have you tried running to curl command from inside the CC VM? Might be a problem with DNS or security groups (https://github.com/cf-platform-eng/docker-boshrelease#dns-issues).

buddycao commented 9 years ago

Hi, we have a proxy. After we unset the proxy, we can get the catalog by using "wget http://containers:containers@cf-containers-broker.10.239.70.76.xip.io/v2/catalog". It seems that it's not a DNS problem because it can parse the domain name "cf-containers-broker.10.239.70.76.xip.io". However, we still can't create a broker by "cf create-serivce-broker".

ubuntu@bastion:~/workspace/deployments/docker-services-boshworkspace$ wget http://containers:containers@cf-containers-broker.10.239.70.76.xip.io/v2/catalog --2015-09-03 13:28:11-- http://containers:_password_@cf-containers-broker.10.239.70.76.xip.io/v2/catalog Resolving cf-containers-broker.10.239.70.76.xip.io (cf-containers-broker.10.239.70.76.xip.io)... 10.239.70.76 Connecting to cf-containers-broker.10.239.70.76.xip.io (cf-containers-broker.10.239.70.76.xip.io)|10.239.70.76|:80... connected. HTTP request sent, awaiting response... 401 Unauthorized Reusing existing connection to cf-containers-broker.10.239.70.76.xip.io:80. HTTP request sent, awaiting response... 200 OK Length: unspecified [application/json] Saving to: ?.atalog.5?

[ <=>                                                    ] 54,903      --.-K/s   in 0.009s

2015-09-03 13:28:11 (5.78 MB/s) - ?.atalog.5?.saved [54903]

ubuntu@bastion:~/workspace/deployments/docker-services-boshworkspace$ cf create-service-broker docker containers containers http://cf-containers-broker.10.239.70.76.xip.io Creating service broker docker as admin... FAILED Server error, status code: 502, error code: 10001, message: The service broker could not be reached: http://cf-containers-broker.10.239.70.76.xip.io/v2/catalog

frodenas commented 9 years ago

Looking at the output it seems that you run the curl/wget command from your bastion vm. Can you please ssh into the cloud controller vm and run the curl command? The symptoms are that the cc component is unable to access the service broker url, so I want to be sure there isn't any connectivity problem between the cc and the service broker.

buddycao commented 9 years ago

Thanks frondena, I solved it. It is a DNS problem indeed. the CC and all the vms must be the same DNS.