BOSH CLI v2+
License: Apache License 2.0
This project includes director and uaa packages meant to be used in your project for programmatic access to the Director API.
See docs/example.go for a live short usage example.
It is great that bosh interpolate --var-errs ... helps point out unbound variables whose absence is likely to cause deployment failures. In addition, it would be very helpful if bosh could report the variables that have been provided but are not being used because it would very quickly point out which variables have been renamed. Concretely, if a variable like diego_bbs_host was renamed to diego_sql_bbs_host one would see two errors:
diego_sql_bbs_host is required.diego_bbs_host was provided but was unused.From this output, it would be quick and easy for a user to realize that the name change is the problem, and should be very easy to fix.
I have Inception VM where bosh cli version is 1.3071.0 installed in it.
I want to upgarde to latest bosh cli 1.3262.4.0
When i install the bosh cli using following command in command line as root user it works fine and I get updated version in both ubuntu user and and root user.
sudo su
gem install bosh_cli
bosh --version
BOSH 1.3262.4.0
but when I do the installation in ubuntu user it install successfully but shows older version only.
sudo gem install bosh_cli
bosh --version
BOSH 1.3071.0
Code:
bosh-cli/releasedir/s3_blobstore.go
Line 11 in 281ef97
This fork is 200 commits behind the s3cli and most likely doesn't work with many s3-compatible blobstores like Google Cloud Storage. Should we bump this dependency (will require minor code changes) to enable better release blobstore support?
Azure only supports to use LUN to identify a new data disk. The new data disk with LUN will be updated in bosh-registry after Azure CPI attach_disk is executed.
Below code here does not work on Azure.
func (c *agentClient) MountDisk(diskCID string) error {
_, err := c.sendAsyncTaskMessage("mount_disk", []interface{}{diskCID})
return err
}
func (c *agentClient) UnmountDisk(diskCID string) error {
_, err := c.sendAsyncTaskMessage("unmount_disk", []interface{}{diskCID})
return err
}
I'm using bosh ssh -d <deployment> without specifying an instance. In the ruby cli, I was getting a list to select from. The golang cli seems to pick the first instance? If the first instance is an errand, ssh just fails. So I guess the cli should either
expects_vm: true, now that the Director sends this)Wdyt?
$ bosh ssh -d dummy
Using environment '<IP>' as user 'admin'
Using deployment 'dummy'
Task 6814
09:04:00 | Error: 'dummy_errand/cdef8f97-f112-4bae-bdbd-ac530d040a95 (0)' doesn't reference a VM
$ bosh instances -d dummy
Using environment '<IP>' as user 'admin'
Using deployment 'dummy'
Task 6815. Done
Instance Process State AZ IPs
dummy_errand/cdef8f97-f112-4bae-bdbd-ac530d040a95* (0) - - -
dummy_with_package_z1/eeb7e7c2-8cc9-4cc4-b144-9b5331d83e51* (0) running - 192.168.0.8
(*) Bootstrap node
2 instances
Here's my cli version
$ bosh --version
version 0.0.65-47ea064-2016-09-23T22:57:48Z
That would be more helpful than
Expected to find a map key 'openstack' for path '/instance_groups/name=bosh/properties/openstack'
Exit code 1
Did this in the bosh-repo after creating a new dev release with bundle exec rake release:create_dev_release
$ bosh create-release /Users/<user>/workspace/bosh/release/dev_releases/bosh/bosh-257.9+dev.3.yml --tarball
Internal inconsistency: version 'b26048fd1490b32e64a74c8014df6cfa27300d68' vs '3'
Exit code 1
I've got a deployment that includes cf-release, and configures security groups.
Some of the entries for the security groups use ports: "80,443" in the deployment.yml.
The cloud_controller_clock job in cf-release consumes this config via to_json in the ERB templates.
When I run using the old ruby bosh cli, this template gets instantiated in the job as {..., "ports":"80,443", ...}, however with everything else the same and deploying using the new go bosh cli, this gets translated to JSON as {..., "ports": 80443, ...}. This causes the cloud_controller_clock to fail to start, because it expects a string value for ports and gets a numeric.
Hopefully that is enough info to reproduce the issue and see the problem; if not I may be able to pare it down to demonstrate the issue.
Creating a release with a tarball puts the generated tarball in releases/, but it puts the generated yml in dev_releases/
The old ruby CLI put both artifacts in dev_releases/.
We don't want to pollute our releases directory with dev artifacts that shouldn't be committed.
Hello,
I built the cli 2 days ago. Today I sshed into an uaa on vsphere.
First I tried gobosh -e overbosh ssh uaa 0 -d cf to connect to the uaa/0 instance which threw this error:
Using environment '172.27.1.6' as user 'admin'
Using deployment 'cf'
Task 6471. Done
?/0: stderr | Unauthorized use is strictly prohibited. All access and activity
?/0: stderr | is subject to logging and monitoring.
?/0: stdout | bash: 0: command not found
?/0: stderr | Connection to 172.27.1.53 closed.
Running SSH:
1 error(s) occurred:
* Running command: 'ssh -tt -o ServerAliveInterval=30 -o ForwardAgent=no -o PasswordAuthentication=no -o IdentitiesOnly=yes -o IdentityFile=/home/vcap/.bosh/tmp/ssh-priv-key146955521 -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/home/vcap/.bosh/tmp/ssh-known-hosts880087660 172.27.1.53 -l bosh_0c902fee64414437 0', stdout: '', stderr: '': exit status 127
Exit code 1
after leaving out the id, I was able to connect, but when I close the SSH session I will get the error with another exit status
Running SSH:
1 error(s) occurred:
* Running command: 'ssh -tt -o ServerAliveInterval=30 -o ForwardAgent=no -o PasswordAuthentication=no -o IdentitiesOnly=yes -o IdentityFile=/home/vcap/.bosh/tmp/ssh-priv-key436948954 -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/home/vcap/.bosh/tmp/ssh-known-hosts249189745 172.27.1.53 -l bosh_941e632f2cc94387', stdout: '', stderr: '': exit status 130
Exit code 1
Please let me know if I can provide logs/more output to help pinning down this error.
Hi,
While using https://github.com/cloudfoundry-community/bosh_exporter which consumes this library, I ran into a problem where my BOSH password was logged into the log files:
time="2016-11-03T12:11:36Z" level=error msg="Error reading BOSH Info: Fetching info: Performing request GET 'https://10.193.60.31:25555/info': Performing GET request: Get https://director:[email protected]:25555/info: x509: certificate signed by unknown authority" source="bosh_exporter.go:211"
The passwords seems to be included in the error returned here https://github.com/cloudfoundry/bosh-cli/blob/master/director/info.go#L121
Thanks,
bosh --version returns failure (1); should return success (0).
$ bosh --version
version 0.0.25-daaed40-2016-08-15T18:49:02Z
Exit code 1
The UNIX convention is to return success when passed the --version flag (0); e.g.
tar --version; echo $?
bsdtar 2.8.3 - libarchive 2.8.3
0
Originally filed by @cunnie in cloudfoundry-attic/bosh-init#94
We were confused by the error message when building our release in a one-off Concourse job.
$ gobosh -n create-release --name cf-mysql --version 31.33+g3e3d717 --tarball --force
Building a release from directory '/tmp/build/e55deab7/cf-mysql-release':
Cannot find blob '' with SHA1 'de370941424b8db054a953bf4dc9925de6f6c33d'
It looks like this was caused because we ran it on a workspace polluted with artifacts from the ruby CLI, but we didn't have any idea what to do about this error before talking to the Bosh team.
Some suggestion about what to do to clean up the directory (Dmitriy suggested running bosh reset-release) or an indication of what files Bosh was referencing might have allowed us to solve the problem on our own.
$ bosh logs -f -d lifecycle-demo demo/acf185db-5ec5-4397-bdd0-301075115b6e
Using environment '<bla>' as user 'admin'
Using deployment 'lifecycle-demo'
Task 3637. Done
?/acf185db-5ec5-4397-bdd0-301075115b6e: stderr | Unauthorized use is strictly prohibited. All access and activity
?/acf185db-5ec5-4397-bdd0-301075115b6e: stderr | is subject to logging and monitoring.
?/acf185db-5ec5-4397-bdd0-301075115b6e: stdout | ==> /var/vcap/sys/log/demo2/demo2.stdout.log <==
?/acf185db-5ec5-4397-bdd0-301075115b6e: stdout | [2016-09-08 08:10:04+0000] job demo/acf185db-5ec5-4397-bdd0-301075115b6e starting...
?/acf185db-5ec5-4397-bdd0-301075115b6e: stdout | tail: cannot open ‘/var/vcap/sys/log/demo2/post-deploy.stderr.log’ for reading: Permission denied
?/acf185db-5ec5-4397-bdd0-301075115b6e: stdout | tail: cannot open ‘/var/vcap/sys/log/demo2/post-deploy.stdout.log’ for reading: Permission denied
?/acf185db-5ec5-4397-bdd0-301075115b6e: stdout | tail: cannot open ‘/var/vcap/sys/log/demo2/post-start.stderr.log’ for reading: Permission denied
?/acf185db-5ec5-4397-bdd0-301075115b6e: stdout | tail: cannot open ‘/var/vcap/sys/log/demo2/post-start.stdout.log’ for reading: Permission denied
?/acf185db-5ec5-4397-bdd0-301075115b6e: stdout | tail: cannot open ‘/var/vcap/sys/log/demo2/pre-start.stderr.log’ for reading: Permission denied
?/acf185db-5ec5-4397-bdd0-301075115b6e: stdout | tail: cannot open ‘/var/vcap/sys/log/demo2/pre-start.stdout.log’ for reading: Permission denied
?/acf185db-5ec5-4397-bdd0-301075115b6e: stdout |
This is because pre-start, post-start, and post-deploy logs are written by root with pretty restrictive permissions:
$ bosh -d lifecycle-demo ssh -c "ls -la /var/vcap/sys/log/demo"
Using environment '<bla>' as user 'admin'
Using deployment 'lifecycle-demo'
Task 3649. Done
?/0: stderr | Unauthorized use is strictly prohibited. All access and activity
?/0: stderr | is subject to logging and monitoring.
?/0: stderr | Unauthorized use is strictly prohibited. All access and activity
?/0: stderr | is subject to logging and monitoring.
?/0: stdout | total 24
?/0: stdout | drwxr-x--- 2 vcap vcap 4096 Sep 8 08:11 .
?/0: stdout | drwxr-x--- 4 root vcap 4096 Sep 8 08:10 ..
?/0: stdout | -rw-r--r-- 1 root root 85 Sep 8 08:10 demo.stdout.log
?/0: stdout | -rw-r----- 1 root root 0 Sep 8 08:11 post-deploy.stderr.log
?/0: stdout | -rw-r----- 1 root root 93 Sep 8 08:11 post-deploy.stdout.log
?/0: stdout | -rw-r----- 1 root root 0 Sep 8 08:10 post-start.stderr.log
?/0: stdout | -rw-r----- 1 root root 92 Sep 8 08:10 post-start.stdout.log
?/0: stdout | -rw-r----- 1 root root 0 Sep 8 08:10 pre-start.stderr.log
?/0: stdout | -rw-r----- 1 root root 91 Sep 8 08:10 pre-start.stdout.log
?/0: stderr | Connection to 192.168.0.11 closed.
I was not sure if this should go here or in the bosh-agent repo. Probaby the change needs to be done in the agent and the go-cli is just surfacing the problem.
I am missing some vars required by my manifest, so I see this error
bosh-cli build-manifest --var-files=deployment-env-vars.yml \
--var-errs ~/workspace/cf-deployment/cf-deployment.yml
Expected to find variables: etcd_require_ssl, network_policy_server_uri
Exit code 1Except this was running in a script, with the output piped to a file:
bosh-cli build-manifest --var-files=deployment-env-vars.yml \
--var-errs ~/workspace/cf-deployment/cf-deployment.yml \
> /tmp/generated-manifest
The script exited with code 1, but I didn't see any error output. It was difficult to diagnose the problem.
If error messages were printed to stderr, then they would appear in the console output, even when stdout is redirected to a file.
cc: @mcwumbly
on version 0.0.101-33f5c26-2016-11-08T03:36:51Z documentation just has
--skip-drain= Skip running drain scripts
It wasn't very obvious to me, that
* is possibleNot sure how to document these things with go-flags, wdyt?
Could we please provide private.yml credentials as arguments to bosh create release? This would make providing credentials via CI (ie Concourse) much easier, as we don't need to template a file.
It seems like create-release --force doesn't behave the same way as the old CLI, which would upload the blobs from your dev machine.
bosh2 --version
version 0.0.91-b66cf70-2016-10-25T20:54:12Z
Succeeded
bosh2 create-release --force
Adding job 'server/8fc2072dd5e7452b9164aefab5b5e95128f309d5'...
Added job 'server/8fc2072dd5e7452b9164aefab5b5e95128f309d5'
Adding package 'gemfire/25d3ad09103db0766e629e99ff34ad8c8bf91fbb'...
Added package 'gemfire/25d3ad09103db0766e629e99ff34ad8c8bf91fbb'
Adding package 'jdk8/3687f8350949ecfb57eb9a737add899d9e5d7250'...
Added package 'jdk8/3687f8350949ecfb57eb9a737add899d9e5d7250'
Added dev release 'gemfire/0+dev.12'
Name gemfire
Version 0+dev.12
Commit Hash dfd21ce+
Job SHA1 Packages
locator/27a6c0e15d77b5e0ccc6655bd98aae4a5af41760 07d246d9ef3249876dc3c6566675e32ea84c01f0 gemfire
jdk8
pid_utils
server/8fc2072dd5e7452b9164aefab5b5e95128f309d5 d1d5e9bfb5c3b0a1d842bf3c7b2fff5b4617c540 gemfire
jdk8
pid_utils
smoke-tests/d8ef6e573f86db8e45245813b7d327db55016a13 9421002816b7e73ab9e1cc1fff5740fd01be37cf gemfire
jdk8
3 jobs
Package SHA1 Dependencies
gemfire/25d3ad09103db0766e629e99ff34ad8c8bf91fbb 7e095650a98d2ec22026666badc71c4ca1f941dc -
jdk8/3687f8350949ecfb57eb9a737add899d9e5d7250 9e504eb76c16e09b063c36ee9c7bc11dfd962d76 -
pid_utils/792887d459996fad1d45ceaccca27d69d336a965 956c4364abf001a32ff89be38100a77ba1574a7d -
3 packages
Succeeded
bosh2 upload-release
Using environment 'https://192.168.50.4:25555' as user 'admin'
########################################################### 100.00% 1.07 MB/s 0s
Task 59
14:29:41 | Extracting release: Extracting release (00:00:00)
14:29:41 | Verifying manifest: Verifying manifest (00:00:00)
14:29:41 | Resolving package dependencies: Resolving package dependencies (00:00:00)
14:29:41 | Processing 3 existing packages: Processing 3 existing packages (00:00:00)
14:29:41 | Creating new jobs: server/8fc2072dd5e7452b9164aefab5b5e95128f309d5 (00:00:00)
14:29:41 | Processing 2 existing jobs: Processing 2 existing jobs (00:00:00)
14:29:41 | Release has been created: gemfire/0+dev.12 (00:00:00)
Started Thu Oct 27 14:29:41 UTC 2016
Finished Thu Oct 27 14:29:41 UTC 2016
Duration 00:00:00
Task 59 done
Succeeded
bosh2 deploy manifests/gemfire-bosh-lite.yml
Using environment 'https://192.168.50.4:25555' as user 'admin'
Using deployment 'gemfire'
releases:
- name: gemfire
- version: 0+dev.11
+ version: 0+dev.12
Continue? [yN]: y
Task 60
14:29:56 | Preparing deployment: Preparing deployment (00:00:00)
14:29:57 | Preparing package compilation: Finding packages to compile (00:00:00)
14:29:57 | Compiling packages: jdk8/3687f8350949ecfb57eb9a737add899d9e5d7250
14:29:57 | Compiling packages: gemfire/25d3ad09103db0766e629e99ff34ad8c8bf91fbb
14:30:05 | Compiling packages: jdk8/3687f8350949ecfb57eb9a737add899d9e5d7250 (00:00:08)
L Error: Action Failed get_task: Task 7115e735-6319-4053-5cfd-0fd4370f5883 result: Compiling package jdk8: Running packaging script: Command exited with 1; Stdout: , Stderr: + cd jdk8
+ ARCHIVE=jdk-8u112-linux-x64.tar.gz
+ [[ -f jdk-8u112-linux-x64.tar.gz ]]
+ echo 'Archive not found'
+ exit 1
14:30:06 | Compiling packages: gemfire/25d3ad09103db0766e629e99ff34ad8c8bf91fbb (00:00:09)
L Error: Action Failed get_task: Task 68af4c68-59e4-466b-4dbc-fefc8623756d result: Compiling package gemfire: Running packaging script: Command exited with 9; Stdout: , Stderr: + echo 'Extracting archive....'
+ unzip gemfire/pivotal-gemfire-9.0.0-beta.1.zip -d /var/vcap/packages/gemfire
unzip: cannot find or open gemfire/pivotal-gemfire-9.0.0-beta.1.zip, gemfire/pivotal-gemfire-9.0.0-beta.1.zip.zip or gemfire/pivotal-gemfire-9.0.0-beta.1.zip.ZIP.
14:30:06 | Error: Action Failed get_task: Task 7115e735-6319-4053-5cfd-0fd4370f5883 result: Compiling package jdk8: Running packaging script: Command exited with 1; Stdout: , Stderr: + cd jdk8
+ ARCHIVE=jdk-8u112-linux-x64.tar.gz
+ [[ -f jdk-8u112-linux-x64.tar.gz ]]
+ echo 'Archive not found'
+ exit 1
Started Thu Oct 27 14:29:56 UTC 2016
Finished Thu Oct 27 14:30:06 UTC 2016
Duration 00:00:10
Task 60 error
Updating deployment:
Expected task '60' to succeed but was state is 'error'
Exit code 1
Here is what I found doing bosh cck recently. It's breaking right in the middle of the word 'cloud', which seems totally weird:
$ bosh-go cck -d dummy
Using environment '172.18.104.90' as user 'admin'
Using deployment 'dummy'
Task 6968
09:00:08 | Scanning 1 VMs: Checking VM states (00:00:12)
09:00:20 | Scanning 1 VMs: 0 OK, 0 unresponsive, 1 missing, 0 unbound (00:00:00)
09:00:20 | Scanning 1 persistent disks: Looking for inactive disks (00:00:03)
09:00:23 | Scanning 1 persistent disks: 1 OK, 0 missing, 0 inactive, 0 mount-info mismatch (00:00:00)
Started Mon Oct 24 09:00:08 UTC 2016
Finished Mon Oct 24 09:00:23 UTC 2016
Duration 00:00:15
Task 6968 done
# Type Description
105 missing_vm VM for 'dummy_with_package_z1/dcbbf18c-b2f8-482d-a58e-f1297841300f (0)' with cloud ID '07892183-53e9-4e2e-9620-a546b59cbeab' missing.
1 problems
1: Skip for now
2: Recreate VM without waiting for processes to start
3: Recreate VM and wait for processes to start
4: Delete VM reference
VM for 'dummy_with_package_z1/dcbbf18c-b2f8-482d-a58e-f1297841300f (0)' with clo
ud ID '07892183-53e9-4e2e-9620-a546b59cbeab' missing. (1):
Here is my CLI version
$ bosh --version
version 0.0.87-88598e3-2016-10-20T02:36:56Z
Succeeded
Output from Golang CLI:
BOSH_CLIENT=foo BOSH_CLIENT_SECRET=<SECRET> bosh-go deployments
Using environment '<ENV>' as user 'director'
Finding deployments:
Director responded with non-successful status code '401' response 'Not authorized: '/deployments'
'
Exit code 1Output from Ruby CLI:
BOSH_CLIENT=foo BOSH_CLIENT_SECRET=<SECRET> bosh-ruby deployments
Acting as client 'foo' on 'bosh'
+---------------+-------------------------------+-------------------------------------------------+--------------+
| Name | Release(s) | Stemcell(s) | Cloud Config |
+---------------+-------------------------------+-------------------------------------------------+--------------+
| concourse | concourse/1.6.0 | bosh-aws-xen-hvm-ubuntu-trusty-go_agent/3262.12 | latest |
| | garden-runc/0.4.0 | | |
| | slack-notification-resource/9 | | |
+---------------+-------------------------------+-------------------------------------------------+--------------+Director UAA snippet:
properties:
uaa:
url: "https://<HOST>:8443"
scim:
users:
- ((cli_admin_user))
- ((repave_user))
- ((upgrade_user))
clients:
bosh_cli:
override: true
authorized-grant-types: password,refresh_token
# scopes the client may receive
scope: openid,bosh.admin,bosh.read,bosh.*.admin,bosh.*.read
authorities: uaa.none
access-token-validity: 120 # 2 min
refresh-token-validity: 86400 # re-login required once a day
secret: "" # CLI expects this secret to be empty
uaa_admin:
authorized-grant-types: client_credentials
override: true
scope: ""
authorities: uaa.admin
access-token-validity: 120 # 2 min
refresh-token-validity: 86400 # re-login required once a day
secret: ((uaa_admin_client_secret)) # CLI expects this secret to be empty
admin: {client_secret: ((uaa_admin_client_secret))}
login: {client_secret: ((uaa_login_client_secret))}
zones: {internal: {hostnames: []}}
jwt:
signing_key: ((uaa_jwt_signing_key))
verification_key: ((uaa_jwt_verification_key))
sslPrivateKey: ((uaa_web_ssl_private_key))
sslCertificate: ((uaa_web_ssl_certificate))
login:
saml:
serviceProviderKey: ((uaa_sp_ssl_private_key))
serviceProviderCertificate: ((uaa_sp_ssl_certificate))With private keys (generated by AWS) it would be nice to:
$ bosh create-env ... --vf private_key=~/Downloads/bosh.pem
Above flag assumes that we rename current --var-file to --vars-file (and for consistency --var-env to --vars-env) since existing flag provides multiple variables.
cc @ljfranklin @cunnie not sure if you all need something like that.
Run bosh create-release from any non-release directory, e.g. /:
2016-10-10 09:33:07 ☆ ruby 2.0.0p648 (system) moncada in /
○ → bosh create-release
Expected non-empty 'final_name' in config '/config/final.yml'
Exit code 1The output from the Ruby CLI was much more helpful:
2016-10-10 09:35:57 ☆ ruby 2.2.5p319 moncada in /
○ → bosh-ruby create release
Sorry, your current directory doesn't look like release directoryIf my manifest YAML looks like this:
---
great_singer:
first_name: madonna
...but my release needs to know my great singer's last name, I might want to add a -o file to set her last name to an empty string:
---
- type: replace
path: /great_singer/last_name?
value: ""
When I try to build the final YAML file with bosh int manifest.yml -o madonna_is_very_special.yml, this will unfortunately error:
invalid argument for flag `-o, --ops-file' (expected []cmd.OpsFileArg): Deserializing ops file 'madonna_is_very_special.yml': yaml: unmarshal errors:
line 4: cannot unmarshal !!str `` into *interface {}
Exit code 1
I would like this to succeed and give me the following final YAML:
---
great_singer:
first_name: madonna
last_name: ""
otherwise director raises undefined method each' for nil:NilClass`
This occurred today when building a release that had no packages.
--- a/release/manifest/release.go
+++ b/release/manifest/release.go
@@ -7,8 +7,8 @@ type Manifest struct {
CommitHash string `yaml:"commit_hash"`
UncommittedChanges bool `yaml:"uncommitted_changes"`
- Jobs []JobRef `yaml:"jobs,omitempty"`
- Packages []PackageRef `yaml:"packages,omitempty"`
+ Jobs []JobRef `yaml:"jobs"`
+ Packages []PackageRef `yaml:"packages"`
CompiledPkgs []CompiledPackageRef `yaml:"compiled_packages,omitempty"`
License *LicenseRef `yaml:"license,omitempty"`
}when I run bosh vms or instances the bootstrap node shows up with a "*" right next to the string of the instance group
example:
instance_gropup/random-guid*
This means that all my UNIX tools like cut , awk, etc need an extra pipe through tr -d "*"
It would be useful if this "*" could have an extra space like this:
instance_gropup/random-guid *
The openstack/cpi.yml opsfile defines its cpi properties like this:
- type: replace
path: /instance_groups/name=bosh/properties/openstack?
value: &openstack
auth_url: ((auth_url))
username: ((openstack_username))
api_key: ((openstack_password))
tenant: ((tenant))
region: ((region))
default_key_name: ((default_key_name))
default_security_groups: ((default_security_groups))
Note that this includes the yaml anchor &openstack in the value.
I added an ops-file that puts an additional property into the openstack hash above. The idea was to set connection options. Could have been any other extra property on the openstack hash as well (such as default_volume_type):
- type: replace
path: /instance_groups/name=bosh/properties/openstack/connection_options?
value:
ca_cert: <redacted>
End result: The interpolated manifest looks good in the instance_groups.bosh.properties.openstack section, but cloud_provider.properties.openstack doesn't exist anymore. Most likely, because the yaml anchor is nil?
We are running the new CLI in CI and the logs showed the following error:
Command '*cmd.EnvironmentOpts' does not support extra arguments: 10.85.57.6
Exit code 1This was due to the change from env to alias-env. It would have been easier to debug if the error showed the command instead of the Golang type:
Command 'env' does not support extra arguments: 10.85.57.6
Exit code 1The README says "Relevant documentation pages from bosh.io", and links to the Installing BOSH section of the BOSH docs.
Then there's a heading, "Install BOSH CLI", which links to here.
Those instructions are for the Ruby CLI.
At Stark & Wayne we have a homebrew tap for some useful CF tools (https://github.com/starkandwayne/homebrew-cf) and it works off of a concourse github-release resource.
It would be really helpful if the bosh-cli binary was included in the github release. The binary could then be downloaded from:
https://github.com/cloudfoundry/bosh-cli/releases/download/v0.0.70/bosh-cli-darwin-amd64
It is also nice to have the binary and the source code all in one place. I can see exactly what code the binary has by its corresponding git tag.
We see the following output when running a bosh deploy command.
Updating deployment:
Getting task state:
Performing request GET 'https://10.0.0.6:25555/tasks/26':
Performing GET request:
Get https://bosh-user:[email protected]:25555/tasks/26: net/http: TLS handshake timeout
Exit code 1
We notice that the bosh task still continues, its just that the CLI times out.
Also it would be nice to sanitize the output so that the bosh director's username and password isn't shown in the output.
Compare:
gosh update-cloud-config deployments/cf/cloud-config.yml
Using environment 'xxx' as anonymous user
Continue? [yN]: y
Updating cloud config:
Performing request POST 'https://xxx:25555/cloud_configs':
Performing POST request:
Post https://xxx:25555/cloud_configs: http: ContentLength=3273 with Body length 0
Exit code 1
To:
gosh cloud-config
Using environment 'xxx' as anonymous user
Finding cloud configs:
Director responded with non-successful status code '401' response 'Not authorized: '/cloud_configs'
'
Exit code 1
This is in
gosh --version
version 0.0.54-a29688a-2016-09-06T16:34:29Z
(Incidentally: we use gosh because there doesn't appear to be a canonical name for this thing, and we need to continue to use it alongside the old bosh cli, and bosh-cli is irritating to have to type every time.)
Pivotal uses GITBOT to synchronize Github issues and pull requests with Pivotal Tracker.
Please add your new repo to the GITBOT config-production.yml in the Gitbot configuration repo.
If you don't have access you can send an ask ticket to the CF admins. We prefer teams to submit their changes via a pull request.
Steps:
config-production.yml fileIf there are any questions, please reach out to [email protected].
bosh-init didn't support Windows. The bosh_cli gem does work on Windows, although Windows wasn't listed on the installation guide. Is there a reason to not provide binaries for Windows?
Would it be the case of supplying a build-windows.yml with GOOS: windows or are there dependencies that require a Unix like environment?
We've been evaluating subpackages of this repo to replace our code for communicating with the bosh director. We have noticed that the director. NewConfigFromURL function requires HTTPS and always verifies certs, as stated in the example.
The following features would be really useful for us:
Let us know what you think of this. We'd be happy to PR this functionality in if you're happy to have it.
Cheers,
Craig
UAA authentication does not work properly if env var BOSH_USER is set. BOSH director will return 401 if BOSH_USER is set.
$ export BOSH_USER=admin
$ bosh login
Email: admin
Password: <UAA PASSWORD>
Successfully authenticated with UAA
Succeeded
$ bosh deployments
Using environment '<DIRECTOR_URL>' as user 'admin'
Finding deployments:
Director responded with non-successful status code '401' response 'Not authorized: '/deployments'
'
Exit code 1
$ unset BOSH_USER
$ bosh deployments
Using environment '<DIRECTOR_URL>' as '?'
Name Release(s) Stemcell(s) Cloud Config
concourse concourse/2.4.0 bosh-aws-xen-hvm-ubuntu-trusty-go_agent/3263.8 latest
garden-runc/1.0.0
concourse-cpi concourse/2.4.0 bosh-aws-xen-hvm-ubuntu-trusty-go_agent/3263.8 outdated
garden-runc/1.0.0
3 deployments
Succeeded
--ca-cert might have a bad path.
There should be a useful error for each of these. Currently, instead of handling all the separate cases, it seems to behave as if there are only two failure modes:
gosh --ca-cert=/tmp/nonexistent/file --user=admin --password='xxx' environment
Current environment is 'xxx'
Validating Director connection config:
Parsing CA certificate: Missing PEM block
Exit code 1
gosh --ca-cert=/tmp --user=admin --password='xxx' environment
Current environment is 'xxx'
Fetching info:
Performing request GET 'https://xxx:25555/info':
Performing GET request:
Get https://admin:xxx@xxx:25555/info: x509: certificate signed by unknown authority
Exit code 1
Interestingly, this is also a shorter error than you'd get by entirely excluding the flag:
Performing GET request:
Get https://...xxx:25555/releases: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "serial:11221279690464167074")
Exit code 1
This was seen in version 0.0.54-a29688a-2016-09-06T16:34:2.
When running bosh deploy, we get a nice diff of the changes we are going to apply:
gosh deploy -d cf --var-files=deployments/cf/env-vars.yml deployments/cf/cf-deployment.yml
Using environment '104.198.99.5' as user 'admin'
Using deployment 'cf'
networks:
- name: private
subnets:
- range: 10.0.16.0/20
cloud_properties:
+ ephemeral_external_ip: true
- range: 10.0.32.0/19
cloud_properties:
+ ephemeral_external_ip: true
When running gosh update-cloud-config, however, we do not see any diff; just a confirmation question:
gosh update-cloud-config deployments/cf/cloud-config.yml
Using environment 'xxx' as user 'admin'
Continue? [yN]: y
Succeeded
It would be nice if we could see a diff of the cloud config when we are updating it, rather than having to wait until running bosh deploy to see the changes. Of course, the new properties will not be applied to existing deployments until deploy is run, so perhaps the diff should note that, too.
gosh --version
version 0.0.54-a29688a-2016-09-06T16:34:29Z
Exit code 1
When there is not final version yet, the first version should probably be 1, not 0.
In order to provide a consistent developer experience, which promotes developer experience and the principal of least surprise, bosh target should allow for selecting a remote bosh server.
As a typical bosh developer would use cf target and uaac target on a daily basis, changing the syntax to something not consistent with that does not appear to further bosh goals.
I'm using bosh-deployment with the keystone v3 opsfile to deploy a Director.
bosh interpolate bosh.yml --ops-file openstack/cpi.yml --ops-file openstack/keystone-v3.yml -l secrets.yml -l openstack-secrets.yml -l outer-creds.yml --var-errs works and creates an output with an openstack section like this:
openstack:
api_key: <redacted>
auth_url: <redacted>
default_key_name: bosh
default_security_groups: bosh
domain: <redacted>
project: <redacted>
region: null
username: <redacted>
Note that domain and project are in there, while tenant is not.
Here is what I get on bosh create-env bosh.yml --ops-file openstack/cpi.yml --ops-file openstack/keystone-v3.yml -l secrets.yml -l openstack-secrets.yml -l outer-creds.yml:
Parsing installation manifest '/home/vcap/workspace/bosh-deployment/bosh.yml':
Evaluating manifest:
Expected to find a map key 'tenant' for path '/instance_groups/name=bosh/properties/openstack/tenant'
Exit code 1
Seems like the tenant remove operation in openstack/keystone-v3.yml is failing in create-env but works in interpolate?
Or does create-env try to find a replacement for the ((tenant)) variable before the ops-file which removes it is applied? Are there two different paths for interpolate and create-env?
Manifests often need encryption keys (e.g. a 128-bit hex-encoded AES key). I don't have any favorite keys, so wouldn't mind (and would in fact love) if bosh created keys for me!
Maybe even getting to specify the algorithm, encryption mode, encoding, and key length would be snazzy.
cd bosh-vsphere-cpi && bosh create-release --tarballWe've seen this with both the vSphere CPI and GCP CPI. The deployment succeeds when we use the Ruby CLI to create the CPI release tarball.
Example output:
○ → bosh create-env director.yml
Deployment manifest: '/Users/pivotal/scratch/vsphere/director.yml'
Deployment state: '/Users/pivotal/scratch/vsphere/director-state.json'
Started validating
Downloading release 'bosh'... Finished (00:01:14)
Validating release 'bosh'... Finished (00:00:00)
Validating release 'bosh-vsphere-cpi'... Finished (00:00:00)
Validating cpi release... Finished (00:00:00)
Validating deployment manifest... Finished (00:00:00)
Validating stemcell... Finished (00:00:00)
Finished validating (00:01:15)
Started installing CPI
Compiling package 'vsphere_cpi_ruby/c39b855dc291d73e81e5a1f5056d04cf8cce14d3'... Finished (00:01:28)
Compiling package 'vsphere_cpi_mkisofs/3d6f6e0f450164637b2cd5b8aa1daf0ecde2f261'... Finished (00:02:38)
Compiling package 'vsphere_cpi/31f7c234a64e0e5c7bd8577829bc887c0e8dc70b'... Finished (00:00:42)
Installing packages... Finished (00:00:00)
Rendering job templates... Finished (00:00:00)
Installing job 'vsphere_cpi'... Finished (00:00:00)
Finished installing CPI (00:04:49)
Starting registry... Finished (00:00:00)
Uploading stemcell 'bosh-vsphere-esxi-ubuntu-trusty-go_agent/3263.5'... Finished (00:00:34)
Started deploying
Creating VM for instance 'bosh/0' from stemcell 'sc-13ba804b-0b95-4e2e-a22f-0efe82055e95'... Finished (00:00:13)
Waiting for the agent on VM 'vm-c2b1bdfe-6e35-4999-b3b6-823914ab7b96' to be ready... Finished (00:00:43)
Creating disk... Finished (00:00:03)
Attaching disk 'disk-5ac782be-43c4-4ae0-b83e-ec3bad70e454' to VM 'vm-c2b1bdfe-6e35-4999-b3b6-823914ab7b96'... Finished (00:00:16)
Rendering job templates... Finished (00:00:02)
Compiling package 'ruby/589d4b05b422ac6c92ee7094fc2a402db1f2d731'... Skipped [Package already compiled] (00:00:00)
Compiling package 's3cli/b4e17d94eedc5c08978be29d1142b84f6d7bd0c2'... Skipped [Package already compiled] (00:00:00)
Compiling package 'mysql/b7e73acc0bfe05f1c6cbfd97bf92d39b0d3155d5'... Skipped [Package already compiled] (00:00:00)
Compiling package 'libpq/09c8f60b87c9bd41b37b0f62159c9d77163f52b8'... Skipped [Package already compiled] (00:00:00)
Compiling package 'vsphere_cpi_ruby/c39b855dc291d73e81e5a1f5056d04cf8cce14d3'... Failed (00:00:11)
Failed deploying (00:01:30)
Stopping registry... Finished (00:00:00)
Cleaning up rendered CPI jobs... Finished (00:00:00)
Deploying:
Building state for instance 'bosh/0':
Compiling job package dependencies for instance 'bosh/0':
Compiling job package dependencies:
Remotely compiling package 'vsphere_cpi_ruby' with the agent:
Sending 'compile_package' to the agent:
Sending 'get_task' to the agent:
Agent responded with error: Action Failed get_task: Task fb56487b-739a-473d-44f7-8cf475a82bea result: Compiling package vsphere_cpi_ruby: Running packaging script: Running packaging script: Command exited with 2; Stdout: , Stderr: ++ PATH=/usr/local/opt/openssl/bin:/var/vcap/bosh/bin:/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin
++ openssl version
+ openssl_version='OpenSSL 1.0.1f 6 Jan 2014'
++ echo OpenSSL 1.0.1f 6 Jan 2014
++ cut -f2 '-d '
++ cut -f1 -d.
+ openssl_major_version=1
+ '[' 1 == 0 ']'
+ echo 'Installing yaml'
+ tar xzf vsphere_cpi_ruby/yaml-0.1.5.tar.gz
tar (child): vsphere_cpi_ruby/yaml-0.1.5.tar.gz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now
Exit code 1When config/final.yml isn't there, bosh create-release fails:
bosh create-release
Expected non-empty 'final_name' in config '/Users/<user>/workspace/<my-release>/config/final.yml'
bosh-cli build-manifest --var-errs --var-file=/tmp/creds.yml cf-deployment/cf-deployment.yml
gives
[CLI] 2016/11/13 18:02:45 ERROR - Panic: runtime error: slice bounds out of range
********************
goroutine 1 [running]:
runtime/debug.Stack(0x706d00, 0xc4203a78f0, 0x28)
/usr/local/Cellar/go/1.7.3/libexec/src/runtime/debug/stack.go:24 +0x79
main.handlePanic()
/Users/pivotal/go/src/github.com/cloudfoundry/bosh-cli/main.go:110 +0x2e1
panic(0x687c60, 0xc420010150)
/usr/local/Cellar/go/1.7.3/libexec/src/runtime/panic.go:458 +0x243
github.com/cloudfoundry/bosh-cli/cmd.Cmd.Execute.func1(0xc42014ea40)
/Users/pivotal/go/src/github.com/cloudfoundry/bosh-cli/cmd/cmd.go:40 +0xe7
panic(0x687c60, 0xc420010150)
/usr/local/Cellar/go/1.7.3/libexec/src/runtime/panic.go:458 +0x243
github.com/cloudfoundry/bosh-cli/vendor/github.com/cppforlife/go-patch/patch.FindOp.Apply(0x0, 0x0, 0x0, 0x681340, 0xc420227e00, 0x681340, 0xc420227e00, 0x0, 0x0)
/Users/pivotal/go/src/github.com/cloudfoundry/bosh-cli/vendor/github.com/cppforlife/go-patch/patch/find_op.go:20 +0x17ce
github.com/cloudfoundry/bosh-cli/vendor/github.com/cppforlife/go-patch/patch.(*FindOp).Apply(0xc4202ab520, 0x681340, 0xc420227e00, 0x681340, 0xc420227e00, 0x0, 0x0)
<autogenerated>:5 +0x78
github.com/cloudfoundry/bosh-cli/vendor/github.com/cppforlife/go-patch/patch.Ops.Apply(0xc4202ab4e0, 0x2, 0x2, 0x681340, 0xc420227e00, 0x0, 0x0, 0x0, 0xc41ffeaa56)
/Users/pivotal/go/src/github.com/cloudfoundry/bosh-cli/vendor/github.com/cppforlife/go-patch/patch/ops.go:20 +0x65
github.com/cloudfoundry/bosh-cli/director/template.Template.Evaluate(0xc4202c0000, 0x95d0, 0xfe00, 0xc4202271d0, 0xc4202ab4e0, 0x2, 0x2, 0x101, 0x0, 0xc4202271d0, ...)
/Users/pivotal/go/src/github.com/cloudfoundry/bosh-cli/director/template/template.go:39 +0x101
github.com/cloudfoundry/bosh-cli/cmd.BuildManifestCmd.Run(0xaa5520, 0xc42019a030, 0xaa6b60, 0xc42019c040, 0xc4202c0000, 0x95d0, 0xfe00, 0x0, 0x0, 0x0, ...)
/Users/pivotal/go/src/github.com/cloudfoundry/bosh-cli/cmd/build_manifest.go:32 +0x26e
github.com/cloudfoundry/bosh-cli/cmd.Cmd.Execute(0x7c3090, 0x6978ef, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
/Users/pivotal/go/src/github.com/cloudfoundry/bosh-cli/cmd/cmd.go:202 +0x1e79
main.main()
/Users/pivotal/go/src/github.com/cloudfoundry/bosh-cli/main.go:35 +0x6cc
********************
Exit code 1
To reproduce, just follow the usage instructions for cf-filler.
Every other tool in the ecosystem currently uses the verb login. While it is aliased, it is inconsistent with all other Pivotal tool verbs: fly login, cf login, bosh login etc
Choosing new verbs without purpose which are inconsistent with other tools in the same ecosystem is a waste of time, effort and hinders developer adoption.
If I specify an interpolated variable in my manifest (e.g. some_field: ((my_var))) but fail to provide that value via the -l or -v flag, I'd expect the CLI to warn me. The fly CLI throws the helpful error unbound variable in template: 'my_var'. In the current BOSH CLI, you get random errors 10 minutes later: dial tcp: lookup ((external_ip)): invalid domain name.
When bosh CLI is passed a deployment manifest that is either non-existent or unreadable, it returns a misleading
the required argument `PATH` was not provided
message; instead, it should return either filename: No such file or directory or filename: Permission denied.
# non-existent
bosh --version
version 0.0.59-35caccf-2016-09-08T21:29:07Z
bosh deploy -d nginx-ntp-pdns no-such-file-or-directory
the required argument `PATH` was not provided
Exit code 1
# unreadable
bosh deploy -d nginx-ntp-pdns /etc/ssh/ssh_host_key
the required argument `PATH` was not provided
Exit code 1If the BOSH UAA component has SAML configuration, there is no way to locally authenticate against UAA. The workflow causes a range prompts call to set a UI AskForPassword which will require a not null entry. Because the entry is not null, BOSH will force UAA to use SAML as the code was provided.
Users should be able to login with a local account, even in the presence of SAML.
When using --var-files, we accidentally forgot to add a variable to our file. We should have added the line some_variable_name: correct-value in our variable file, but missed it.
The manifest got deployed with a property value set to the literal string ((some_variable_name)), and we had to look through logs to discover that. This was surprising.
It would be great if the deploy command gave us fast feedback that our template couldn't be completely filled in, because a variable wasn't set.
cc: @markstgodard
Old bosh:
root@ruby-bosh:/tmp/build/8e72821d# bosh update runtime-config runtime-config.yml
Acting as user 'admin' on 'bosh'
RSA 1024 bit CA certificates are loaded due to old openssl compatibility
Error 530001: Runtime manifest contains the release 'myrelease' with version as 'latest'. Please specify the actual version string.
New bosh:
root@golang-bosh:/tmp/build/8e72821d# bosh-cli -e env update-runtime-config ./runtime-config.yml
Using environment '10.9.1.7' as '?'
Continue? [yN]:
Expected behavior would be to either not have Continue without a reason, such as showing a delta of the changes ala Concourse
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.