Comments (17)
cf-gitbot
commented on June 26, 2024
We have created an issue in Pivotal Tracker to manage this:
https://www.pivotaltracker.com/story/show/138988189
The labels on this github issue will be updated when the story is started.
from cf-deployment.
cppforlife
commented on June 26, 2024
cf-deployment made it a required input from the user
...or default to something meaningful. silver ideal is to only ask for system_domain (ideally not even that). if exposed properly people can always override it if it's necessary.
from cf-deployment.
drich10
commented on June 26, 2024
I agree with @cppforlife, I'd still prefer to configure as little as possible as a user. This is assuming we do a better job of explaining the responsibility of DNS management to the user.
from cf-deployment.
wendorf
commented on June 26, 2024
👍 to that. Most (all?) of the *.sys domains are hard-coded. What's the customer value in letting it be configured?
from cf-deployment.
Amit-PivotalLabs
commented on June 26, 2024
@cppforlife how would you imagine not asking for system domain?
@wendorf @drich10 I'm not a fan of magic, I'd much rather have an explicit dependency I can understand than magical wiring that I have to have tribal knowledge about.
The customer value in letting it be configured is that customers want to configure it. Pivotal Web Services manages the run.pivotal.io and cfapps.io domains differently. Customers also may wish to have multiple shared app domains.
Perhaps you're asking about the value in making users configure it, not about letting them configure it. Making them configure it makes the dependency clear and simple, less magical.
The issue actually conflates two things. There's less value in configuring the SSH domain, but it's also undocumented.
from cf-deployment.
dsabeti
commented on June 26, 2024
Not to pile on, but I definitely don't want to add more required variables for basic OSS consumers of cf-deployment. That doesn't mean we can't make it easy(er) for other deployers/vendors out there in the world to extend cf-deployment to allow for more complex configuration.
With the way that CC "hard-codes" the ssh proxy location, it's impossible to even override this with an ops file. However, I was able to override the app_domains with a pretty simple ops file:
- type: replace
path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/app_domains
value:
- ((app_domain))
- type: replace
path: /instance_groups/name=api/jobs/name=cloud_controller_worker/properties/app_domains
value:
- ((app_domain))
- type: replace
path: /instance_groups/name=cc_clock/jobs/name=cloud_controller_clock/properties/app_domains
value:
- ((app_domain))
And manifest generation looked like this:
bosh int cf-deployment.yml \
--var-errs \
--vars-store ~/workspace/gcp-spike/deployment-vars.yml \
-o ~/workspace/gcp-spike/override-apps-domain.yml \
-v system_domain=cf-dsabeti.cf-app.com \
-v app_domain=apps.cf-dsabeti.cf-app.com
which I think is sort of a nice UX -- you only get the new variable if you included the ops file.
If CAPI made the ssh proxy url configurable (but with the same default), vendors could similarly ship an ops file that requires a property called ((ssh_proxy_domain)) variable and override the default value.
EDIT [because Amit added a response while I was writing]:
@Amit-PivotalLabs, does adding these values to the specs, even with the same defaults, help with make this better documents / less magical?
from cf-deployment.
cppforlife
commented on June 26, 2024
@dsabeti's snippets above are exactly what i was thinking. nice!
from cf-deployment.
dsabeti
commented on June 26, 2024
Hey @Amit-PivotalLabs, there hasn't been much activity on this thread for a while, and I want to take action and the close this out.
It looks like capi-release still computes the ssh-proxy domain from the system domain. Do you want to submit a github issue for them to make the ssh-proxy domain configurable?
As for the "app domain," it's actually a slightly more complicated topic than we've implied here. There isn't really such a thing as the "app domain" -- the field simply seeds the SharedDomains table. If you change the value of app_domains after the first deploy, I'm not sure that anything gets updated in your Cloud Controller DB. It might make sense to support an ops file for configuring the app_domains on the initial deploy anyway, but we'd have to set expectations that the ops-file is only relevant for a bootstrap deploy.
cc @anEXPer
from cf-deployment.
Amit-PivotalLabs
commented on June 26, 2024
I think at minimum the official documentation for deploying Cloud Foundry
should explicitly document the DNS requirements the deployer must fulfill.
It should also recommend some tooling to simplify IaaS paving, and said
tool should either automate the DNS provisioning or reiterate in its
documentation that there's some DNS setup pre-requisites, pointed back to
the official CF docs as the source of truth as to what those pre-requisites
are.
…On Thu, Apr 13, 2017 at 11:54 AM, David Sabeti ***@***.***> wrote:
Hey @Amit-PivotalLabs <https://github.com/Amit-PivotalLabs>, there hasn't
been much activity on this thread for a while, and I want to take action
and the close this out.
It looks like capi-release still computes the ssh-proxy domain from the
system domain
<https://github.com/cloudfoundry/cloud_controller_ng/blob/master/bosh/jobs/cloud_controller_ng/templates/cloud_controller_api.yml.erb#L154>.
Do you want to submit a github issue for them to make the ssh-proxy domain
configurable?
As for the "app domain," it's actually a slightly more complicated topic
than we've implied here. There isn't really such a thing as the "app
domain" -- the field simply seeds the SharedDomains
<https://github.com/cloudfoundry/cloud_controller_ng/blob/master/lib/cloud_controller/seeds.rb#L69-L78>
table. If you change the value of app_domains after the first deploy, I'm
not sure that anything gets updated in your Cloud Controller DB. It might
make sense to support an ops file for configuring the app_domains on the
initial deploy anyway, but we'd have to set expectations that the ops-file
is only relevant for a bootstrap deploy.
cc @anEXPer <https://github.com/anEXPer>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#58 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AC9t3rCFz-YXoX6ga04ayRfWSq005OW7ks5rvm9rgaJpZM4L17K->
.
from cf-deployment.
anEXPer
commented on June 26, 2024
I suspect (but have not tested) that changing app_domains does affect the DB... but not how users might expect. I suspect it's additive only, which means if you have only one, and you change it, what you will actually get is a second shared domain. CC uses the first shared domain as a default, and the "changed" "app domain" won't be used.
The idea of an "app domain" configuration may have to go away. We'd be adding a concept in manifest tooling that doesn't actually exist in the spec.
from cf-deployment.
Amit-PivotalLabs
commented on June 26, 2024
Yes, it's additive, but the second app domain you add will just be a shared
app domain, not *the default* shared app domain.
It's not ideal to have to seed data in the manifest, since it's very
misleading (changing the value in the manifest makes the manifest no longer
an accurate declaration of the expected or desired state). There's already
a way to add a shared app domain via the cf CLI as an admin. But I can't
think of a great way in the short-term to offer a simple, packaged CF setup
experience which allows operators to seed the app domain(s) while fixing
this misleading issue. Even if you take the apps domains out of the
manifest and into some other declaration that's used to create these
resources, how do you prevent that declaration from becoming misleading?
…On Thu, Apr 13, 2017 at 12:17 PM, Jesse Thomas Alford < ***@***.***> wrote:
I suspect (but have not tested) that changing app_domains does affect the
DB... but not how users might expect. I suspect it's additive only, which
means if you have only one, and you change it, what you will actually get
is a second shared domain. CC uses the first shared domain as a default,
and the "changed" "app domain" won't be used.
The idea of an "app domain" configuration may have to go away. We'd be
adding a concept in manifest tooling that doesn't actually exist in the
spec.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#58 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AC9t3mQd66g47SDdDoxsn8FIAWkJcoP8ks5rvnS-gaJpZM4L17K->
.
from cf-deployment.
dsabeti
commented on June 26, 2024
Howdy folks. Reviving this thread again. I think we can address everything brought up here.
First of all, docs now include an explanation of DNS requirements for deployers: http://docs.cloudfoundry.org/deploying/common/dns_prereqs.html
As for seed value and app domains, we think that this story should prevent stale seed data from living on in deployment manifests, but still allows an out-of-the-box successful deploy:
https://www.pivotaltracker.com/story/show/149282005
How do these sound as solutions?
from cf-deployment.
jleavers
commented on June 26, 2024
It would be good if the docs pointed out exactly where an external LB should point SSH traffic to as well. A user moving to cf-deployment from an older setup might look for proxy_z1 & proxy_z2 and then have to consult the output of bosh instances --ps to find out that ssh_proxy is with diego-brain, for example.
from cf-deployment.
dsabeti
commented on June 26, 2024
I think that's good advice, @jsievers. As I look through that doc, there are few other things that look cf-release-specific, so we should make sure they get updated once cf-deployment is GA.
from cf-deployment.
jsievers
commented on June 26, 2024
@dsabeti I guess you meant @jleavers :)
from cf-deployment.
dsabeti
commented on June 26, 2024
Heh, it seems so. Sorry about that!
from cf-deployment.
dsabeti
commented on June 26, 2024
Hi @jleavers, I made a PR (cloudfoundry/docs-deploying-cf#181) to the docs to describe where the ssh_proxy is located. I'll close the issue.
from cf-deployment.
Related Issues (20)
- Failed to resolve link 'nats' with type 'nats' HOT 3
- cflinuxfs4 Rollout - Step 3: Final removal of cflinuxfs3 / Bionic HOT 1
- Proposal: Support Readiness Healthchecks HOT 11
- Remove erroneous cf CLI bosh release HOT 4
- Missing client_auth property on the cc_logcache_tls certificate HOT 13
- log-cache cert not valid for log-cache.service.cf.internal HOT 1
- Remove Windows2012R2 stack option? HOT 3
- Error when deploying CF using cf-deployment HOT 1
- Compiling package xtrabackup HOT 4
- UAA does not start due to ALTER TABLE oauth_client_details HOT 1
- Deprecation of "Windows Server 2016" stack HOT 1
- Problem on changing system domain after deployment HOT 1
- Whether the deployment domain name can be changed HOT 1
- Configuring external s3 blobstore with instance profile, missing required credential error returns in api HOT 2
- Use Percona XtraDB Cluster 8.0 by default HOT 1
- FIPS validation for cf-deployment HOT 3
- Error: Job 'nats-tls' not found in release 'nats' HOT 2
- Remove operations/experimental/disable-interpolate-service-bindings.yml? HOT 2
- Integrate FIPS stemcell validation into cf-deployment pipeline HOT 2
- Measure CF-D upgrades appropriately with uptimer HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cf-deployment.