I'm using the cf CLI to deploy a spring boot application to Bluemix. I'm getting an error 'RSA premaster secret error' as can be seen here: RSA premaster secret error when using webHDFS from BigInsights on cloud
I'm deploying my application like this:
# Create a Liberty application in Blumemix.
# Set APPNAME (below) to the name of the application.
APPNAME=<<theappname>>
cf login -u cf_username -p cf_password
cf push $APPNAME -p build/libs/myapp.jar
It seems that I need to add a certificate to the truststore - what are the additional steps for doing this? From what I can tell I need to repackage the liberty server to do this.
The above code snippet encapsulates my entire knowledge about liberty, please take that into account when providing an answer. For instance, I have seen some answers suggesting that I need to edit server.xml, but I don't have this file, so presumably I need to create it from scratch, or generate it some how?
I have seen similar questions, but the workflow I'm specifically asking about to add a certificate is when I'm using the cf CLI tools.
There's no one thing to do to accomplish this task, it will require several steps:
1) Ensure Liberty & Spring app works locally. The data below will guide you through ensuring Liberty & Spring are setup correctly:
How to use Websphere liberty in spring boot application
http://www.adeveloperdiary.com/java/spring-boot/deploy-spring-boot-application-ibm-liberty-8-5/
2) Configure security for your app in Liberty:
https://www.ibm.com/support/knowledgecenter/SSAW57_9.0.0/com.ibm.websphere.nd.multiplatform.doc/ae/tsec_7add_signercert.html
3) Deploy a packaged server to Bluemix from the CF command line:
https://console.ng.bluemix.net/docs/runtimes/liberty/optionsForPushing.html
Related
I deploy a web app to a local cloudfoundry environment. As a database service for my DEV environment I have chosen a Marketplace service google-cloudsql-postgres with the plan postgres-db-f1-micro. Using the Web UI I created an instance with the name myapp-test-database and mentioned it in the CF Manifest:
applications:
- name: myapp-test
services:
- myapp-test-database
At first, all is fine. I can even redeploy the existing artifact. However, when I build a new version of my app and push it to CF, the injected credentials are updated and the app can no longer access the tables:
PSQLException: ERROR: permission denied for table
The tables are still there, but they're owned by the previous user. They were automatically created by the ORM in the public schema.
While the -OLD application still exists I can retrieve the old username/password from the CF Web UI or $VCAP_SERVICES and drop the tables.
Is this all because of Rolling App Deployments? But then there should be a lot of complaints.
If you are strictly doing a cf push (or restart/restage), the broker isn't involved (Cloud Controller doesn't talk to it), and service credentials won't change.
The only action through cf commands that can modify your credentials is doing an unbind followed by a bind. Many, but not all, service brokers will throw away credentials on unbind and provide new, unique credentials for a bind. This is often desirable so that you can rotate credentials if credentials are compromised.
Where this can be a problem is if you have custom scripts or cf cli plugins to implement rolling deployments. Most tools like this will use two separate application instances, which means you'll have two separate bindings and two separate sets of credentials.
If you must have one set of credentials you can use a service key to work around this. Service keys are like bindings but not associated with an application in CloudFoundry.
The downside of the service key is that it's not automatically exposed to your application, like a binding, through $VCAP_SERVICES. To workaround this, you can pass the service key creds into a user-provided service and then bind that to your application, or you can pass them into your application through other environment variables, like DB_URL.
The other option is to switch away from using scripts and cf cli plugins for blue/green deployment and to use the support that is now built into Cloud Foundry. With cf cli version 7+, cf push has a --strategy option which can be set to rolling to perform a rolling deployment. This does not create multiple application instances and so there would only ever exist one service binding and one set of credentials.
Request a static username using the extra bind parameter "username":
cf bind-service my-app-test-CANDIDATE myapp-test-database -c "{\"username\":\"myuser\"}"
With cf7+ it's possible to add parameters to the manifest:
applications:
- name: myapp-test
services:
- name: myapp-test-database
parameters: { "username": "myuser" }
https://docs.cloudfoundry.org/devguide/services/application-binding.html#arbitrary-params-binding
Note: Arbitrary parameters are not supported in app manifests in cf CLI v6.x. Arbitrary parameters are supported in app manifests in cf CLI v7.0 and later.
However, I can't find the new syntax here: https://docs.cloudfoundry.org/devguide/deploy-apps/manifest-attributes.html#services-block . The syntax I use comes from some other SO question.
Recently, I started seeing an issue when trying to setup secure gateway within API Connect on IBM Cloud, I previously had it working but looks like they changed this wizard interface and its broken since then
here is what I did to recreate the issue:
Setup new APIC instance on IBM Cloud
API connect Manager UI > Admin > Secure Gateways > Add (name & save)
once created, in Secure Gateway Clients section, click on +Set Up
I see no ID or Token generated
no matter what type of client I choose (DataPower, Docker or Installer)
Anyone facing the same issue?
Empty ID and Token when trying to setup Secure Gateway Client
turned out that creating SecureGateway from within the APIC is deprecated feature anyway.
you will need to create standalone SecureGateway resource on Bluemix and call it from your API assembly.
here is the instructions
https://www.ibm.com/support/knowledgecenter/en/SSFS6T/com.ibm.apic.apionprem.doc/task_api_secure_gateway.html
I have installed CF on virtualbox using BOSH. Now I would like to use CF CLI and install an application on CF. For that, I am following instructions here: https://github.com/cloudfoundry/cf-deployment/blob/master/deployment-guide.md
It suggests to run "credhub login" and get the CF credentials to log in to CF. However, credhub login does not work. It doesn't identify the credhub command. My understanding is that credhub gets installed along with CF during deployment process which doesn't seem to be the case.
I am wondering how do i fetch the admin password for Cloud Foundry that I just installed on a virtualbox using bosh as credhub doesn't seem to work.
I also don't see a password for CF in credhub.yml in bosh-deployment folder.
I am not sure how this works. Any help would be highly appreciated.
I'm using Fabric v0.6 on Bluemix and composer-ui on my local machine. I was able to make my model and logic files and deployed them to my Blockchain network on Bluemix. Now I want to invoke the chaincode I deployed with composer from an app that is already running on Bluemix (node.js), not from the composer-ui. How would I approach this?
I have seen a sample app here: https://github.com/hyperledger/composer-sample-applications/tree/master/packages/getting-started
But it requires this configuration file: https://github.com/hyperledger/composer-sample-applications/blob/master/packages/getting-started/config/default.json
And that configuration file specifies the connectionProfile, which I guess is the connection profile I created on composer-ui to connect to my Blockchain service on Bluemix.
Do I need to have Fabric Composer running in order to invoke the chaincode? Or is there anyway to invoke my chaincode completely independent from the composer runtime?
Couple of options:
Use the composer-rest-server and write your front-end application against a domain specific REST API
Pass the connection profile information into the Composer JS composer-client API using an environment variable. See: https://github.com/hyperledger/composer/issues/602
Hi I am trying to deploy the Custom Login application give in
Github
to Bluemix I deployed the .wlapp to the container. But I could not deploy the AuthAdapter provided. It is failing to get deployed.
Keeping that aside I tried to deploy the starter application provided in the
https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/ibm-containers/sample-app/
It is giving Error shown is as below
The request is coming to my localhost mobilefirst server
What should I do to solve this problem and get the apps deployed on bluemix mfp container
How to deploy custom auth adapters which is not getting deployed to Bluemix
You did not mention if you are using the pre-configured evaluation container, or your own container.
Pre-configured: https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/ibm-containers/evaluate/
Your own container: https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/ibm-containers/run/
You can't open a question and say "deployment fails". It's not going to help anyone solve your problem. mention the error you're getting during the deployment attempt.
An "auth adapter" implies it is using some security test(s). If your server on Bluemix (see "your own container") was not configured correctly with said security test(s) in its authenticationConfig.xml file, this could fail an adapter deployment.
The screen shot in your question clearly shows a CORS issue. Chrome does not allow CORS (attempting to get data for different domains).
Make sure that your application points to the correct server - not your local host one, since you want to use your Bluemix server, right? So in its worklight.plist file or wlclient.properties file, make sure the wlHost property is pointing to the correct server.