Develop Reference

consul deregister_critical_service_after is not woring

Hello everyone I have a healthcheck on my consul service, my goal is whenever the service is unhealthy then the consul should remove them from the service catalog.
Bellow is my config
{
"service": {
"name": "api",
"tags": [ "api-tag" ],
"port": 80
},
"check": {
"id": "api_up",
"name": "Fetch health check from local nginx",
"http": "http://localhost/HealthCheck",
"interval": "5s",
"timeout": "1s",
"deregister_critical_service_after": "15s"
},
"data_dir": "/consul/data",
"retry_join": [
"192.168.0.1",
"192.168.0.2",
]
}
Thanks for all the helps

The reason the service is not being de-registered is that the check is being specified outside of the service {} block in your JSON. This makes the check a node-level check, not a service-level check.
Here's a pretty-printed version of the config you provided.
{
"service": {
"name": "api",
"tags": [
"api-tag"
],
"port": 80
},
"check": {
"id": "api_up",
"name": "Fetch health check from local nginx",
"http": "http://localhost/HealthCheck",
"interval": "5s",
"timeout": "1s",
"deregister_critical_service_after": "15s"
},
"data_dir": "/consul/data",
"retry_join": [
"192.168.0.1",
"192.168.0.2",
]
}
Below is the configuration you should be using in order to correctly associate the check with the configured service, and de-register the service after the check has been marked as critical for more than 15 seconds.
{
"service": {
"name": "api",
"tags": [
"api-tag"
],
"port": 80,
"check": {
"id": "api_up",
"name": "Fetch health check from local nginx",
"http": "http://localhost/HealthCheck",
"interval": "5s",
"timeout": "1s",
"deregister_critical_service_after": "15s"
}
},
"data_dir": "/consul/data",
"retry_join": [
"192.168.0.1",
"192.168.0.2"
]
}
Note this statement from the docs for DeregisterCriticalServiceAfter.
If a check is in the critical state for more than this configured value, then its associated service (and all of its associated checks) will automatically be deregistered. The minimum timeout is 1 minute, and the process that reaps critical services runs every 30 seconds, so it may take slightly longer than the configured timeout to trigger the deregistration. This should generally be configured with a timeout that's much, much longer than any expected recoverable outage for the given service.

what is the password for accessing apps that binded with config service in pivotal cloud foundry

I am very new to spring boot in pivotal cloud foundry. I am able to deploy the apps and bind them to config-server. When i access the app, it is asking for login details. I tried with pivotal credentials it didn't worked. I am struggling from days to find the credentials for this. Can someone help where can i find the username and password.
I have checked VCAP_SERVICES env variable but no luck. Below is my VCAP_SERVICES
{
"VCAP_SERVICES": {
"p-config-server": [
{
"binding_name": null,
"credentials": {
"access_token_uri": "https://p-spring-cloud-services.uaa.run.pivotal.io/oau
th/token",
"client_id": "p-config-server-066a4553-a934-4d52-b016-30e2ab7e6d90",
"client_secret": "rHnPwJj613pP",
"uri": "https://config-da1be911-4c82-41a3-a3bd-0b06ea295480.cfapps.io"
},
"instance_name": "config-server",
"label": "p-config-server",
"name": "config-server",
"plan": "trial",
"provider": null,
"syslog_drain_url": null,
"tags": [
"configuration",
"spring-cloud"
],
"volume_mounts": []
}
],
"p-service-registry": [
{
"binding_name": null,
"credentials": {
"access_token_uri": "https://p-spring-cloud-services.uaa.run.pivotal.io/oau
th/token",
"client_id": "p-service-registry-ae9f69cf-258d-45ea-821e-1fa4db37f1a3",
"client_secret": "XJOLKHZqwssd",
"uri": "https://eureka-89a144f4-7dc7-4b6d-8152-c4414b748ec0.cfapps.io"
},
"instance_name": "service-registry",
"label": "p-service-registry",
"name": "service-registry",
"plan": "trial",
"provider": null,
"syslog_drain_url": null,
"tags": [
"eureka",
"discovery",
"registry",
"spring-cloud"
],
"volume_mounts": []
}
]
}
}
{
"VCAP_APPLICATION": {
"application_id": "1b398fd8-61f2-47e3-875d-d3fe7574513a",
"application_name": "customer-service",
"application_uris": [
"customer-service-demo.cfapps.io"
],
"application_version": "d0243f11-b7af-4bb3-b3a3-b7a4c95e6298",
"cf_api": "https://api.run.pivotal.io",
"limits": {
"disk": 1024,
"fds": 16384,
"mem": 1024
},
"name": "customer-service",
"organization_id": "8e425cae-75a0-433a-a8a7-79c4f81d7c85",
"organization_name": "MSA_springboot",
"process_id": "1b398fd8-61f2-47e3-875d-d3fe7574513a",
"process_type": "web",
"space_id": "8902b90c-9964-4f9d-b426-ca1635589ebe",
"space_name": "development",
"uris": [
"customer-service-demo.cfapps.io"
],
"users": null,
"version": "d0243f11-b7af-4bb3-b3a3-b7a4c95e6298"
}
}
User-Provided:
SPRING_PROFILES_ACTIVE: dev
No running env variables have been set
No staging env variables have been set```[enter image description here][1]
[1]: https://i.stack.imgur.com/9kNWC.png

Lambda cannot connect to RDS in VPC

I have a VPC with RDS available in a private subnet. I can connect to this from an EC2 box from within the subnet. However, my Lambdas cannot connect!
Please could you look at the following configuration and spot my mistake?
Lambda config:
$ aws lambda get-function-configuration --function-name test
{
"FunctionName": "test",
"Role": "arn:aws:iam::xxxx:role/lambda_role",
...
"VpcConfig": {
"SubnetIds": [
"subnet-00f3f0cb6957dbefa",
"subnet-0d3d2cf4df53a862f"
],
"SecurityGroupIds": [
"sg-018da51b77f57eabf"
],
"VpcId": "vpc-0704ca4d3f652fe9e"
},
...
"RevisionId": "e55b6fa2-998a-4b18-a620-69a218882b4e"
}
Execution role:
$ aws list-attached-role-policies --role-name lambda_role
{
"AttachedPolicies": [
{
"PolicyName": "AWSLambdaVPCAccessExecutionRole",
"PolicyArn": "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
}
]
}
VPC:
$ aws ec2 describe-vpcs --vpc-ids vpc-0704ca4d3f652fe9e
{
"Vpcs": [
{
"CidrBlock": "10.1.0.0/16",
"DhcpOptionsId": "dopt-7764271f",
"State": "available",
"VpcId": "vpc-0704ca4d3f652fe9e",
"InstanceTenancy": "default",
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0c110a5fa85eb8883",
"CidrBlock": "10.1.0.0/16",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": false,
"Tags": []
}
]
}
Security Group:
$ aws ec2 describe-security-groups --group-ids sg-018da51b77f57eabf
{
"SecurityGroups": [
{
"Description": "Security group for Lambdas",
"GroupName": "lambda-sg",
"IpPermissions": [],
"OwnerId": "xxxxx",
"GroupId": "sg-018da51b77f57eabf",
"IpPermissionsEgress": [
{
"FromPort": 0,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 65535,
"UserIdGroupPairs": []
}
],
"VpcId": "vpc-0704ca4d3f652fe9e"
}
]
}
RDS security group (specifies both public and private subnets):
$ aws ec2 describe-security-groups --group-ids sg-0fbf7205b5d5fa98c
{
"SecurityGroups": [
{
"Description": "Security group for RDS instance",
"GroupName": "rds-sg",
"IpPermissions": [
{
"FromPort": 3306,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.1.2.0/24"
},
{
"CidrIp": "10.1.1.0/24"
},
{
"CidrIp": "10.1.4.0/24"
},
{
"CidrIp": "10.1.3.0/24"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 3306,
"UserIdGroupPairs": []
}
],
"OwnerId": "xxxxxx",
"GroupId": "sg-0fbf7205b5d5fa98c",
"IpPermissionsEgress": [],
"VpcId": "vpc-0704ca4d3f652fe9e"
}
]
}
Linked:
AWS Lambda Function not joining VPC

Try to enable ICMP on any security group and any network ACL. It could simply be a PMTUD blackhole situation.

Enable HTTP check on External Services Consul

I want to run HTTP checks on services registered as External Services with consul.So far the check gets registered but is never called.
What am I missing.
{
"Datacenter": "dc1",
"Node": "new",
"Address": .google.com",
"Service": {
"ID":"re",
"Service": "search2",
"Port": 80
},
"Check":{
"Node":"new",
"CheckID":"Test",
"HTTP":"http://www.google",
"ServiceID":"re"
}
}

You have to specify Interval to check service health.You can do it as follows:
For TCP port check:
{
"check": {
"id": "http",
"name": "http TCP on port 80",
"tcp": "localhost:80",
"interval": "10s",
"timeout": "1s"
}
}
For HTTP api check:
{
"check": {
"id": "api",
"name": "HTTP API on port 5000",
"http": "https://localhost:5000/health",
"tls_skip_verify": false,
"method": "POST",
"header": {"x-foo":["bar", "baz"]},
"interval": "10s",
"timeout": "1s"
}
}

DC/OS marathon Virtual network not working

I installed DC/OS with 3 masters and 3 agents and face a problem with virtual networking. Here is my Marathon app spec:
{
"id": "/nginx",
"cmd": null,
"cpus": 1,
"mem": 128,
"disk": 0,
"instances": 1,
"container": {
"type": "DOCKER",
"volumes": [],
"docker": {
"image": "nginx",
"network": "BRIDGE",
"portMappings": [
{
"containerPort": 80,
"hostPort": 0,
"servicePort": 10002,
"protocol": "tcp",
"name": "main1",
"labels": {
"VIP_0": "9.0.0.0:34562"
}
}
],
"privileged": false,
"parameters": [],
"forcePullImage": false
}
},
"portDefinitions": [
{
"port": 10002,
"protocol": "tcp",
"labels": {}
}
]
}
I see the following in the DC/OS virtual network section:
VIRTUAL NETWORK NAME | SUBNET | AGENT PREFIX LENGTH
dcos 9.0.0.0/8 24
The containers stays in waiting for a long time. If I remove the port mapping section it runs successfully.
Basically I need to know how to work with this new virtual network, and fix the service discovery and load balancing without using any extra stuff.

Took me some time to figure it out as well...
You need to:
Remove all ports assignment in the task definition
Describe the name of the network to attach to (default network created is named "dcos")
{
"id": "yourtask",
"container": {
"type": "DOCKER",
"docker": {
"image": "your/image",
"network": "USER"
}
},
"acceptedResourceRoles" : [
"slave_public"
],
"ipAddress": {
"networkName": "dcos"
},
"instances": 2,
"cpus": 0.2,
"mem": 128
}