I am getting the below response while calling /businesspartners api after deploying s4sdk app to cf.
I was able to test this app by deploying locally (after ALLOW_MOCKED_AUTH_HEADER: true), so i deployed the appl'n to cloud foundry, and tried using destinations service(insted of env), below are the steps that i followed.
step 1: Set up the cloud connector
step 2: Create service instance of xsuaa and destinations
step 3: Refer this in app yaml file
step 4: Push the package to cloud. (mvn clean package; cf push)
step 5: Now i went ahead and configured destinations; (app>> service instance>>destinations)
Here i couldn't test the connectivity, when i pressed "check connection" i was getting the below error:
How do i test this connection?
step 6: With the belief that the connection is working i went ahead and restarted the app, and started testing api's. the app was up but when i was getting above(fig.1) error.
step 7: Tried looking at the logs, and notices the below to errors
could anyone help over here to resolve this issue..?
Tried with setting "ALLOW_MOCKED_AUTH_HEADER" -> same two issue
Tried removing properties in destinations, but same errors.
Could not try with destinations variable in CF, as our S4 system is not publicly opened, so tried it locally it works.
Tried with Neo, it works both locally and on cloud.
But after pushing to CF, couldn't manage to run
Thanks,
Girish
You additionally need to bind your application to an instance of the connnectivity service on Cloud Foundry to communicate via the Cloud Connector. This is mentioned, albeit a bit hidden, in the error message "Failed to get connectivity service credentials: no service binding found".
Create a service instance with cf create-service connectivity lite my-connectivity.
Add the name of this instance to the section services in your manifest.yml file.
If you still face issues afterwards, please also try to remove the proxyPort and proxyHost properties from your destination. Those should not be required.
For more details about on-premise connectivity on SAP Cloud Platform Cloud Foundry, consult the following blog post.
Related
I am trying to move my backend API app (node.js express server) from Heroku to AWS Elastic Beanstalk. But I did not realize the amount of features that Heroku was providing automatically and which I now have to set up manually in AWS.
So here is the list of features which I discovered were missing in AWS and the solutions I have implemented.
Could you please let me know if I am missing something in order to run smoothly my APIs in AWS and get the equivalent of what I had in Heroku?
auto-restart server when crashed : I am using PM2 to automatically restart my server in case of critical error
SSL certificate : I am using AWS ACM certificate,
logging : have inserted the datadog agent in order to receive logs in datadog
logging response time : I have added the "morgan-body" package to get each requests' duration and response code (had to manually filter the AWS healthchecks and search engine bots, because AWS gave me an IP adress which was visited constatntly by Baidu bots)
server timeout : I have implemented a 1200000ms timeout on the whole app (any better option ?)
auto deploy from Github : I have implemented a github automation to deploy code automatically (better options?)
Am I missing something? This app is already live so I do not want to put my customers at risk when I will move from Heroku to AWS...
Thanks for your help!
I believe you are covered:
Heroku Dynos restart after crashing or raising an error (Heroku Restarting Policy)
SSL certificates are provided for free
logging: Heroku supports various plugins, including Datadog
response time (in millisec) is logged automatically
HTTP timeout is 30 sec (it cannot be changed)
deploy from Github is possible (connecting the accounts), Docker deployment is also supported. Better options? Using Github Actions to deploy a new version after code push or tagging.
If you are migrating a production environment I strongly suggest first to setup a Heroku (Free) Dyno to test and verify all your needs are satisfied.
I'm trying to connect to s4 hana system using s4 sdk. While executing calls via .execute() method in cloud foundry environment, i see below error logs:
Caused by: com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to get authentication headers. Destination service returned error: Missing private and public key for subaccount ******-****-****-***-*******.
Note: I've already configured trust between subaccount and S4Hana system and created respective communication and business user. The associated authentication method used in the destination is oAuth2SamlBearerAssertion. Note: The call executes fine in both local and cloud foundry environment with basic authentication.
Can someone please suggest what is wrong here.
As correctly pointed out by #Dennis H there was a problem in trust configuration between my subaccount and S4 Hana system, the configuration wrong in my case :
-> The certificate I downloaded for trust was using this URL:
https://.authentication.eu10.hana.ondemand.com/saml/metadata
This is incorrect we need to get the certificate from download trust button in destination tab at subaccount level
->Provider name was incorrect in the communication system.
We are developing a side-by-side extension app and deploying it to CF. Our app is trying to connect to S4HANA cloud system using oAUTH2SAMLBEARERASSERTION. But facing issues while doing it. We are getting below error in logs. Please be noted, we are able to connect to S4HANA Cloud using basic auth.
com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to access the configuration of destination
Our destination parameters look as attached screenshotenter image description here
Thank you.
Web API has GlobalConfiguration.Configuration.IncludeErrorDetailPolicy
= IncludeErrorDetailPolicy.Always; to turn on remote errors. (Allowing them to see them in a browser even if you are not browsing on the local machine.
But, near as I can tell, Service Fabric, running Web Api, does not support GlobalConfiguration.
Is there a way to configure things so I don't have to log into one of my Service Fabric server machines each time I want to see what a services error message is?
I recommend you don't show error details to everyone.
It's a security risk.
Consider moving your error logs out of your cluster. For instance, by using OMS, ELK or Application Insights.
I am trying to learn my way of developing a REST app via Spring Boot framework using the AWS Elastic Beanstalk infrastructure. I am using the IntelliJ IDE to develop and test the app on my local box before deploying it to the AWS Elastic BeanStalk server. I am trying to talk to the AWS RDS instance in my app. With the following code snippets my app is able to talk to RDS instance when deployed and run against my local box but gives me http 404 when deployed on the AWS server which i guess is because the deploy failed due to failure to connect to the RDS instance from AWS.
Project POM file
Application Properties file
User Repository file
I am looking for a correct way to configure these secrets so that they are not present in the git. Ideally take it from AWS environment variables defined for the instance but i am not able to figure out how the spring boot application properties files can access AWS Elastic BeanStalk environment configuration variables.
I have read some documents and tutorials but not exactly able to figure this out. Like Spring Cloud SDK, Sample Spring Boot AWS App
[Edit 1] To provide more information, I was able to ssh into the box and observe the logs. The point of interest is :
Caused by: com.amazonaws.AmazonServiceException: User: arn:aws:sts::486695215273:assumed-role/aws-elasticbeanstalk-ec2-role/i-dc86381f is not authorized to perform: cloudformation:DescribeStackResources (Service: AmazonCloudFormation; Status Code: 403; Error Code: AccessDenied; Request ID: 1ee8c03b-ecd4-11e5-9fe1-378ce4cb26d3)
[Edit 2] After adding AWSCloudFormationReadOnlyAccess security policy in the required policy,
Stack for i-dc86381f does not exist (Service: AmazonCloudFormation; Status Code: 400; Error Code: ValidationError; Request ID: f579cc15-ecd4-11e5-a20b-114992e25084)
My template file as mentioned in AWSCloudFormation is My Template File
Configuring Elastic Beanstalk "secrets", or environment variables, can be done via the cli or via the GUI. For the cli use:
eb setenv ExampleVar=ExampleValue
Which is pretty straight forward. Docs here: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/eb3-setenv.html
To do it via the GUI you'll navigate to your application and the desired environment, click on Configuration in the left hand menu. Click the gear icon on the "Software Configuration" panel, and you'll be taken to the the configuration page where you can set "Environment Properties", which are key/value pairs... You can set a property name and then the property value and when you click "apply" they'll be applied to your environment and then your application can access them however it would normally access environment variables in production.
I am new to Cloud Foundry and I want to set up a local CF instance in Vagrant. I followed the steps described in http://docs.cloudfoundry.org/deploying/boshlite/ and got a local instance up and running. I am also able to deploy a simple Ruby app into CF.
Now I want to deploy the Spring sample application from https://docs.cloudfoundry.org/buildpacks/java/gsg-spring.html into CF for which I need a ClearDB database service.
Using the command proposed to create a service instance cf create-service cleardb spark mysql I get the following error:
Creating service instance mysql in org test-org / space test-space as admin...
FAILED
Service offering cleardb not found
When I check my service marketplace in my CF installation with cf marketplace I get
Getting services from marketplace in org test-org / space test-space as admin...
OK
No service offerings found
This brings me to the suggestion that there are "no services installed". So my question is: how can I install a clearDB service in a local CF environment - and is this possible at all, since the Github projects says something like
Prior to deployment, the operator should define three subnets via their infrastructure provider. The MySQL release is designed to be deployed across three subnets to ensure availability in the event of a subnet failure. During installation, a fourth subnet is required for compilation vms.
Any help / resource is highly appreciated. Thanks a lot!
Cloud Foundry as a Pivotal-sponsored open source project predates Cloud Foundry as its own independent open source project, so what you're seeing is actually shared documentation that still has some references specific to Pivotal Web Services: http://docs.run.pivotal.io/buildpacks/java/gsg-spring.html. I'd encourage you to raise the issue against the buildpacks documentation repo (https://github.com/cloudfoundry/docs-buildpacks/issues), you can reference this search result: https://github.com/cloudfoundry/docs-buildpacks/search?utf8=%E2%9C%93&q=cleardb
All it means is you need a MySQL database service. Hosted Cloud Foundry offerings often have ready-to-go MySQL service offerings (such as ClearDB) in their marketplaces; if you're deploying your own Cloud Foundry then you have a couple options.
Provision a MySQL database externally (not as part of your BOSH-Lite), and bind it to your application as a "user-provided service": https://docs.cloudfoundry.org/devguide/services/user-provided.html
Deploy your own MySQL service to BOSH-Lite and register a service broker. Here's a release that's ready to use, with instructions for deploying: https://github.com/cloudfoundry/cf-mysql-release