Friday, February 16, 2018

SSH ing into PCF application and service instances


Developers normally dont have to SSH into the pcf application or services. they normally view logs using cf logs. However if you really have to ssh into instances to troubleshoot something, then here are the steps. 

First you should have access to SSH into the application. Typically this depends upon your role. you can use the following commands to enable or disable ssh. ssh access can be provided at the app level or space level. 

Please find the below basic commands for enabling or disabling ssh access. 


SSHing directly using CF command
cf enable-ssh <app name>
cf disable-ssh <app name>
cf allow-space-ssh <space name>
cf disallow-space-ssh <space name>
cf ssh-enabled userservice
cf space-ssh-allowed pcfdev-space


Now that you have access to SSH, we can see the following
1. SSH into applications
2. SSH into service instances (such as database services )

1. —— SSH ing into apps ——

There are 2 ways to SSH one using CF CLI and other not using CF CLI (basically other ways). 
Accessing SSH without CF CLI

cf ssh <app name> -I <instance number to login> (optional)

$ cf ssh userservice

vcap@6fe377f0-43cd-4631-641f-c87ac239069e:~$ ls
app  logs  staging_info.yml  tmp


Get the GUID of the application. 
$ cf app userservice --guid
355aa3f0-2d28-4c52-a537-980e9d02f97e

Get the environmental information. 
$ cf curl /v2/info
{
   "name": "pcfdev",
   "build": "037c3c92eaf4bcab911fb12f09b0cdd464c0a9b2",
   "support": "pcfdev@pivotal.io",
   "version": 0,
   "description": "",
   "authorization_endpoint": "https://login.local.pcfdev.io",
   "token_endpoint": "https://uaa.local.pcfdev.io",
   "min_cli_version": null,
   "min_recommended_cli_version": null,
   "api_version": "2.65.0",
   "app_ssh_endpoint": "ssh.local.pcfdev.io:2222",
   "app_ssh_host_key_fingerprint": "a6:d1:08:0b:b0:cb:9b:5f:c4:ba:44:2a:97:26:19:8a",
   "app_ssh_oauth_client": "ssh-proxy",
   "routing_endpoint": "https://api.local.pcfdev.io/routing",
   "logging_endpoint": "wss://loggregator.local.pcfdev.io:443",
   "doppler_logging_endpoint": "wss://doppler.local.pcfdev.io:443",
   "user": "89bbff6f-bda1-4efe-b38a-2cc6f020217b"
}

Get the ssh-code
$ cf ssh-code
DhqVXotyRA

SSH into the instance provide the guid, and serverinformation, also provide the ssh-code obtained as the password. 
$ ssh -p 2222 cf:355aa3f0-2d28-4c52-a537-980e9d02f97e/0@ssh.local.pcfdev.io
cf:355aa3f0-2d28-4c52-a537-980@ssh.local.pcfdev.io's password: 
vcap@6fe377f0-43cd-4631-641f-c87ac239069e:~$ 


Now that we know how to ssh into the application, we can have a look at ssh ing into the services. 
—— SSH ing into services ——

View the services
$ cf services
Getting services in org pcfdev-org / space pcfdev-space as user...
OK

name      service   plan    bound apps    last operation
user-db   p-mysql   512mb   userservice   create succeeded

Create a service key, mention the service instance id and a service key. 
$ cf create-service-key user-db EXTERNAL-ACCESS-KEY
Creating service key EXTERNAL-ACCESS-KEY for service instance user-db as user...
OK

Get the service details using the key. 
$ cf service-key user-db EXTERNAL-ACCESS-KEY
Getting key EXTERNAL-ACCESS-KEY for service instance user-db as user...

{
 "hostname": "mysql-broker.local.pcfdev.io",
 "jdbcUrl": "jdbc:mysql://mysql-broker.local.pcfdev.io:3306/cf_05a179d8_9b8f_470f_9b81_14e4b4877c8b?user=FfbDMZl571mskftA\u0026password=MyfJQwpcq82lyJfh",
 "name": "cf_05a179d8_9b8f_470f_9b81_14e4b4877c8b",
 "password": "MyfJQwpcq82lyJfh",
 "port": 3306,
 "uri": "mysql://FfbDMZl571mskftA:MyfJQwpcq82lyJfh@mysql-broker.local.pcfdev.io:3306/cf_05a179d8_9b8f_470f_9b81_14e4b4877c8b?reconnect=true",
 "username": "FfbDMZl571mskftA"
}

ssh into the service instance by providing the server details and the app name that it is bound to.
$ cf ssh -L 63306:mysql-broker.local.pcfdev.io:3306 userservice
vcap@6fe377f0-43cd-4631-641f-c87ac239069e:~$ ls
app  logs  staging_info.yml  tmp
vcap@6fe377f0-43cd-4631-641f-c87ac239069e:~$ 


Happy SSHing into your apps and services.

No comments:

Post a Comment