Jan 10, 2017 Connecting to an App Container in Cloud Foundry
You may find yourself in need to connect to a container running on either a DEA runner or Diego Cell. There are two different methods depending on which backend you use which are listed below.
Connect via ssh to one of the runners.
bosh ssh runner_z1/0
Switch to the root user and obtain the list of all Warden information on the server, including app and service credentials:
sudo -i cat /var/vcap/data/dea_next/db/instances.json
The output will appear similar to this:
... "application_id": "b39f03c7-27c5-4239-86fd-bfb8dd194489", "application_version": "d2cf9c78-c7f3-4280-8877-5e44c267e0e2", "application_name": "my-awesome-cf-app-3", "application_uris": [ "my-awesome-cf-app-3-release-candidate.run.aws.domain.io" ], "droplet_sha1": "c8bd3a6bc98bf8fd6e6e9b03c5eb690db07d263d4", "state": "RUNNING", "warden_job_id": 51, "warden_container_path": "/var/vcap/data/warden/depot/1a5lipbhhrt", "warden_host_ip": "10.54.0.69", ...
warden_container_path for the application you wish to connect to, navigate to this folder and connect to the container:
cd /var/vcap/data/warden/depot/1a5lipbhhrt ./bin/wsh root@1a5lipbhhrt:~#
You are now connected as the
root user on the application and debug as you wish. Simply exit when done.
When running against Diego the list of applications running on a particular cell is not as easily discovered. One way of doing this is to add
toolbelt-veritas onto the
database_z* job in the Diego deployment. If you aren't familiar with the
toolbelt release it is located here: https://github.com/cloudfoundry-community/toolbelt-boshrelease
Start by connecting to one of the Diego
bosh ssh database_z1/0
Now you can connect to veritas and dump the list of applications and cells they are running on. If you are using a newer version of Cloud Foundry you likely have certificates and keys to communicate with BBS which need to be exported. Below should leverage default values for a straight copy-paste:
export BBS_CERT_FILE=/var/vcap/jobs/bbs/config/certs/server.crt export BBS_KEY_FILE=/var/vcap/jobs/bbs/config/certs/server.key export BBS_ENDPOINT=https://bbs.service.cf.internal:8889 veritas dump-store
This will output similar to:
Tasks LRPs 521b47f5-48fd-4054-8c10-a50a1b2c34b4-8ea82812-a6ff-4f27-bfd8-c764ea0627ad 6 preloaded:cflinuxfs2 (256 MB, 1024 MB, 3 CPU) 8080 => cw-diego.run.aws.domain.io 0: d9a451d6-9d27-4699-4866-d7ccf828b635 cell_z1-9 [RUNNING for 15h25m22.374563333s] 1: 83afe77a-9b8a-48fd-7570-b7dae67e72eb cell_z2-0 [RUNNING for 26m44.413924206s] 2: d11191ef-65d4-4705-5c1b-47532180efd0 cell_z1-6 [RUNNING for 26m44.289806726s] 3: 5f0a000f-ec80-4c1a-56dd-e3a67154fafd cell_z2-3 [RUNNING for 26m45.111574374s] 4: f1ee061a-84d8-47ad-77c4-6feab22c4a70 cell_z1-5 [RUNNING for 26m44.371298781s] 5: 455cbf70-566f-4e3a-4444-2645f9a2c7ff cell_z2-1 [RUNNING for 26m45.056561196s] ...
Let's assume you want to attach to this application on
cell_z2-3, number 3 on the list. Connect to the server:
bosh ssh cell_z2/3
gaol to connect to the guid for the instance of the application on this cell:
gaol shell 5f0a000f-ec80-4c1a-56dd-e3a67154fafd #
You are now connected as the
There are several ways to get this information using the
ccdb, various API calls, etc. This is simply one way of finding which applications are running on a runner or cell and connecting to them. Enjoy!