Connecting to an App Container in Cloud Foundry

You may find yourself in need to connect to a container running on either a DEA runner or Diego Cell. There are two different methods depending on which backend you use which are listed below.

DEA Runner

Connect via ssh to one of the runners.

bosh ssh runner_z1/0

Switch to the root user and obtain the list of all Warden information on the server, including app and service credentials:

sudo -i
cat /var/vcap/data/dea_next/db/instances.json

The output will appear similar to this:

...
"application_id": "b39f03c7-27c5-4239-86fd-bfb8dd194489",
"application_version": "d2cf9c78-c7f3-4280-8877-5e44c267e0e2",
"application_name": "my-awesome-cf-app-3",
"application_uris": [
  "my-awesome-cf-app-3-release-candidate.run.aws.domain.io"
],
"droplet_sha1": "c8bd3a6bc98bf8fd6e6e9b03c5eb690db07d263d4",
"state": "RUNNING",
"warden_job_id": 51,
"warden_container_path": "/var/vcap/data/warden/depot/1a5lipbhhrt",
"warden_host_ip": "10.54.0.69",
...

Observe the warden_container_path for the application you wish to connect to, navigate to this folder and connect to the container:

cd /var/vcap/data/warden/depot/1a5lipbhhrt
./bin/wsh
[email protected]:~#

You are now connected as the root user on the application and debug as you wish. Simply exit when done.

Diego Cell

When running against Diego the list of applications running on a particular cell is not as easily discovered. One way of doing this is to add toolbelt-veritas onto the database_z* job in the Diego deployment. If you aren’t familiar with the toolbelt release it is located here: https://github.com/cloudfoundry-community/toolbelt-boshrelease

Start by connecting to one of the Diego database instances:

bosh ssh database_z1/0

Now you can connect to veritas and dump the list of applications and cells they are running on. If you are using a newer version of Cloud Foundry you likely have certificates and keys to communicate with BBS which need to be exported. Below should leverage default values for a straight copy-paste:

export BBS_CERT_FILE=/var/vcap/jobs/bbs/config/certs/server.crt
export BBS_KEY_FILE=/var/vcap/jobs/bbs/config/certs/server.key
export BBS_ENDPOINT=https://bbs.service.cf.internal:8889
veritas dump-store

This will output similar to:

Tasks
LRPs
  521b47f5-48fd-4054-8c10-a50a1b2c34b4-8ea82812-a6ff-4f27-bfd8-c764ea0627ad
    6 preloaded:cflinuxfs2 (256 MB, 1024 MB, 3 CPU)
      8080 => cw-diego.run.aws.domain.io
       0: d9a451d6-9d27-4699-4866-d7ccf828b635 cell_z1-9 [RUNNING for 15h25m22.374563333s]
       1: 83afe77a-9b8a-48fd-7570-b7dae67e72eb cell_z2-0 [RUNNING for 26m44.413924206s]
       2: d11191ef-65d4-4705-5c1b-47532180efd0 cell_z1-6 [RUNNING for 26m44.289806726s]
       3: 5f0a000f-ec80-4c1a-56dd-e3a67154fafd cell_z2-3 [RUNNING for 26m45.111574374s]
       4: f1ee061a-84d8-47ad-77c4-6feab22c4a70 cell_z1-5 [RUNNING for 26m44.371298781s]
       5: 455cbf70-566f-4e3a-4444-2645f9a2c7ff cell_z2-1 [RUNNING for 26m45.056561196s]
...

Let’s assume you want to attach to this application on cell_z2-3, number 3 on the list. Connect to the server:

bosh ssh cell_z2/3

Use gaol to connect to the guid for the instance of the application on this cell:

gaol shell 5f0a000f-ec80-4c1a-56dd-e3a67154fafd
#

You are now connected as the root user.

Summary

There are several ways to get this information using the ccdb, various API calls, etc. This is simply one way of finding which applications are running on a runner or cell and connecting to them. Enjoy!

Spread the word

twitter icon facebook icon linkedin icon