SlideShare uma empresa Scribd logo

Cloud Foundry Day in Tokyo Lightning Talk - Cloud Foundry over the Proxy

Transferir como PPTX, PDF
Maki Toshio
Maki Toshio

Toshio Maki of Hitachi Solutions discusses integrating Cloud Foundry with their company's development platform running on public cloud infrastructure behind a proxy. They solved issues with authentication (using SAML), getting application logs (fixing a proxy authentication bug), and SSH access (using a custom ProxyCommand). They are now considering running a Docker container with a terminal to simplify SSH access over the proxy.

Tecnologia
1 de 21
© Hitachi Solutions, Ltd. 2016. All rights reserved. Hitachi Solutions Ltd., 2016/11/11 Toshio Maki Cloud Foundry over the Proxy
© Hitachi Solutions, Ltd. 2016. All rights reserved. Toshio Maki / Hitachi Solutions Ltd., Working at R&D division Our missions are • Technical assistance • Software productivity improvement • Develop and operate our platform I started Cloud Foundry at Jan 2016. (In our company, we started researching from April 2015.) 1 About me
© Hitachi Solutions, Ltd. 2016. All rights reserved. Our platform 2 We are building DevOps platform on Public Cloud. • Limit access only our network (not VPN) • Permit only HTTPS protocol Developer Our company Source Code Management PaaS Developer Developer LDAP drone CI/CD Public IaaS
© Hitachi Solutions, Ltd. 2016. All rights reserved. Our platform 3 We are building DevOps platform on Public Cloud. • Limit access only our network (not VPN) • Permit only HTTPS protocol • Our accesses are restricted by Proxy with LDAP authentication Developer Our company Source Code Management PaaS Developer Developer LDAP drone CI/CD Public IaaS
© Hitachi Solutions, Ltd. 2016. All rights reserved. Our problems are… 4 How to integrate Cloud Foundry over proxy?
© Hitachi Solutions, Ltd. 2016. All rights reserved. Case 1: “cf login” 5
© Hitachi Solutions, Ltd. 2016. All rights reserved. How to integrate LDAP authentication over proxy? 6 We would like to use LDAP authentication. But… Developer Our company Source Code Management PaaS Developer Developer LDAP drone CI/CD Public IaaS
© Hitachi Solutions, Ltd. 2016. All rights reserved. How to integrate LDAP authentication over proxy? 7 We would like to use LDAP authentication. But… • We can’t move LDAP server to Public Cloud(security reason) Developer Our company Source Code Management PaaS Developer Developer LDAP drone CI/CD Public IaaS
© Hitachi Solutions, Ltd. 2016. All rights reserved. How to integrate LDAP authentication over proxy? 8 We would like to use LDAP authentication. But… • We can’t move LDAP server to Public Cloud(security reason) • Cloud Foundry can’t access LDAP server directly. Developer Our company Source Code Management PaaS Developer Developer LDAP drone CI/CD NG Public IaaS
© Hitachi Solutions, Ltd. 2016. All rights reserved. 9 Developer Our company Source Code Management PaaS Developer Developer LDAP drone CI/CD We solved this problem using SAML by IDP server How to integrate LDAP authentication over proxy? Public IaaS
© Hitachi Solutions, Ltd. 2016. All rights reserved. Cloud Foundry login sequence with SAML provider 10 developer OpenAM UAALDAP 1. Run “cf login --sso” and it requires one time token from uaa. 2. When I access uaa, redirect to IDP server. 3. When I authenticate LDAP user, IDP returns SAML token. 4. I get one time token from uaa, and “cf login” is successful. Run “cf login --sso” Access https://login.xxxxxxxxxxxxxxx.com/passcode Redirect to IDP server Access Login page and insert ID/Password Authenticate Success Post SAML token to UAA Returns one time token Insert one time token and authenticate Returns SAML Token
© Hitachi Solutions, Ltd. 2016. All rights reserved. Case 2: “cf push” and “cf logs” 11
© Hitachi Solutions, Ltd. 2016. All rights reserved. How to get stream logs via WebSocket over proxy? 12 “cf push/logs” does not work fine when over proxy. • Failed to get stream logs from doppler via WebSocket • Failed to proxy authentication • This problem was reported cf-cli issues#127 about 1 year ago WEBSOCKET REQUEST: [2016-09-02T12:43:56+09:00] GET /apps/a1dfce70-2517-4dab-bb3e-a79c15cc2ab1/stream HTTP/1.1 Host: wss://doppler.xxxxxxxxxxxxxxxxxxxxxx.com:443 Upgrade: websocket Connection: Upgrade Sec-WebSocket-Version: 13 Sec-WebSocket-Key: [HIDDEN] Origin: http://localhost Authorization: [PRIVATE DATA HIDDEN] 失敗 Error dialing traffic controller server: Proxy Authentication Required. Please ask your Cloud Foundry Operator to check the platform configuration (traffic controller is wss://doppler.xxxxxxxxxxxxxxxxxxxxxx.com:443).
© Hitachi Solutions, Ltd. 2016. All rights reserved. How to get stream logs via WebSocket over proxy? 13 We have found this problem. • Noaa is not supported proxy credentials • We created a patch and send to Cloud Foundry committer • In current version, this problem is fixed. (Thanks Gwenn!) https://github.com/cloudfoundry/cli/releases/tag/v6.22.0
© Hitachi Solutions, Ltd. 2016. All rights reserved. Case 3: “cf ssh” 14
© Hitachi Solutions, Ltd. 2016. All rights reserved. How to connect Cloud Foundry via SSH over proxy? 15 “cf ssh” does not work fine in our environment. • We can not connect external DNS directly • We can not resolve hostname • Even if we can resolve hostname, Proxy blocks SSH connection % cf ssh sample-application FAILED Error opening SSH connection: dial tcp: lookup ssh.xxxxxxxxxxxxxx.com on 127.0.1.1:53: no such host
© Hitachi Solutions, Ltd. 2016. All rights reserved. How to connect Cloud Foundry via SSH over proxy? 16 1. Write hostname and IP address in /etc/hosts. 2. Get app guid by “cf app --guid” % cf app sample-application --guid 14ed7f28-289a-4134-8ba0-e6535f733714 3. Write SSH configuration in .ssh/config. Host sample-application HostName ssh.xxxxxxxxxxxxxx.com User cf:14ed7f28-289a-4134-8ba0-e6535f733714/0 # cf:$(cf app app-name --guid)/0 Port 2222 ProxyCommand connect -H ($LDAP_ID)@proxy.xxxxxxxxxxxxxx.co.jp:8080 %h %p 4. Get one time token by “cf ssh-code”. % cf ssh-code 4MhakB 5. Run ssh command with proxy password and one time token % ssh sample-application Enter proxy authentication password for ($LDAP_ID)@proxy.xxxxxxxxxxxxxx.co.jp: -> Enter LDAP password The authenticity of host '[ssh.xxxxxxxxxxxxxx.com]:2222 (<no hostip for proxy command>)' can't be established. RSA key fingerprint is a6:d1:08:0b:b0:cb:9b:5f:c4:ba:44:2a:97:26:19:8a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[ssh.xxxxxxxxxxxxxx.com]:2222' (RSA) to the list of known hosts. This is important to connect SSH over proxy.
© Hitachi Solutions, Ltd. 2016. All rights reserved. How to connect Cloud Foundry via SSH over proxy? 17 1. Write hostname and IP address in /etc/hosts. 2. Get app guid by “cf app --guid” % cf app sample-application --guid 14ed7f28-289a-4134-8ba0-e6535f733714 3. Write SSH configuration in .ssh/config. Host sample-application HostName ssh.xxxxxxxxxxxxxx.com User cf:14ed7f28-289a-4134-8ba0-e6535f733714/0 # cf:$(cf app app-name --guid)/0 Port 2222 ProxyCommand connect -H ($LDAP_ID)@proxy.xxxxxxxxxxxxxx.co.jp:8080 %h %p 4. Get one time token by “cf ssh-code”. % cf ssh-code 4MhakB 5. Run ssh command with proxy password and one time token % ssh sample-application Enter proxy authentication password for ($LDAP_ID)@proxy.xxxxxxxxxxxxxx.co.jp: -> Enter LDAP password The authenticity of host '[ssh.xxxxxxxxxxxxxx.com]:2222 (<no hostip for proxy command>)' can't be established. RSA key fingerprint is a6:d1:08:0b:b0:cb:9b:5f:c4:ba:44:2a:97:26:19:8a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[ssh.xxxxxxxxxxxxxx.com]:2222' (RSA) to the list of known hosts. This is important to connect SSH over proxy. It’s so crazy!
© Hitachi Solutions, Ltd. 2016. All rights reserved. We are considering more simple solution 18 We will set up terminal on docker container. • We can access terminal via WebSocket over proxy. • Run “cf ssh” on docker container. Developer Our company Source Code Management PaaS Developer Developer LDAP drone CI/CD Docker Cluster cf sshWebSocket Public IaaS
© Hitachi Solutions, Ltd. 2016. All rights reserved. Trademarks 19 • Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc in the United States and/or other countries. • Drone is either trademarks or registrered trademarks of Drone.io in the United States and/or other countries. • GitLab is either trademarks or registered trademarks of GITLAB BV CORPORATION in the United States and/or other countries. • OpenAM is registered trademarks of Open Source Solution Technology Corporation. • Cloud Foundry is either trademarks or registered trademarks of Pivotal Software, Inc. in the United States, Japan and/or other countries.
Cloud Foundry Day in Tokyo Lightning Talk - Cloud Foundry over the Proxy

Recomendados

Everyday life with Cloud Foundry in a big organization (Cloud Foundry Days To...
Everyday life with Cloud Foundry in a big organization (Cloud Foundry Days To...Everyday life with Cloud Foundry in a big organization (Cloud Foundry Days To...
Everyday life with Cloud Foundry in a big organization (Cloud Foundry Days To...
CAFxX
 
Cloud Foundry Introduction for CF Meetup Tokyo March 2016
Cloud Foundry Introduction for CF Meetup Tokyo March 2016Cloud Foundry Introduction for CF Meetup Tokyo March 2016
Cloud Foundry Introduction for CF Meetup Tokyo March 2016
Tomohiro Ichimura
 
Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)
Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)
Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)
VMware Tanzu
 
Building Developer Pipelines with PKS, Harbor, Clair, and Concourse
Building Developer Pipelines with PKS, Harbor, Clair, and ConcourseBuilding Developer Pipelines with PKS, Harbor, Clair, and Concourse
Building Developer Pipelines with PKS, Harbor, Clair, and Concourse
VMware Tanzu
 
Open shift 4-update
Open shift 4-updateOpen shift 4-update
Open shift 4-update
SaeidVarmazyar
 
Cloud Foundry Roadmap Update - OSCON - May 2017
Cloud Foundry Roadmap Update - OSCON - May 2017Cloud Foundry Roadmap Update - OSCON - May 2017
Cloud Foundry Roadmap Update - OSCON - May 2017
Chip Childers
 
Run your Java code on Cloud Foundry
Run your Java code on Cloud FoundryRun your Java code on Cloud Foundry
Run your Java code on Cloud Foundry
Andy Piper
 
Devops: Enabled Through a Recasting of Operational Roles
Devops: Enabled Through a Recasting of Operational RolesDevops: Enabled Through a Recasting of Operational Roles
Devops: Enabled Through a Recasting of Operational Roles
cornelia davis
 

Recomendados

Everyday life with Cloud Foundry in a big organization (Cloud Foundry Days To...
Everyday life with Cloud Foundry in a big organization (Cloud Foundry Days To...Everyday life with Cloud Foundry in a big organization (Cloud Foundry Days To...
Everyday life with Cloud Foundry in a big organization (Cloud Foundry Days To...
CAFxX
 
Cloud Foundry Introduction for CF Meetup Tokyo March 2016
Cloud Foundry Introduction for CF Meetup Tokyo March 2016Cloud Foundry Introduction for CF Meetup Tokyo March 2016
Cloud Foundry Introduction for CF Meetup Tokyo March 2016
Tomohiro Ichimura
 
Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)
Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)
Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)
VMware Tanzu
 
Building Developer Pipelines with PKS, Harbor, Clair, and Concourse
Building Developer Pipelines with PKS, Harbor, Clair, and ConcourseBuilding Developer Pipelines with PKS, Harbor, Clair, and Concourse
Building Developer Pipelines with PKS, Harbor, Clair, and Concourse
VMware Tanzu
 
Open shift 4-update
Open shift 4-updateOpen shift 4-update
Open shift 4-update
SaeidVarmazyar
 
Cloud Foundry Roadmap Update - OSCON - May 2017
Cloud Foundry Roadmap Update - OSCON - May 2017Cloud Foundry Roadmap Update - OSCON - May 2017
Cloud Foundry Roadmap Update - OSCON - May 2017
Chip Childers
 
Run your Java code on Cloud Foundry
Run your Java code on Cloud FoundryRun your Java code on Cloud Foundry
Run your Java code on Cloud Foundry
Andy Piper
 
Devops: Enabled Through a Recasting of Operational Roles
Devops: Enabled Through a Recasting of Operational RolesDevops: Enabled Through a Recasting of Operational Roles
Devops: Enabled Through a Recasting of Operational Roles
cornelia davis
 
OpenShift Enterprise
OpenShift EnterpriseOpenShift Enterprise
OpenShift Enterprise
Ali Sadeghi Ardestani
 
A DevOps guide to Kubernetes
A DevOps guide to KubernetesA DevOps guide to Kubernetes
A DevOps guide to Kubernetes
Paul Czarkowski
 
DevOps @ OpenShift Online
DevOps @ OpenShift OnlineDevOps @ OpenShift Online
DevOps @ OpenShift Online
OpenShift Origin
 
Introduction into Cloud Foundry and Bosh | anynines
Introduction into Cloud Foundry and Bosh | anyninesIntroduction into Cloud Foundry and Bosh | anynines
Introduction into Cloud Foundry and Bosh | anynines
anynines GmbH
 
Part 3: Enabling Continuous Delivery (Pivotal Cloud Platform Roadshow)
Part 3: Enabling Continuous Delivery (Pivotal Cloud Platform Roadshow)Part 3: Enabling Continuous Delivery (Pivotal Cloud Platform Roadshow)
Part 3: Enabling Continuous Delivery (Pivotal Cloud Platform Roadshow)
VMware Tanzu
 
Red Hat OpenShift on Bare Metal and Containerized Storage
Red Hat OpenShift on Bare Metal and Containerized StorageRed Hat OpenShift on Bare Metal and Containerized Storage
Red Hat OpenShift on Bare Metal and Containerized Storage
Greg Hoelzer
 
Cloud Foundry Deployment Tools: BOSH vs Juju Charms
Cloud Foundry Deployment Tools: BOSH vs Juju CharmsCloud Foundry Deployment Tools: BOSH vs Juju Charms
Cloud Foundry Deployment Tools: BOSH vs Juju Charms
Altoros
 
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer DemandPaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
Cisco IT
 
OpenShift PaaS Anywhere (Infrastructure.Next Ghent 2014-02-24) Diane Mueller
OpenShift PaaS Anywhere (Infrastructure.Next Ghent 2014-02-24) Diane Mueller OpenShift PaaS Anywhere (Infrastructure.Next Ghent 2014-02-24) Diane Mueller
OpenShift PaaS Anywhere (Infrastructure.Next Ghent 2014-02-24) Diane Mueller
OpenShift Origin
 
Successful Patterns for running platforms
Successful Patterns for running platformsSuccessful Patterns for running platforms
Successful Patterns for running platforms
Paul Czarkowski
 
Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...
Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...
Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...
Diane Mueller
 
Kubernetes day 2 Operations
Kubernetes day 2 OperationsKubernetes day 2 Operations
Kubernetes day 2 Operations
Paul Czarkowski
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
Winton Winton
 
Openshift YARN - strata 2014
Openshift YARN - strata 2014Openshift YARN - strata 2014
Openshift YARN - strata 2014
Hortonworks
 
Continuous Delivery & Integration with JBoss Fuse on Openshift
Continuous Delivery & Integration with JBoss Fuse on OpenshiftContinuous Delivery & Integration with JBoss Fuse on Openshift
Continuous Delivery & Integration with JBoss Fuse on Openshift
Charles Moulliard
 
A year with Cloud Foundry and BOSH
A year with Cloud Foundry and BOSHA year with Cloud Foundry and BOSH
A year with Cloud Foundry and BOSH
Troy Astle
 
Cloud Foundry BOSH CPI for OpenStack
Cloud Foundry BOSH CPI for OpenStackCloud Foundry BOSH CPI for OpenStack
Cloud Foundry BOSH CPI for OpenStack
Animesh Singh
 
Red Hat OpenShift V3 Overview and Deep Dive
Red Hat OpenShift V3 Overview and Deep DiveRed Hat OpenShift V3 Overview and Deep Dive
Red Hat OpenShift V3 Overview and Deep Dive
Greg Hoelzer
 
OpenShift on OpenStack
OpenShift on OpenStackOpenShift on OpenStack
OpenShift on OpenStack
Dave Neary
 
Application Modernization with PKS / Kubernetes
Application Modernization with PKS / KubernetesApplication Modernization with PKS / Kubernetes
Application Modernization with PKS / Kubernetes
Paul Czarkowski
 
Short Lived Tasks in Cloud Foundry #cfdtokyo
Short Lived Tasks in Cloud Foundry #cfdtokyoShort Lived Tasks in Cloud Foundry #cfdtokyo
Short Lived Tasks in Cloud Foundry #cfdtokyo
Toshiaki Maki
 
Cloud Foundryで学ぶ、PaaSのしくみ講座
Cloud Foundryで学ぶ、PaaSのしくみ講座Cloud Foundryで学ぶ、PaaSのしくみ講座
Cloud Foundryで学ぶ、PaaSのしくみ講座
Kazuto Kusama
 

Mais conteúdo relacionado

Mais procurados

Part 3: Enabling Continuous Delivery (Pivotal Cloud Platform Roadshow)
Part 3: Enabling Continuous Delivery (Pivotal Cloud Platform Roadshow)Part 3: Enabling Continuous Delivery (Pivotal Cloud Platform Roadshow)
Part 3: Enabling Continuous Delivery (Pivotal Cloud Platform Roadshow)
VMware Tanzu
 
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer DemandPaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
Cisco IT
 
Cloud Foundry BOSH CPI for OpenStack
Cloud Foundry BOSH CPI for OpenStackCloud Foundry BOSH CPI for OpenStack
Cloud Foundry BOSH CPI for OpenStack
Animesh Singh
 
Red Hat OpenShift V3 Overview and Deep Dive
Red Hat OpenShift V3 Overview and Deep DiveRed Hat OpenShift V3 Overview and Deep Dive
Red Hat OpenShift V3 Overview and Deep Dive
Greg Hoelzer
 

Mais procurados (20)

OpenShift Enterprise
OpenShift EnterpriseOpenShift Enterprise
OpenShift Enterprise
 
A DevOps guide to Kubernetes
A DevOps guide to KubernetesA DevOps guide to Kubernetes
A DevOps guide to Kubernetes
 
DevOps @ OpenShift Online
DevOps @ OpenShift OnlineDevOps @ OpenShift Online
DevOps @ OpenShift Online
 
Introduction into Cloud Foundry and Bosh | anynines
Introduction into Cloud Foundry and Bosh | anyninesIntroduction into Cloud Foundry and Bosh | anynines
Introduction into Cloud Foundry and Bosh | anynines
 
Part 3: Enabling Continuous Delivery (Pivotal Cloud Platform Roadshow)
Part 3: Enabling Continuous Delivery (Pivotal Cloud Platform Roadshow)Part 3: Enabling Continuous Delivery (Pivotal Cloud Platform Roadshow)
Part 3: Enabling Continuous Delivery (Pivotal Cloud Platform Roadshow)
 
Red Hat OpenShift on Bare Metal and Containerized Storage
Red Hat OpenShift on Bare Metal and Containerized StorageRed Hat OpenShift on Bare Metal and Containerized Storage
Red Hat OpenShift on Bare Metal and Containerized Storage
 
Cloud Foundry Deployment Tools: BOSH vs Juju Charms
Cloud Foundry Deployment Tools: BOSH vs Juju CharmsCloud Foundry Deployment Tools: BOSH vs Juju Charms
Cloud Foundry Deployment Tools: BOSH vs Juju Charms
 
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer DemandPaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
 
OpenShift PaaS Anywhere (Infrastructure.Next Ghent 2014-02-24) Diane Mueller
OpenShift PaaS Anywhere (Infrastructure.Next Ghent 2014-02-24) Diane Mueller OpenShift PaaS Anywhere (Infrastructure.Next Ghent 2014-02-24) Diane Mueller
OpenShift PaaS Anywhere (Infrastructure.Next Ghent 2014-02-24) Diane Mueller
 
Successful Patterns for running platforms
Successful Patterns for running platformsSuccessful Patterns for running platforms
Successful Patterns for running platforms
 
Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...
Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...
Putting Private Clouds to Work with PaaS Interop Vegas 2013 presentation by D...
 
Kubernetes day 2 Operations
Kubernetes day 2 OperationsKubernetes day 2 Operations
Kubernetes day 2 Operations
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
 
Openshift YARN - strata 2014
Openshift YARN - strata 2014Openshift YARN - strata 2014
Openshift YARN - strata 2014
 
Continuous Delivery & Integration with JBoss Fuse on Openshift
Continuous Delivery & Integration with JBoss Fuse on OpenshiftContinuous Delivery & Integration with JBoss Fuse on Openshift
Continuous Delivery & Integration with JBoss Fuse on Openshift
 
A year with Cloud Foundry and BOSH
A year with Cloud Foundry and BOSHA year with Cloud Foundry and BOSH
A year with Cloud Foundry and BOSH
 
Cloud Foundry BOSH CPI for OpenStack
Cloud Foundry BOSH CPI for OpenStackCloud Foundry BOSH CPI for OpenStack
Cloud Foundry BOSH CPI for OpenStack
 
Red Hat OpenShift V3 Overview and Deep Dive
Red Hat OpenShift V3 Overview and Deep DiveRed Hat OpenShift V3 Overview and Deep Dive
Red Hat OpenShift V3 Overview and Deep Dive
 
OpenShift on OpenStack
OpenShift on OpenStackOpenShift on OpenStack
OpenShift on OpenStack
 
Application Modernization with PKS / Kubernetes
Application Modernization with PKS / KubernetesApplication Modernization with PKS / Kubernetes
Application Modernization with PKS / Kubernetes
 

Destaque

オープンクラウド基盤に最適! EMCのElastic Cloudソリューション
オープンクラウド基盤に最適! EMCのElastic Cloudソリューションオープンクラウド基盤に最適! EMCのElastic Cloudソリューション
オープンクラウド基盤に最適! EMCのElastic Cloudソリューション
EMC Japan
 
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
VirtualTech Japan Inc.
 

Destaque (20)

Short Lived Tasks in Cloud Foundry #cfdtokyo
Short Lived Tasks in Cloud Foundry #cfdtokyoShort Lived Tasks in Cloud Foundry #cfdtokyo
Short Lived Tasks in Cloud Foundry #cfdtokyo
 
Cloud Foundryで学ぶ、PaaSのしくみ講座
Cloud Foundryで学ぶ、PaaSのしくみ講座Cloud Foundryで学ぶ、PaaSのしくみ講座
Cloud Foundryで学ぶ、PaaSのしくみ講座
 
今年のOss業界10大ニュース
今年のOss業界10大ニュース今年のOss業界10大ニュース
今年のOss業界10大ニュース
 
オープンクラウド基盤に最適! EMCのElastic Cloudソリューション
オープンクラウド基盤に最適! EMCのElastic Cloudソリューションオープンクラウド基盤に最適! EMCのElastic Cloudソリューション
オープンクラウド基盤に最適! EMCのElastic Cloudソリューション
 
161118 tistudy open_stack summit(barcelona)報告会_インプレス河原
161118 tistudy open_stack summit(barcelona)報告会_インプレス河原161118 tistudy open_stack summit(barcelona)報告会_インプレス河原
161118 tistudy open_stack summit(barcelona)報告会_インプレス河原
 
OpenStack summit report 2016 in barcelona
OpenStack summit report 2016 in barcelonaOpenStack summit report 2016 in barcelona
OpenStack summit report 2016 in barcelona
 
OpenStack Summit Report
OpenStack Summit ReportOpenStack Summit Report
OpenStack Summit Report
 
Is spark streaming based on reactive streams?
Is spark streaming based on reactive streams?Is spark streaming based on reactive streams?
Is spark streaming based on reactive streams?
 
データ活用を推進する「Pivotal HDB(Apache HAWQ(ホーク))」
データ活用を推進する「Pivotal HDB(Apache HAWQ(ホーク))」データ活用を推進する「Pivotal HDB(Apache HAWQ(ホーク))」
データ活用を推進する「Pivotal HDB(Apache HAWQ(ホーク))」
 
Introduction to Hortonworks Data Cloud for AWS
Introduction to Hortonworks Data Cloud for AWSIntroduction to Hortonworks Data Cloud for AWS
Introduction to Hortonworks Data Cloud for AWS
 
Open stack ptg-forum
Open stack ptg-forumOpen stack ptg-forum
Open stack ptg-forum
 
サーバーの脆弱性管理に関して(OpenStack + Vuls) - OpenStack最新情報セミナー(2016年12月)
サーバーの脆弱性管理に関して(OpenStack + Vuls) - OpenStack最新情報セミナー(2016年12月)サーバーの脆弱性管理に関して(OpenStack + Vuls) - OpenStack最新情報セミナー(2016年12月)
サーバーの脆弱性管理に関して(OpenStack + Vuls) - OpenStack最新情報セミナー(2016年12月)
 
Ceph Performance on OpenStack - Barcelona Summit
Ceph Performance on OpenStack - Barcelona SummitCeph Performance on OpenStack - Barcelona Summit
Ceph Performance on OpenStack - Barcelona Summit
 
クラウド運用のベストプラクティスを考える - OpenStack最新情報セミナー(2016年12月)
クラウド運用のベストプラクティスを考える - OpenStack最新情報セミナー(2016年12月)クラウド運用のベストプラクティスを考える - OpenStack最新情報セミナー(2016年12月)
クラウド運用のベストプラクティスを考える - OpenStack最新情報セミナー(2016年12月)
 
Doma SQLテンプレートのしくみ
Doma SQLテンプレートのしくみDoma SQLテンプレートのしくみ
Doma SQLテンプレートのしくみ
 
Bare Metal Provisioning for Big Data - OpenStack最新情報セミナー(2016年12月)
Bare Metal Provisioning for Big Data - OpenStack最新情報セミナー(2016年12月)Bare Metal Provisioning for Big Data - OpenStack最新情報セミナー(2016年12月)
Bare Metal Provisioning for Big Data - OpenStack最新情報セミナー(2016年12月)
 
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
 
Cloud Foundry varz
Cloud Foundry varzCloud Foundry varz
Cloud Foundry varz
 
たまにはOpenShiftも触ってみよう
たまにはOpenShiftも触ってみようたまにはOpenShiftも触ってみよう
たまにはOpenShiftも触ってみよう
 
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
 

Semelhante a Cloud Foundry Day in Tokyo Lightning Talk - Cloud Foundry over the Proxy

Maximize the power of OSGi in AEM
Maximize the power of OSGi in AEM Maximize the power of OSGi in AEM
Maximize the power of OSGi in AEM
ICF CIRCUIT
 
Introduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefIntroduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to Chef
Nathen Harvey
 
Cloud Foundry for PHP developers
Cloud Foundry for PHP developersCloud Foundry for PHP developers
Cloud Foundry for PHP developers
Daniel Krook
 
AWS CodeDeploy: Manage Deployment Complexity
AWS CodeDeploy: Manage Deployment ComplexityAWS CodeDeploy: Manage Deployment Complexity
AWS CodeDeploy: Manage Deployment Complexity
Amazon Web Services
 
Workshop: AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Pract...
Workshop: AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Pract...Workshop: AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Pract...
Workshop: AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Pract...
Amazon Web Services
 
AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Practices (DEV3...
AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Practices (DEV3...AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Practices (DEV3...
AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Practices (DEV3...
Amazon Web Services
 

Semelhante a Cloud Foundry Day in Tokyo Lightning Talk - Cloud Foundry over the Proxy (20)

From H2O to Steam - Dr. Bingwei Liu, Sr. Data Engineer, Aetna
From H2O to Steam - Dr. Bingwei Liu, Sr. Data Engineer, AetnaFrom H2O to Steam - Dr. Bingwei Liu, Sr. Data Engineer, Aetna
From H2O to Steam - Dr. Bingwei Liu, Sr. Data Engineer, Aetna
 
Maximize the power of OSGi in AEM
Maximize the power of OSGi in AEM Maximize the power of OSGi in AEM
Maximize the power of OSGi in AEM
 
.NET Cloud-Native Bootcamp
.NET Cloud-Native Bootcamp.NET Cloud-Native Bootcamp
.NET Cloud-Native Bootcamp
 
PHP as a Service TDC2019
PHP as a Service TDC2019PHP as a Service TDC2019
PHP as a Service TDC2019
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
PaaSVSContainerization
PaaSVSContainerizationPaaSVSContainerization
PaaSVSContainerization
 
Introduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefIntroduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to Chef
 
CI/CD with AWS Code Services
CI/CD with AWS Code ServicesCI/CD with AWS Code Services
CI/CD with AWS Code Services
 
PHP Buildpacks in the Cloud on Bluemix
PHP Buildpacks in the Cloud on BluemixPHP Buildpacks in the Cloud on Bluemix
PHP Buildpacks in the Cloud on Bluemix
 
Cloud Foundry for PHP developers
Cloud Foundry for PHP developersCloud Foundry for PHP developers
Cloud Foundry for PHP developers
 
Developing applications with Hyperledger Fabric SDK
Developing applications with Hyperledger Fabric SDKDeveloping applications with Hyperledger Fabric SDK
Developing applications with Hyperledger Fabric SDK
 
OAuth2 - The Swiss Army Framework
OAuth2 - The Swiss Army FrameworkOAuth2 - The Swiss Army Framework
OAuth2 - The Swiss Army Framework
 
AWS CodeDeploy: Manage Deployment Complexity
AWS CodeDeploy: Manage Deployment ComplexityAWS CodeDeploy: Manage Deployment Complexity
AWS CodeDeploy: Manage Deployment Complexity
 
Workshop: AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Pract...
Workshop: AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Pract...Workshop: AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Pract...
Workshop: AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Pract...
 
New Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosNew Products Overview: Use Cases and Demos
New Products Overview: Use Cases and Demos
 
New Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosNew Products Overview: Use Cases and Demos
New Products Overview: Use Cases and Demos
 
DevOPS training - Day 1/2
DevOPS training - Day 1/2DevOPS training - Day 1/2
DevOPS training - Day 1/2
 
AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Practices (DEV3...
AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Practices (DEV3...AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Practices (DEV3...
AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Practices (DEV3...
 
MuleSoft Meetup Vancouver 5th Virtual Event
MuleSoft Meetup Vancouver 5th Virtual EventMuleSoft Meetup Vancouver 5th Virtual Event
MuleSoft Meetup Vancouver 5th Virtual Event
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
 

Mais de Maki Toshio

Searched gems which supports only ruby 2.6
Searched gems which supports only ruby 2.6Searched gems which supports only ruby 2.6
Searched gems which supports only ruby 2.6
Maki Toshio
 
ファイルシステムのスナップショット機能でバックアップを取得する
ファイルシステムのスナップショット機能でバックアップを取得するファイルシステムのスナップショット機能でバックアップを取得する
ファイルシステムのスナップショット機能でバックアップを取得する
Maki Toshio
 
Rubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行するRubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行する
Maki Toshio
 

Mais de Maki Toshio (11)

Rails 6.1 → 7.0アップデート記録
Rails 6.1 → 7.0アップデート記録Rails 6.1 → 7.0アップデート記録
Rails 6.1 → 7.0アップデート記録
 
自社サービスのAPIをOAuth2対応にして公開した
自社サービスのAPIをOAuth2対応にして公開した自社サービスのAPIをOAuth2対応にして公開した
自社サービスのAPIをOAuth2対応にして公開した
 
Searched gems which supports only ruby 2.6
Searched gems which supports only ruby 2.6Searched gems which supports only ruby 2.6
Searched gems which supports only ruby 2.6
 
ActiveRecordで複雑なクエリを書くのは間違っているのか
ActiveRecordで複雑なクエリを書くのは間違っているのかActiveRecordで複雑なクエリを書くのは間違っているのか
ActiveRecordで複雑なクエリを書くのは間違っているのか
 
やさしいGemパッチの作り方
やさしいGemパッチの作り方やさしいGemパッチの作り方
やさしいGemパッチの作り方
 
ファイルシステムのスナップショット機能でバックアップを取得する
ファイルシステムのスナップショット機能でバックアップを取得するファイルシステムのスナップショット機能でバックアップを取得する
ファイルシステムのスナップショット機能でバックアップを取得する
 
メール製品を作って気づいたmailライブラリの光と闇について語る
メール製品を作って気づいたmailライブラリの光と闇について語るメール製品を作って気づいたmailライブラリの光と闇について語る
メール製品を作って気づいたmailライブラリの光と闇について語る
 
明日から使える(?)Rubyトリビア
明日から使える(?)Rubyトリビア明日から使える(?)Rubyトリビア
明日から使える(?)Rubyトリビア
 
Rubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行するRubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行する
 
レガシーコード改善ガイド
レガシーコード改善ガイドレガシーコード改善ガイド
レガシーコード改善ガイド
 
Ruby on rails on hudsonの活用事例
Ruby on rails on hudsonの活用事例Ruby on rails on hudsonの活用事例
Ruby on rails on hudsonの活用事例
 

Último

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Último (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Cloud Foundry Day in Tokyo Lightning Talk - Cloud Foundry over the Proxy

  • 1. © Hitachi Solutions, Ltd. 2016. All rights reserved. Hitachi Solutions Ltd., 2016/11/11 Toshio Maki Cloud Foundry over the Proxy
  • 2. © Hitachi Solutions, Ltd. 2016. All rights reserved. Toshio Maki / Hitachi Solutions Ltd., Working at R&D division Our missions are • Technical assistance • Software productivity improvement • Develop and operate our platform I started Cloud Foundry at Jan 2016. (In our company, we started researching from April 2015.) 1 About me
  • 3. © Hitachi Solutions, Ltd. 2016. All rights reserved. Our platform 2 We are building DevOps platform on Public Cloud. • Limit access only our network (not VPN) • Permit only HTTPS protocol Developer Our company Source Code Management PaaS Developer Developer LDAP drone CI/CD Public IaaS
  • 4. © Hitachi Solutions, Ltd. 2016. All rights reserved. Our platform 3 We are building DevOps platform on Public Cloud. • Limit access only our network (not VPN) • Permit only HTTPS protocol • Our accesses are restricted by Proxy with LDAP authentication Developer Our company Source Code Management PaaS Developer Developer LDAP drone CI/CD Public IaaS
  • 5. © Hitachi Solutions, Ltd. 2016. All rights reserved. Our problems are… 4 How to integrate Cloud Foundry over proxy?
  • 6. © Hitachi Solutions, Ltd. 2016. All rights reserved. Case 1: “cf login” 5
  • 7. © Hitachi Solutions, Ltd. 2016. All rights reserved. How to integrate LDAP authentication over proxy? 6 We would like to use LDAP authentication. But… Developer Our company Source Code Management PaaS Developer Developer LDAP drone CI/CD Public IaaS
  • 8. © Hitachi Solutions, Ltd. 2016. All rights reserved. How to integrate LDAP authentication over proxy? 7 We would like to use LDAP authentication. But… • We can’t move LDAP server to Public Cloud(security reason) Developer Our company Source Code Management PaaS Developer Developer LDAP drone CI/CD Public IaaS
  • 9. © Hitachi Solutions, Ltd. 2016. All rights reserved. How to integrate LDAP authentication over proxy? 8 We would like to use LDAP authentication. But… • We can’t move LDAP server to Public Cloud(security reason) • Cloud Foundry can’t access LDAP server directly. Developer Our company Source Code Management PaaS Developer Developer LDAP drone CI/CD NG Public IaaS
  • 10. © Hitachi Solutions, Ltd. 2016. All rights reserved. 9 Developer Our company Source Code Management PaaS Developer Developer LDAP drone CI/CD We solved this problem using SAML by IDP server How to integrate LDAP authentication over proxy? Public IaaS
  • 11. © Hitachi Solutions, Ltd. 2016. All rights reserved. Cloud Foundry login sequence with SAML provider 10 developer OpenAM UAALDAP 1. Run “cf login --sso” and it requires one time token from uaa. 2. When I access uaa, redirect to IDP server. 3. When I authenticate LDAP user, IDP returns SAML token. 4. I get one time token from uaa, and “cf login” is successful. Run “cf login --sso” Access https://login.xxxxxxxxxxxxxxx.com/passcode Redirect to IDP server Access Login page and insert ID/Password Authenticate Success Post SAML token to UAA Returns one time token Insert one time token and authenticate Returns SAML Token
  • 12. © Hitachi Solutions, Ltd. 2016. All rights reserved. Case 2: “cf push” and “cf logs” 11
  • 13. © Hitachi Solutions, Ltd. 2016. All rights reserved. How to get stream logs via WebSocket over proxy? 12 “cf push/logs” does not work fine when over proxy. • Failed to get stream logs from doppler via WebSocket • Failed to proxy authentication • This problem was reported cf-cli issues#127 about 1 year ago WEBSOCKET REQUEST: [2016-09-02T12:43:56+09:00] GET /apps/a1dfce70-2517-4dab-bb3e-a79c15cc2ab1/stream HTTP/1.1 Host: wss://doppler.xxxxxxxxxxxxxxxxxxxxxx.com:443 Upgrade: websocket Connection: Upgrade Sec-WebSocket-Version: 13 Sec-WebSocket-Key: [HIDDEN] Origin: http://localhost Authorization: [PRIVATE DATA HIDDEN] 失敗 Error dialing traffic controller server: Proxy Authentication Required. Please ask your Cloud Foundry Operator to check the platform configuration (traffic controller is wss://doppler.xxxxxxxxxxxxxxxxxxxxxx.com:443).
  • 14. © Hitachi Solutions, Ltd. 2016. All rights reserved. How to get stream logs via WebSocket over proxy? 13 We have found this problem. • Noaa is not supported proxy credentials • We created a patch and send to Cloud Foundry committer • In current version, this problem is fixed. (Thanks Gwenn!) https://github.com/cloudfoundry/cli/releases/tag/v6.22.0
  • 15. © Hitachi Solutions, Ltd. 2016. All rights reserved. Case 3: “cf ssh” 14
  • 16. © Hitachi Solutions, Ltd. 2016. All rights reserved. How to connect Cloud Foundry via SSH over proxy? 15 “cf ssh” does not work fine in our environment. • We can not connect external DNS directly • We can not resolve hostname • Even if we can resolve hostname, Proxy blocks SSH connection % cf ssh sample-application FAILED Error opening SSH connection: dial tcp: lookup ssh.xxxxxxxxxxxxxx.com on 127.0.1.1:53: no such host
  • 17. © Hitachi Solutions, Ltd. 2016. All rights reserved. How to connect Cloud Foundry via SSH over proxy? 16 1. Write hostname and IP address in /etc/hosts. 2. Get app guid by “cf app --guid” % cf app sample-application --guid 14ed7f28-289a-4134-8ba0-e6535f733714 3. Write SSH configuration in .ssh/config. Host sample-application HostName ssh.xxxxxxxxxxxxxx.com User cf:14ed7f28-289a-4134-8ba0-e6535f733714/0 # cf:$(cf app app-name --guid)/0 Port 2222 ProxyCommand connect -H ($LDAP_ID)@proxy.xxxxxxxxxxxxxx.co.jp:8080 %h %p 4. Get one time token by “cf ssh-code”. % cf ssh-code 4MhakB 5. Run ssh command with proxy password and one time token % ssh sample-application Enter proxy authentication password for ($LDAP_ID)@proxy.xxxxxxxxxxxxxx.co.jp: -> Enter LDAP password The authenticity of host '[ssh.xxxxxxxxxxxxxx.com]:2222 (<no hostip for proxy command>)' can't be established. RSA key fingerprint is a6:d1:08:0b:b0:cb:9b:5f:c4:ba:44:2a:97:26:19:8a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[ssh.xxxxxxxxxxxxxx.com]:2222' (RSA) to the list of known hosts. This is important to connect SSH over proxy.
  • 18. © Hitachi Solutions, Ltd. 2016. All rights reserved. How to connect Cloud Foundry via SSH over proxy? 17 1. Write hostname and IP address in /etc/hosts. 2. Get app guid by “cf app --guid” % cf app sample-application --guid 14ed7f28-289a-4134-8ba0-e6535f733714 3. Write SSH configuration in .ssh/config. Host sample-application HostName ssh.xxxxxxxxxxxxxx.com User cf:14ed7f28-289a-4134-8ba0-e6535f733714/0 # cf:$(cf app app-name --guid)/0 Port 2222 ProxyCommand connect -H ($LDAP_ID)@proxy.xxxxxxxxxxxxxx.co.jp:8080 %h %p 4. Get one time token by “cf ssh-code”. % cf ssh-code 4MhakB 5. Run ssh command with proxy password and one time token % ssh sample-application Enter proxy authentication password for ($LDAP_ID)@proxy.xxxxxxxxxxxxxx.co.jp: -> Enter LDAP password The authenticity of host '[ssh.xxxxxxxxxxxxxx.com]:2222 (<no hostip for proxy command>)' can't be established. RSA key fingerprint is a6:d1:08:0b:b0:cb:9b:5f:c4:ba:44:2a:97:26:19:8a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[ssh.xxxxxxxxxxxxxx.com]:2222' (RSA) to the list of known hosts. This is important to connect SSH over proxy. It’s so crazy!
  • 19. © Hitachi Solutions, Ltd. 2016. All rights reserved. We are considering more simple solution 18 We will set up terminal on docker container. • We can access terminal via WebSocket over proxy. • Run “cf ssh” on docker container. Developer Our company Source Code Management PaaS Developer Developer LDAP drone CI/CD Docker Cluster cf sshWebSocket Public IaaS
  • 20. © Hitachi Solutions, Ltd. 2016. All rights reserved. Trademarks 19 • Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc in the United States and/or other countries. • Drone is either trademarks or registrered trademarks of Drone.io in the United States and/or other countries. • GitLab is either trademarks or registered trademarks of GITLAB BV CORPORATION in the United States and/or other countries. • OpenAM is registered trademarks of Open Source Solution Technology Corporation. • Cloud Foundry is either trademarks or registered trademarks of Pivotal Software, Inc. in the United States, Japan and/or other countries.