Vmware 无法在Cloud Foundry中创建共享域-504网关超时
我无法在Cloud Foundry中创建共享域,任何推送的应用程序的健康检查连接都被拒绝 我有一个基于OpenStack IaaS的工作云铸造环境。一切如期进行。我获取了部署文件,并在一段时间后将其成功部署到IaaS Vmware VSphere 7中。问题是,我推的每个应用程序都有健康检查问题:Vmware 无法在Cloud Foundry中创建共享域-504网关超时,vmware,openstack,cloud-foundry,cf-bosh,Vmware,Openstack,Cloud Foundry,Cf Bosh,我无法在Cloud Foundry中创建共享域,任何推送的应用程序的健康检查连接都被拒绝 我有一个基于OpenStack IaaS的工作云铸造环境。一切如期进行。我获取了部署文件,并在一段时间后将其成功部署到IaaS Vmware VSphere 7中。问题是,我推的每个应用程序都有健康检查问题: 2020-10-29T16:55:01.43+0000 [CELL/0] OUT Cell 938b869c-5a68-40cc-9486-c5bc0d53a73a successfully d
2020-10-29T16:55:01.43+0000 [CELL/0] OUT Cell 938b869c-5a68-40cc-9486-c5bc0d53a73a successfully destroyed container for instance 44e9c2a6-b54d-4fc4-4118-6d6d
2020-10-29T16:55:36.55+0000 [CELL/0] OUT Cell 938b869c-5a68-40cc-9486-c5bc0d53a73a creating container for instance 17f161a2-9788-426d-414d-6c33
2020-10-29T16:55:37.18+0000 [CELL/0] OUT Cell 938b869c-5a68-40cc-9486-c5bc0d53a73a successfully created container for instance 17f161a2-9788-426d-414d-6c33
2020-10-29T16:55:37.47+0000 [CELL/0] OUT Downloading droplet...
2020-10-29T16:55:37.75+0000 [CELL/0] OUT Downloaded droplet
2020-10-29T16:55:37.75+0000 [CELL/0] OUT Starting health monitoring of container
2020-10-29T16:56:38.45+0000 [HEALTH/0] ERR Failed to make TCP connection to port 8080: connection refused
2020-10-29T16:56:38.45+0000 [CELL/0] ERR Timed out after 1m0s: health check never passed.
2020-10-29T16:56:38.46+0000 [CELL/SSHD/0] OUT Exit status 0
2020-10-29T16:56:38.48+0000 [APP/PROC/WEB/0] OUT Exit status 143
bash-5.0# cf create-shared-domain tcp.cf.test-env.net --router-group default-tcp -v
REQUEST: [2020-10-29T17:03:33Z]
GET /v2/info HTTP/1.1
Host: api.cf.test-env.net
Accept: application/json
User-Agent: cf/6.47.2+d526c2cb3.2019-11-05 (go1.12.12; amd64 linux)
RESPONSE: [2020-10-29T17:03:33Z]
HTTP/1.1 200 OK
Content-Length: 561
Content-Type: application/json;charset=utf-8
Date: Thu, 29 Oct 2020 17:03:33 GMT
Server: nginx
X-Content-Type-Options: nosniff
X-Vcap-Request-Id: 4badb79b-2faf-4623-6c3c-ce5fa3223cd5::dc43d2c9-c902-4429-9d65-d9a0060983c5
{
"api_version": "2.144.0",
"app_ssh_endpoint": "ssh.cf.test-env.net:2222",
"app_ssh_host_key_fingerprint": "ae:a3:ed:ad:37:d3:8a:7b:ed:b4:e5:d2:25:e5:8c:d0",
"app_ssh_oauth_client": "ssh-proxy",
"authorization_endpoint": "https://login.cf.test-env.net",
"build": "",
"description": "",
"doppler_logging_endpoint": "wss://doppler.cf.test-env.net:443",
"min_cli_version": null,
"min_recommended_cli_version": null,
"name": "",
"osbapi_version": "2.15",
"routing_endpoint": "https://api.cf.test-env.net/routing",
"support": "",
"token_endpoint": "https://uaa.cf.test-env.net",
"version": 0
}
REQUEST: [2020-10-29T17:03:33Z]
GET /login HTTP/1.1
Host: login.cf.test-env.net
Accept: application/json
Connection: close
User-Agent: cf/6.47.2+d526c2cb3.2019-11-05 (go1.12.12; amd64 linux)
RESPONSE: [2020-10-29T17:03:34Z]
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Language: en-US
Content-Length: 384
Content-Type: application/json;charset=UTF-8
Date: Thu, 29 Oct 2020 17:03:34 GMT
Set-Cookie: X-Uaa-Csrf=NJlSPAjspn7m8oWuQdKsVD; Max-Age=86400; Expires=Fri, 30-Oct-2020 17:03:34 GMT; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vcap-Request-Id: 577d4d31-ec30-477e-6f44-c0dd9306270d
X-Xss-Protection: 1; mode=block
{
"app": {
"version": "74.12.0"
},
"commit_id": "7311e68",
"entityID": "login.cf.test-env.net",
"idpDefinitions": {},
"links": {
"login": "https://login.cf.test-env.net",
"passwd": "/forgot_password",
"register": "/create_account",
"uaa": "https://uaa.cf.test-env.net"
},
"prompts": {
"password": "[PRIVATE DATA HIDDEN]",
"username": [
"text",
"Email"
]
},
"timestamp": "2019-12-02T22:53:03+0000",
"zone_name": "uaa"
}
Creating shared domain tcp.cf.test-env.net as admin...
REQUEST: [2020-10-29T17:03:34Z]
GET /routing/v1/router_groups?name=default-tcp HTTP/1.1
Host: api.cf.test-env.net
Accept: application/json
Authorization: [PRIVATE DATA HIDDEN]
Connection: close
Content-Type: application/json
User-Agent: cf/6.47.2+d526c2cb3.2019-11-05 (go1.12.12; amd64 linux)
[application/json Content Hidden]
RESPONSE: [2020-10-29T17:03:34Z]
HTTP/1.1 200 OK
Content-Length: 114
Content-Type: application/json
Date: Thu, 29 Oct 2020 17:03:34 GMT
X-Vcap-Request-Id: 9459b068-0987-4f5e-7dee-1efdb5ca6fb8
[
{
"guid": "343ba1e8-88a7-4003-6db6-4feabedd072b",
"name": "default-tcp",
"reservable_ports": "1024-2048",
"type": "tcp"
}
]
REQUEST: [2020-10-29T17:03:34Z]
POST /v2/shared_domains HTTP/1.1
Host: api.cf.test-env.net
Accept: application/json
Authorization: [PRIVATE DATA HIDDEN]
Content-Type: application/json
User-Agent: cf/6.47.2+d526c2cb3.2019-11-05 (go1.12.12; amd64 linux)
{
"internal": false,
"name": "tcp.cf.test-env.net",
"router_group_guid": "343ba1e8-88a7-4003-6db6-4feabedd072b"
}
RESPONSE: [2020-10-29T17:04:04Z]
HTTP/1.0 504 Gateway Time-out
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<html><body><h1>504 Gateway Time-out</h1>
The server didn't respond in time.
</body></html>
Error unmarshalling the following into a cloud controller error: <html><body><h1>504 Gateway Time-out</h1>
The server didn't respond in time.
</body></html>
FAILED
bash-5.0#cf创建共享域tcp.cf.test-env.net——路由器组默认tcp-v
请求:[2020-10-29T17:03:33Z]
获取/v2/info HTTP/1.1
主机:api.cf.test-env.net
接受:application/json
用户代理:cf/6.47.2+d526c2cb3.2019-11-05(go1.12.12;amd64 linux)
回复:[2020-10-29T17:03:33Z]
HTTP/1.1200ok
内容长度:561
内容类型:application/json;字符集=utf-8
日期:2020年10月29日星期四17:03:33 GMT
服务器:nginx
X-Content-Type-Options:nosniff
X-Vcap-Request-Id:4badb79b-2faf-4623-6c3c-ce5fa3223cd5::dc43d2c9-c902-4429-9d65-d9a0060983c5
{
“api_版本”:“2.144.0”,
“app_ssh_endpoint”:“ssh.cf.test-env.net:2222”,
“应用程序ssh主机密钥指纹”:“ae:a3:ed:ad:37:d3:8a:7b:ed:b4:e5:d2:25:e5:8c:d0”,
“应用程序ssh oauth客户端”:“ssh代理”,
“授权\u终结点”:https://login.cf.test-env.net",
“构建”:“,
“说明”:“,
“多普勒\u记录\u端点”:wss://doppler.cf.test-env.net:443",
“min_cli_版本”:空,
“min_推荐的客户端版本”:null,
“名称”:“,
“osbapi_版本”:“2.15”,
“路由_终结点”:https://api.cf.test-env.net/routing",
“支持”:“,
“令牌\u终结点”:https://uaa.cf.test-env.net",
“版本”:0
}
请求:[2020-10-29T17:03:33Z]
获取/登录HTTP/1.1
主机:login.cf.test-env.net
接受:application/json
连接:关闭
用户代理:cf/6.47.2+d526c2cb3.2019-11-05(go1.12.12;amd64 linux)
回复:[2020-10-29T17:03:34Z]
HTTP/1.1200ok
缓存控制:没有存储
内容语言:en US
内容长度:384
内容类型:application/json;字符集=UTF-8
日期:2020年10月29日星期四17:03:34 GMT
设置Cookie:X-Uaa-Csrf=NJlSPAjspn7m8oWuQdKsVD;最大年龄=86400岁;Expires=周五,2020年10月30日17:03:34格林威治标准时间;路径=/;保护HttpOnly
严格的运输安全:最大年龄=31536000
X-Content-Type-Options:nosniff
X帧选项:拒绝
X-Vcap-Request-Id:577d4d31-ec30-477e-6f44-c0dd9306270d
X-Xss-Protection:1;模式=块
{
“应用程序”:{
“版本”:“74.12.0”
},
“提交id”:“7311e68”,
“entityID”:“login.cf.test-env.net”,
“定义”:{},
“链接”:{
“登录”:https://login.cf.test-env.net",
“密码”:“/忘记密码”,
“注册”:“/创建账户”,
“uaa”:https://uaa.cf.test-env.net"
},
“提示”:{
“密码”:“[私人数据隐藏]”,
“用户名”:[
“文本”,
“电子邮件”
]
},
“时间戳”:“2019-12-02T22:53:03+0000”,
“区域名称”:“uaa”
}
正在创建共享域tcp.cf.test-env.net作为管理员。。。
请求:[2020-10-29T17:03:34Z]
GET/routing/v1/router_groups?name=默认tcp HTTP/1.1
主机:api.cf.test-env.net
接受:application/json
授权:[隐藏私人数据]
连接:关闭
内容类型:application/json
用户代理:cf/6.47.2+d526c2cb3.2019-11-05(go1.12.12;amd64 linux)
[应用程序/json内容隐藏]
回复:[2020-10-29T17:03:34Z]
HTTP/1.1200ok
内容长度:114
内容类型:application/json
日期:2020年10月29日星期四17:03:34 GMT
X-Vcap-Request-Id:9459b068-0987-4f5e-7dee-1efdb5ca6fb8
[
{
“guid”:“343ba1e8-88a7-4003-6db6-4feabedd072b”,
“名称”:“默认tcp”,
“可保留的_端口”:“1024-2048”,
“类型”:“tcp”
}
]
请求:[2020-10-29T17:03:34Z]
POST/v2/shared_域HTTP/1.1
主机:api.cf.test-env.net
接受:application/json
授权:[隐藏私人数据]
内容类型:application/json
用户代理:cf/6.47.2+d526c2cb3.2019-11-05(go1.12.12;amd64 linux)
{
“内部”:错误,
“名称”:“tcp.cf.test-env.net”,
“路由器组guid”:“343ba1e8-88a7-4003-6db6-4feabedd072b”
}
回复:[2020-10-29T17:04:04Z]
HTTP/1.0 504网关超时
缓存控制:没有缓存
连接:关闭
内容类型:text/html
504网关超时
服务器没有及时响应。
将以下内容解组为云控制器错误:504网关超时
服务器没有及时响应。
失败
任何想法,我还能做什么?问题在于VmWare NSX-T上的DNAT和SNAT规则。如果任何内部VM询问dns名称“api.cf.test-env.net”,它会得到远程(公共)IP地址作为答案。当建立连接时,内部VM通过公共IP地址询问api.cf.test-env.net,并通过TCP三方握手的第二阶段获得本地一方-是什么导致了TCP RST。正确创建DNAT和SNAT规则后,一切正常。我仍然想知道为什么“api.cf.test-env.net”没有得到内部地址为bosh dns的回复。有人知道为什么会这样以及如何更改吗?查看网络流量进入系统域的路径。检查DNS设置是否正确,负载平衡器是否正常工作,以及是否能够与GoRouter通信。504不是来自gorouter,因为格式看起来会不同,所以它可能来自上游,比如你的LB。一个快速/简单的检查是查看gorouter访问日志,看看失败的请求是否曾经到达那里。如果你在日志中没有看到它们,那么它们就不会成功。谢谢你的评论,我正在与tcpdump一起检查gorouters上的流量情况,并找到了它运行不正常的原因