使用Bosh成功部署CloudFoundry后,在OpenStack上启了一个实例作为DNS服务器专用,配置域名mycloud.com解析到CF API接口的IP:10.68.19.134,然后使用CF客户端命令行工具,发现无法登陆CF平台,执行命令及报错如下:
root@bosh-cli:~/bosh-workspace/deployments# cf login admin -t
target: http://api.mycloud.com
>>>
REQUEST: GET http://api.mycloud.com/info
REQUEST_HEADERS:
Accept : application/json
Content-Length : 0
RESPONSE: [200]
RESPONSE_HEADERS:
content-length : 250
content-type : application/json;charset=utf-8
date : Mon, 08 Jul 2013 07:48:27 GMT
server : nginx
x-content-type-options : nosniff
x-vcap-request-id : 65130b0b-48b1-42ee-b05b-a844e6dd54f2
RESPONSE_BODY:
{
"name": "vcap",
"build": "2222",
"support": "http://support.cloudfoundry.com",
"version": 2,
"description": "Cloud Foundry sponsored by Pivotal",
"authorization_endpoint": "http://login.mycloud.com",
"token_endpoint": "http://uaa.mycloud.com",
"allow_debug": true
}
<<<
Password> ********
Authenticating--->
request: post http://login.mycloud.com/oauth/token
headers: {"content-type"=>"application/x-www-form-urlencoded;charset=utf-8", "accept"=>"application/json;charset=utf-8", "authorization"=>"Basic Y2Y6"}
body: grant_type=password&username=admin&password=c1oudc0w
. <---
response: 200
headers: {"cache-control"=>"no-cache, no-store, no-cache, no-store, max-age=0", "content-language"=>"en-US", "content-type"=>"application/json;charset=UTF-8", "date"=>"Mon, 08 Jul 2013 07:48:40 GMT", "expires"=>"Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Jan 1970 00:00:00 GMT", "pragma"=>"no-cache, no-cache", "server"=>"Apache-Coyote/1.1", "transfer-encoding"=>"chunked"}
body: {"timestamp":"2013-06-12T22:32:57-0700","app":{"artifact":"cloudfoundry-login-server","description":"Cloud Foundry Login App","name":"Cloud Foundry Login","version":"1.2.3"},"error":{"error":"rest_client_error","error_description":"I/O error: uaa.mycloud.com; nested exception is java.net.UnknownHostException: uaa.mycloud.com"},"commit_id":"0f774e2","prompts":{"username":["text","Email"],"password":["password","Password"]}} ... FAILED
注意其中错误信息: nested exception is java.net.UnknownHostException: uaa.mycloud.com
分析应该是DNS解析有问题导致,但是执行nslookup命令,查看uaa.mycloud.com却是正常解析到10.68.19.134
再分析,uaa的验证行为是有CF的controller_ng组件发起,通过uaa组件接口进行验证,直接登录到controller_ng组件所在的虚拟机实例上查看DNS解析是否正常,结果果然是无法正常解析
再分析,之前的DNS只在CF客户端所在的机器上进行配置,故其他虚拟机之间进行交互时无法正常解析
尝试修改各虚拟机实例的DNS配置信息,却发现修改后无效,因为采用BOSH进行部署,DNS分为多层:
CF组件实例 ===>> Bosh PowerDNS实例 ===>> Micro Bosh实例 ===>> 虚拟机所在物理机 ===>> 公共DNS服务器
解决办法:
1、停用虚拟机DNS服务器
2、在某一台物理机上配置DNS服务器
3、将每台物理机的DNS配置指向物理DNS服务器
如此,所有的虚拟机的DNS都能通过物理DNS服务器解析,再次尝试CF客户端的登陆等操作,完全正常!