BOSH release of the pcap Cloud Foundry add-on
- pcap-api is deployed on its own vm.
- pcap-agent is co-located on diego cells.
- pcap-api needs to register its route via route-registrar, part of the cf-routing-release.
- Requests to pcap-api need an authorization header including the oauth token from UAA. This token is used to gather information about the app from the cloud-controller.
- The pcap-api makes requests to the pcap-agent on corresponding diego cell.
- The pcap agent starts a tcpdump using libpcap via the gopacket module and streams the results.
- Check if token is valid by requesting app information from CC
- Get diego cell address for app instance from CC
- Connect to pcap agent on diego-cell
- Stream packets back to client
- Find container PID for app id
- enter container network namespace
- capture packets and stream back to client
The release provides two files to integrate with an existing cf-deployment:
manifests/ops-files/add-pcap-agent.ymlThis provides a shared CA between pcap-agent and pcap-api. It also adds the pcap-agent job to all diego cells.manifests/pcap-agent.ymlThis is an example BOSH manifest to deploy the pcap-api
bosh interpolate -o manifests/ops-files/add-pcap-agent.yml cf-deployment.yml > cf-deployment-pcap.yml
bosh -d cf deploy cf-deployment-pcap.yml
This assumes your BOSH deployment name of cf-deployment is called cf
cp manifests/vars-template.yml manifests/vars.yml
vim manifests/vars.yml (adjust as needed)
bosh -d pcap deploy -l manifests/vars.yml manifests/pcap-agent.yml
wget https://pcap.cf.cfapp.com/cli/pcap-cli-[linux|mac]-amd64 (adjust URL as needed) -O pcap-cli
cf install-plugin pcap-cli
cf pcap ...