Using Azure Service Broker

This topic describes how to use Azure Service Broker.

Before performing the procedures in this topic, ensure that you have installed the Cloud Foundry Command Line Interface (cf CLI).

List Services

  1. In a terminal window, run cf marketplace to list all the service offerings from Azure Service Broker.

  2. Run cf marketplace -s SERVICE to view the descriptions for the plans of a service.

Note: See the Azure Pricing topic to view pricing details for each service.

Create Service Instances

This section describes how to create service instances for the services offered by Azure Service Broker.

Azure Storage

Create

To create an azure storage service instance named mystorage with the standard plan: (if default parameters for the service have been set)

$ cf create-service azure-storage standard mystorage

To create a service instance with custom parameters:

$ cf create-service azure-storage standard mystorage -c storage-example-config.json

The contents of storage-example-config.json:

{
  "resourceGroup": "azure-service-broker",
  "storageAccountName": "generated-string",
  "location": "eastus",
  "accountType": "Standard_LRS"
}

The value generated-string indicates the corresponding parameter can be generated by the broker if Allow to Generate Names and Passwords for the Missing checked in broker configuration.

You can find more details here.

Bind

Bind the service instance mystorage to an app.

$ cf bind-service myapp mystorage

The credentials have the following format:

"VCAP_SERVICES": {
  "azure-storage": [
    {
      "credentials": {
        "primary_access_key": "PRIMARY-ACCOUNT-KEY",
        "secondary_access_key": "SECONDARY-ACCOUNT-KEY",
        "storage_account_name": "ACCOUNT-NAME"
      }
    }
  ]
}

You can get the credentials from the ENV['VCAP_SERVICES'] environment variable.

Note: Run cf unbind-service to delete the binding.

Azure Redis Cache

Create

To create an azure redis cache service instance named myrediscache with the standard plan:

$ cf create-service azure-rediscache basic myrediscache

To create a service instance with custom parameters:

$ cf create-service azure-rediscache basic myrediscache -c rediscache-example-config.json

The contents of rediscache-example-config.json:

{
  "resourceGroup": "azure-service-broker",
  "location": "eastus",
  "cacheName": "generated-string",
  "parameters": {
    "enableNonSslPort": false,
    "sku": {
      "name": "Basic",
      "family": "C",
      "capacity": 0
    }
  }
}

The value generated-string indicates the corresponding parameter can be generated by the broker if Allow to Generate Names and Passwords for the Missing checked in broker configuration.

For more information, see this topic.

Bind

Bind the service instance myrediscache to an app.

$ cf bind-service myapp myrediscache

The credentials have the following format:

"VCAP_SERVICES": {
  "azure-rediscache": [
    {
      "credentials": {
        "hostname": ".redis.cache.windows.net",
        "name": "",
        "port": 6379,
        "primaryKey": "",
        "secondaryKey": "",
        "sslPort": 6380
      }
    }
  ]
}

You can get the credentials from ENV['VCAP_SERVICES'].

Note: Run cf unbind-service to delete the binding.

Azure DocumentDB

Create

To create an azure documentdb service instance named mydocdb with the standard plan: (if default parameters for the service have been set)

$ cf create-service azure-documentdb standard mydocdb

To create a service instance with custom parameters:

$ cf create-service azure-documentdb standard mydocdb -c documentdb-example-config.json

The contents of documentdb-example-config.json:

{
  "resourceGroup": "azure-service-broker",
  "docDbAccountName": "generated-string",
  "docDbName": "generated-string",
  "location": "eastus"
}

The value generated-string indicates the corresponding parameter can be generated by the broker if Allow to Generate Names and Passwords for the Missing checked in broker configuration.

For more information, see this topic.

Bind

Bind the service instance mydocdb to an app.

$ cf bind-service myapp mydocdb

The credentials have the following format:

"VCAP_SERVICES": {
  "azure-documentdb": [
    {
      "credentials": {
        "documentdb_host_endpoint": "https://YOUR_DOCUMENTDB_NAME.documents.azure.com:443/",
        "documentdb_master_key": "YOUR_SECRET_KEY_ENDING_IN_==",
        "documentdb_database_id": "YOUR_DOCUMENTDB_NAME",
        "documentdb_database_link": "dbs/ID_ENDING_IN_==/"
      }
    }
  ]
}

You can get the credentials from ENV['VCAP_SERVICES'].

Note: Run cf unbind-service to delete the binding.

Azure Service Bus

Create

To create an azure service bus service instance named myservicebus with the standard plan: (if default parameters for the service have been set)

$ cf create-service azure-servicebus standard myservicebus

To create a service instance with custom parameters:

$ cf create-service azure-servicebus standard myservicebus -c servicebus-example-config.json

The contents of servicebus-example-config.json:

{
  "resourceGroup": "azure-service-broker",
  "namespaceName": "generated-string",
  "location": "eastus"
}

The value generated-string indicates the corresponding parameter can be generated by the broker if Allow to Generate Names and Passwords for the Missing checked in broker configuration.

For more information, see this topic.

Bind

Bind the service instance myservicebus to an app.

$ cf bind-service myapp myservicebus

The credentials have the following format:

"VCAP_SERVICES": {
  "azure-servicebus": [
    {
      "credentials": {
        "namespace_name": "cf-2eac2d52-bfc9-4d0f-af28-c02187689d72",
        "key_name": "KEY-NAME",
        "key_value": "KEY-VALUE",
      }
    }
  ]
}

You can get the credentials from ENV['VCAP_SERVICES'].

Note: Run cf unbind-service to delete the binding.

Azure Event Hubs

Create

To create an azure event hubs service instance named myeventhubs with the standard plan: (if default parameters for the service have been set)

$ cf create-service azure-eventhubs standard myeventhubs

To create a service instance with custom parameters:

$ cf create-service azure-eventhubs standard myeventhubs -c eventhubs-example-config.json

The contents of eventhubs-example-config.json:

{
  "resourceGroup": "azure-service-broker",
  "namespaceName": "generated-string",
  "location": "eastus",
  "eventHubProperties": {
    "messageRetentionInDays": 7,
    "partitionCount": 4
  }
}

The value generated-string indicates the corresponding parameter can be generated by the broker if Allow to Generate Names and Passwords for the Missing checked in broker configuration.

For more information, see this topic.

Bind

Bind the service instance myeventhubs to an app.

$ cf bind-service myapp myeventhubs

The credentials have the following format:

"VCAP_SERVICES": {
  "azure-servicebus": [
    {
      "credentials": {
        "namespace_name": "cf-2eac2d52-bfc9-4d0f-af28-c02187689d72",
        "key_name": "KEY-NAME",
        "key_value": "KEY-VALUE",
      }
    }
  ]
}

You can get the credentials from ENV['VCAP_SERVICES'].

Note: Run cf unbind-service to delete the binding.

Azure SQL Database

Create

To create an azure SQL Database service instance named mysqldb with the basic plan: (if default parameters for the service have been set)

$ cf create-service azure-sqldb basic mysqldb

To create a service instance with custom parameters:

$ cf create-service azure-sqldb basic mysqldb -c sqldb-example-config.json

The contents of sqldb-example-config.json:

{
  "resourceGroup": "azure-service-broker",
  "location": "eastus",
  "sqlServerName": "generated-string",
  "sqlServerParameters": {
      "allowSqlServerFirewallRules": [
          {
              "ruleName": "all",
              "startIpAddress": "0.0.0.0",
              "endIpAddress": "255.255.255.255"
          }
      ],
      "properties": {
          "administratorLogin": "generated-string",
          "administratorLoginPassword": "generated-string"
      }
  },
  "sqldbName": "generated-string",
  "transparentDataEncryption": true,
  "sqldbParameters": {
      "properties": {
          "collation": "SQL_Latin1_General_CP1_CI_AS"
      }
  }
}

Here is another example for that servers are specified in the broker configuration:

To create an azure SQL Database service instance named mysqldb on the SQL server named sqlservera with the basic plan: (if default parameters for the service have been set)

$ cf create-service azure-sqldb basic mysqldb -c '{"sqlServerName": "sqlservera"}'

To create a service instance with custom parameters:

$ cf create-service azure-sqldb basic mysqldb -c sqldb-example-config.json
{
  "sqlServerName": "sqlservera",
  "sqldbName": "generated-string",
  "transparentDataEncryption": true,
  "sqldbParameters": {
      "properties": {
          "collation": "SQL_Latin1_General_CP1_CI_AS"
      }
  }
}

The value generated-string indicates the corresponding parameter can be generated by the broker if Allow to Generate Names and Passwords for the Missing checked in broker configuration.

For more information, see this topic.

Update

Update credentials

If the SQL server credentials are modified, the service broker needs to be informed of the change or binding operations will fail.

As an admin using ops manager

1) Simply modify the SQL server password in SQL Database Config. (SQL Server Pool / SQL Server Administrator Login Password)

2) Apply the changes.

As a developper using cf update

1) Modify the config.json file used to create the service instance

{
  'sqlServerParameters': {
    'properties': {
      'administratorLoginPassword': 'newPassword425'
    }
  }
}

2) Inform the broker. cf update-service mydb -c config.json

Update the service plan

This can be used to change the amount of resources allocated to the service instance. 1) Get the name of the desired new service plan from cf marketplace 2) Change the service plan cf update-service mysqldb -p StandardS0

Note: Certain updates are not possible. For example, it is not possible to update from a standard plan to a datawarehouse one. Example error message for this situation : `“code”:“40882”,“message”:“Can not change SLO from DataWarehouse edition to other SQL DB editions and vice versa.”`

Bind

Bind the service instance mysqldb to an app.

$ cf bind-service myapp mysqldb

The credentials have the following format:

"VCAP_SERVICES": {
  "azure-sqldb": [
    {
      "credentials": {
        "sqldbName": "sqlDbA",
        "sqlServerName": "fake-server",
        "sqlServerFullyQualifiedDomainName": "fake-server.database.windows.net",
        "databaseLogin": "ulrich",
        "databaseLoginPassword": "u1r8chP@ss",
        "jdbcUrl": "jdbc:sqlserver://fake-server.database.windows.net:1433;database=fake-database;user=fake-admin;password=fake-password;Encrypt=true;TrustServerCertificate=false;HostNameInCertificate=*.database.windows.net;loginTimeout=30",
        "jdbcUrlForAuditingEnabled": "jdbc:sqlserver://fake-server.database.secure.windows.net:1433;database=fake-database;user=fake-admin;password=fake-password;Encrypt=true;TrustServerCertificate=false;HostNameInCertificate=*.database.secure.windows.net;loginTimeout=30",
        "hostname": "fake-server.database.windows.net",
        "port": 1433,
        "name": "sqlDbA",
        "username": "ulrich", 
        "password": "u1r8chP@ss",
        "uri": "mssql://ulrich:u1r8chP@ss@fake-server.database.windows.net:1433/sqlDbA?encrypt=true&TrustServerCertificate=false&HostNameInCertificate=*.database.windows.net"
      }
    }
  ]
}

You can use jdbcUrlForAuditingEnabled to connect to the database if auditing is enabled. For more information, see this topic.

You can get the credentials from ENV['VCAP_SERVICES'].

Note: Run cf unbind-service to delete the binding.

Azure Database for MySQL

Create

To create an Azure Database for MySQL service instance named mysqldb with the basic100 plan: (if default parameters for the service have been set)

$ cf create-service azure-mysqldb basic100 mysqldb

To create a service instance with custom parameters:

$ cf create-service azure-mysqldb basic100 mysqldb -c mysqldb-example-config.json

The contents of mysqldb-example-config.json:

{
  "resourceGroup": "azure-service-broker",
  "location": "eastus",
  "mysqlServerName": "generated-string",
  "mysqlServerParameters": {
      "allowMysqlServerFirewallRules": [
          {
            "ruleName": "all",
            "startIpAddress": "0.0.0.0",
            "endIpAddress": "255.255.255.255"
          }
      ],
      "properties": {
          "version": "5.6",
          "sslEnforcement": "Disabled",
          "storageMB": 51200,
          "administratorLogin": "generated-string",
          "administratorLoginPassword": "generated-string"
      }
  }
}

The value generated-string indicates the corresponding parameter can be generated by the broker if Allow to Generate Names and Passwords for the Missing checked in broker configuration.

For more information, see this topic.

Bind

Bind the service instance mysqldb to an app.

$ cf bind-service myapp mysqldb

The credentials have the following format:

"VCAP_SERVICES": {
  "azure-mysqldb": [
    {
      "credentials": {
        "mysqlServerName": "mysqlservera",
        "mysqlDatabaseName": "mysqldba",
        "mysqlServerFullyQualifiedDomainName": "mysqlservera.mysql.database.azure.com",
        "administratorLogin": "ulrich",
        "administratorLoginPassword": "u1r8chP@ss",
        "jdbcUrl": "jdbc:mysql://mysqlservera.mysql.database.azure.com:3306/mysqldba?user=&password=&verifyServerCertificate=true&useSSL=true&requireSSL=false",
        "hostname": "mysqlservera.mysql.database.azure.com",
        "port": 3306,
        "name": "mysqldba",
        "username": "ulrich", 
        "password": "u1r8chP@ss",
        "uri": "mysql://ulrich@mysqlservera:u1r8chP@ss@mysqlservera.mysql.database.azure.com:3306/mysqldba?ssl=true"
      }
    }
  ]
}

You can get the credentials from ENV['VCAP_SERVICES'].

Note: Run cf unbind-service to delete the binding.

Azure Database for PostgreSQL

Create

To create an Azure Database for PostgreSQL service instance named postgresqldb with the basic100 plan: (if default parameters for the service have been set)

$ cf create-service azure-postgresqldb basic100 postgresqldb

To create a service instance with custom parameters:

$ cf create-service azure-postgresqldb basic100 postgresqldb -c postgresqldb-example-config.json

The contents of postgresqldb-example-config.json:

{
  "resourceGroup": "azure-service-broker",
  "location": "eastus",
  "postgresqlServerName": "generated-string",
  "postgresqlServerParameters": {
      "allowPostgresqlServerFirewallRules": [
          {
            "ruleName": "all",
            "startIpAddress": "0.0.0.0",
            "endIpAddress": "255.255.255.255"
          }
      ],
      "properties": {
          "version": "9.6",
          "sslEnforcement": "Disabled",
          "storageMB": 51200,
          "administratorLogin": "generated-string",
          "administratorLoginPassword": "generated-string"
      }
  }
}

The value generated-string indicates the corresponding parameter can be generated by the broker if Allow to Generate Names and Passwords for the Missing checked in broker configuration.

For more information, see this topic.

Bind

Bind the service instance postgresqldb to an app.

$ cf bind-service myapp mysqldb

The credentials have the following format:

"VCAP_SERVICES": {
  "azure-postgresqldb": [
    {
      "credentials": {
        "postgresqlServerName": "postgresqlservera",
        "postgresqlDatabaseName": "postgresqldba",
        "postgresqlServerFullyQualifiedDomainName": "postgresqlservera.postgres.database.azure.com",
        "administratorLogin": "ulrich",
        "administratorLoginPassword": "u1r8chP@ss",
        "jdbcUrl": "jdbc:postgresql://postgresqlservera.postgres.database.azure.com:5432/postgresqldba?user=ulrich@fake-server&password=u1r8chP@ss&ssl=true",
        "hostname": "postgresqlservera.postgres.database.azure.com",
        "port": 5432,
        "name": "postgresqldba",
        "username": "ulrich", 
        "password": "u1r8chP@ss",
        "uri": "postgres://ulrich@postgresqlservera:u1r8chP@ss@postgresqlservera.postgres.database.azure.com:5432/postgresqldba"
      }
    }
  ]
}

You can get the credentials from ENV['VCAP_SERVICES'].

Note: Run cf unbind-service to delete the binding.

Azure CosmosDB

Create

To create an Azure CosmosSQL service instance named cosmosdb with the standard plan: (if default parameters for the service have been set)

$ cf create-service azure-cosmosdb standard cosmosdb

To create a service instance with custom parameters:

$ cf create-service azure-cosmosdb standard cosmosdb -c cosmosdb-example-config.json

The contents of cosmosdb-example-config.json:

{
  "resourceGroup": "azure-service-broker",
  "cosmosDbAccountName": "generated-string",
  "cosmosDbName": "generated-string",
  "location": "eastus",
  "kind": "DocumentDB"
}

The value generated-string indicates the corresponding parameter can be generated by the broker if Allow to Generate Names and Passwords for the Missing checked in broker configuration.

For more information, see this topic.

Bind

Bind the service instance postgresqldb to an app.

$ cf bind-service myapp mysqldb

The credentials have the following format:

"VCAP_SERVICES": {
  "azure-cosmosdb": [
    {
      "credentials": {
        "cosmosdb_host_endpoint": "https://YOUR_COSMOSDB_ACCOUNT_NAME.documents.azure.com:443/",
        "cosmosdb_master_key": "YOUR_SECRET_KEY_ENDING_IN_==",
        "cosmosdb_readonly_master_key": "YOUR_READONLY_SECRET_KEY_ENDING_IN_==",
        "cosmosdb_database_id": "YOUR_COSMOSDB_NAME",
        "cosmosdb_database_link": "dbs/ID_ENDING_IN_==/"
      }
    }
  ]
}

For the kind “MongoDB”, the credentials have the following format:

"VCAP_SERVICES": {
  "azure-cosmosdb": [
    {
      "credentials": {
        "cosmosdb_host_endpoint": "https://YOUR_COSMOSDB_ACCOUNT_NAME.documents.azure.com:10255/",
        "cosmosdb_username": "YOUR_COSMOSDB_ACCOUNT_NAME",
        "cosmosdb_password": "YOUR_PASSWORD_ENDING_IN_==",
        "cosmosdb_database_name": "YOUR_COSMOSDB_NAME",
        "cosmosdb_connection_string": "mongodb://:@?ssl=true&replicaSet=globaldb"
      }
    }
  ]
}

You can get the credentials from ENV['VCAP_SERVICES'].

Note: Run cf unbind-service to delete the binding.

Delete a Service Instance

Note: Before deleting a service instance, ensure there are no apps bound to the service instance and no data contained within, such as objects in a storage account.

Run the following command to delete a service instance:

$ cf delete-service YOUR-SERVICE-INSTANCE
Really delete the service YOUR-SERVICE-INSTANCE> y
Deleting service YOUR-SERVICE-INSTANCE in org system / space dev1 as appdev1...
OK
Delete in progress. Use 'cf services' or 'cf service YOUR-SERVICE-INSTANCE' to check operation status.

Create a pull request or raise an issue on the source for this page in GitHub