Using Azure Service Broker
This topic describes how to use Azure Service Broker.
Before performing the procedures in this topic, ensure that you have installed the Cloud Foundry Command Line Interface (cf CLI).
List Services
In a terminal window, run
cf marketplaceto list all the service offerings from Azure Service Broker.Run
cf marketplace -s SERVICEto view the descriptions for the plans of a service.
Note: See the Azure Pricing topic to view pricing details for each service.
Create Service Instances
This section describes how to create service instances for the services offered by Azure Service Broker.
Azure Storage
Create
To create an azure storage service instance named mystorage with the standard plan:
(if default parameters for the service have been set)
$ cf create-service azure-storage standard mystorage
To create a service instance with custom parameters:
$ cf create-service azure-storage standard mystorage -c storage-example-config.json
The contents of storage-example-config.json:
{
"resourceGroup": "azure-service-broker",
"storageAccountName": "generated-string",
"location": "eastus",
"accountType": "Standard_LRS"
}
The value generated-string indicates the corresponding parameter can be generated by the broker if Allow to Generate Names and Passwords for the Missing checked in broker configuration.
You can find more details here.
Bind
Bind the service instance mystorage to an app.
$ cf bind-service myapp mystorage
The credentials have the following format:
"VCAP_SERVICES": {
"azure-storage": [
{
"credentials": {
"primary_access_key": "PRIMARY-ACCOUNT-KEY",
"secondary_access_key": "SECONDARY-ACCOUNT-KEY",
"storage_account_name": "ACCOUNT-NAME"
}
}
]
}
You can get the credentials from the ENV['VCAP_SERVICES'] environment variable.
Note: Run cf unbind-service to delete the binding.
Azure Redis Cache
Create
To create an azure redis cache service instance named myrediscache with the standard plan:
$ cf create-service azure-rediscache basic myrediscache
To create a service instance with custom parameters:
$ cf create-service azure-rediscache basic myrediscache -c rediscache-example-config.json
The contents of rediscache-example-config.json:
{
"resourceGroup": "azure-service-broker",
"location": "eastus",
"cacheName": "generated-string",
"parameters": {
"enableNonSslPort": false,
"sku": {
"name": "Basic",
"family": "C",
"capacity": 0
}
}
}
The value generated-string indicates the corresponding parameter can be generated by the broker if Allow to Generate Names and Passwords for the Missing checked in broker configuration.
For more information, see this topic.
Bind
Bind the service instance myrediscache to an app.
$ cf bind-service myapp myrediscache
The credentials have the following format:
"VCAP_SERVICES": {
"azure-rediscache": [
{
"credentials": {
"hostname": ".redis.cache.windows.net",
"name": "",
"port": 6379,
"primaryKey": "",
"secondaryKey": "",
"sslPort": 6380
}
}
]
}
You can get the credentials from ENV['VCAP_SERVICES'].
Note: Run cf unbind-service to delete the binding.
Azure DocumentDB
Create
To create an azure documentdb service instance named mydocdb with the standard plan:
(if default parameters for the service have been set)
$ cf create-service azure-documentdb standard mydocdb
To create a service instance with custom parameters:
$ cf create-service azure-documentdb standard mydocdb -c documentdb-example-config.json
The contents of documentdb-example-config.json:
{
"resourceGroup": "azure-service-broker",
"docDbAccountName": "generated-string",
"docDbName": "generated-string",
"location": "eastus"
}
The value generated-string indicates the corresponding parameter can be generated by the broker if Allow to Generate Names and Passwords for the Missing checked in broker configuration.
For more information, see this topic.
Bind
Bind the service instance mydocdb to an app.
$ cf bind-service myapp mydocdb
The credentials have the following format:
"VCAP_SERVICES": {
"azure-documentdb": [
{
"credentials": {
"documentdb_host_endpoint": "https://YOUR_DOCUMENTDB_NAME.documents.azure.com:443/",
"documentdb_master_key": "YOUR_SECRET_KEY_ENDING_IN_==",
"documentdb_database_id": "YOUR_DOCUMENTDB_NAME",
"documentdb_database_link": "dbs/ID_ENDING_IN_==/"
}
}
]
}
You can get the credentials from ENV['VCAP_SERVICES'].
Note: Run cf unbind-service to delete the binding.
Azure Service Bus
Create
To create an azure service bus service instance named myservicebus with the standard plan:
(if default parameters for the service have been set)
$ cf create-service azure-servicebus standard myservicebus
To create a service instance with custom parameters:
$ cf create-service azure-servicebus standard myservicebus -c servicebus-example-config.json
The contents of servicebus-example-config.json:
{
"resourceGroup": "azure-service-broker",
"namespaceName": "generated-string",
"location": "eastus"
}
The value generated-string indicates the corresponding parameter can be generated by the broker if Allow to Generate Names and Passwords for the Missing checked in broker configuration.
For more information, see this topic.
Bind
Bind the service instance myservicebus to an app.
$ cf bind-service myapp myservicebus
The credentials have the following format:
"VCAP_SERVICES": {
"azure-servicebus": [
{
"credentials": {
"namespace_name": "cf-2eac2d52-bfc9-4d0f-af28-c02187689d72",
"key_name": "KEY-NAME",
"key_value": "KEY-VALUE",
}
}
]
}
You can get the credentials from ENV['VCAP_SERVICES'].
Note: Run cf unbind-service to delete the binding.
Azure Event Hubs
Create
To create an azure event hubs service instance named myeventhubs with the standard plan:
(if default parameters for the service have been set)
$ cf create-service azure-eventhubs standard myeventhubs
To create a service instance with custom parameters:
$ cf create-service azure-eventhubs standard myeventhubs -c eventhubs-example-config.json
The contents of eventhubs-example-config.json:
{
"resourceGroup": "azure-service-broker",
"namespaceName": "generated-string",
"location": "eastus",
"eventHubProperties": {
"messageRetentionInDays": 7,
"partitionCount": 4
}
}
The value generated-string indicates the corresponding parameter can be generated by the broker if Allow to Generate Names and Passwords for the Missing checked in broker configuration.
For more information, see this topic.
Bind
Bind the service instance myeventhubs to an app.
$ cf bind-service myapp myeventhubs
The credentials have the following format:
"VCAP_SERVICES": {
"azure-servicebus": [
{
"credentials": {
"namespace_name": "cf-2eac2d52-bfc9-4d0f-af28-c02187689d72",
"key_name": "KEY-NAME",
"key_value": "KEY-VALUE",
}
}
]
}
You can get the credentials from ENV['VCAP_SERVICES'].
Note: Run cf unbind-service to delete the binding.
Azure SQL Database
Create
To create an azure SQL Database service instance named mysqldb with the basic plan:
(if default parameters for the service have been set)
$ cf create-service azure-sqldb basic mysqldb
To create a service instance with custom parameters:
$ cf create-service azure-sqldb basic mysqldb -c sqldb-example-config.json
The contents of sqldb-example-config.json:
{
"resourceGroup": "azure-service-broker",
"location": "eastus",
"sqlServerName": "generated-string",
"sqlServerParameters": {
"allowSqlServerFirewallRules": [
{
"ruleName": "all",
"startIpAddress": "0.0.0.0",
"endIpAddress": "255.255.255.255"
}
],
"properties": {
"administratorLogin": "generated-string",
"administratorLoginPassword": "generated-string"
}
},
"sqldbName": "generated-string",
"transparentDataEncryption": true,
"sqldbParameters": {
"properties": {
"collation": "SQL_Latin1_General_CP1_CI_AS"
}
}
}
Here is another example for that servers are specified in the broker configuration:
To create an azure SQL Database service instance named mysqldb on the SQL server named sqlservera with the basic plan:
(if default parameters for the service have been set)
$ cf create-service azure-sqldb basic mysqldb -c '{"sqlServerName": "sqlservera"}'
To create a service instance with custom parameters:
$ cf create-service azure-sqldb basic mysqldb -c sqldb-example-config.json
{
"sqlServerName": "sqlservera",
"sqldbName": "generated-string",
"transparentDataEncryption": true,
"sqldbParameters": {
"properties": {
"collation": "SQL_Latin1_General_CP1_CI_AS"
}
}
}
The value generated-string indicates the corresponding parameter can be generated by the broker if Allow to Generate Names and Passwords for the Missing checked in broker configuration.
For more information, see this topic.
Update
Update credentials
If the SQL server credentials are modified, the service broker needs to be informed of the change or binding operations will fail.
As an admin using ops manager
1) Simply modify the SQL server password in SQL Database Config. (SQL Server Pool / SQL Server Administrator Login Password)
2) Apply the changes.
As a developper using cf update
1) Modify the config.json file used to create the service instance
{
'sqlServerParameters': {
'properties': {
'administratorLoginPassword': 'newPassword425'
}
}
}
2) Inform the broker. cf update-service mydb -c config.json
Update the service plan
This can be used to change the amount of resources allocated to the service instance.
1) Get the name of the desired new service plan from cf marketplace
2) Change the service plan cf update-service mysqldb -p StandardS0
Note: Certain updates are not possible. For example, it is not possible to update from a standard plan to a datawarehouse one. Example error message for this situation : `“code”:“40882”,“message”:“Can not change SLO from DataWarehouse edition to other SQL DB editions and vice versa.”`
Bind
Bind the service instance mysqldb to an app.
$ cf bind-service myapp mysqldb
The credentials have the following format:
"VCAP_SERVICES": {
"azure-sqldb": [
{
"credentials": {
"sqldbName": "sqlDbA",
"sqlServerName": "fake-server",
"sqlServerFullyQualifiedDomainName": "fake-server.database.windows.net",
"databaseLogin": "ulrich",
"databaseLoginPassword": "u1r8chP@ss",
"jdbcUrl": "jdbc:sqlserver://fake-server.database.windows.net:1433;database=fake-database;user=fake-admin;password=fake-password;Encrypt=true;TrustServerCertificate=false;HostNameInCertificate=*.database.windows.net;loginTimeout=30",
"jdbcUrlForAuditingEnabled": "jdbc:sqlserver://fake-server.database.secure.windows.net:1433;database=fake-database;user=fake-admin;password=fake-password;Encrypt=true;TrustServerCertificate=false;HostNameInCertificate=*.database.secure.windows.net;loginTimeout=30",
"hostname": "fake-server.database.windows.net",
"port": 1433,
"name": "sqlDbA",
"username": "ulrich",
"password": "u1r8chP@ss",
"uri": "mssql://ulrich:u1r8chP@ss@fake-server.database.windows.net:1433/sqlDbA?encrypt=true&TrustServerCertificate=false&HostNameInCertificate=*.database.windows.net"
}
}
]
}
You can use jdbcUrlForAuditingEnabled to connect to the database if auditing is enabled. For more information, see this topic.
You can get the credentials from ENV['VCAP_SERVICES'].
Note: Run cf unbind-service to delete the binding.
Azure Database for MySQL
Create
To create an Azure Database for MySQL service instance named mysqldb with the basic100 plan:
(if default parameters for the service have been set)
$ cf create-service azure-mysqldb basic100 mysqldb
To create a service instance with custom parameters:
$ cf create-service azure-mysqldb basic100 mysqldb -c mysqldb-example-config.json
The contents of mysqldb-example-config.json:
{
"resourceGroup": "azure-service-broker",
"location": "eastus",
"mysqlServerName": "generated-string",
"mysqlServerParameters": {
"allowMysqlServerFirewallRules": [
{
"ruleName": "all",
"startIpAddress": "0.0.0.0",
"endIpAddress": "255.255.255.255"
}
],
"properties": {
"version": "5.6",
"sslEnforcement": "Disabled",
"storageMB": 51200,
"administratorLogin": "generated-string",
"administratorLoginPassword": "generated-string"
}
}
}
The value generated-string indicates the corresponding parameter can be generated by the broker if Allow to Generate Names and Passwords for the Missing checked in broker configuration.
For more information, see this topic.
Bind
Bind the service instance mysqldb to an app.
$ cf bind-service myapp mysqldb
The credentials have the following format:
"VCAP_SERVICES": {
"azure-mysqldb": [
{
"credentials": {
"mysqlServerName": "mysqlservera",
"mysqlDatabaseName": "mysqldba",
"mysqlServerFullyQualifiedDomainName": "mysqlservera.mysql.database.azure.com",
"administratorLogin": "ulrich",
"administratorLoginPassword": "u1r8chP@ss",
"jdbcUrl": "jdbc:mysql://mysqlservera.mysql.database.azure.com:3306/mysqldba?user=&password=&verifyServerCertificate=true&useSSL=true&requireSSL=false",
"hostname": "mysqlservera.mysql.database.azure.com",
"port": 3306,
"name": "mysqldba",
"username": "ulrich",
"password": "u1r8chP@ss",
"uri": "mysql://ulrich@mysqlservera:u1r8chP@ss@mysqlservera.mysql.database.azure.com:3306/mysqldba?ssl=true"
}
}
]
}
You can get the credentials from ENV['VCAP_SERVICES'].
Note: Run cf unbind-service to delete the binding.
Azure Database for PostgreSQL
Create
To create an Azure Database for PostgreSQL service instance named postgresqldb with the basic100 plan:
(if default parameters for the service have been set)
$ cf create-service azure-postgresqldb basic100 postgresqldb
To create a service instance with custom parameters:
$ cf create-service azure-postgresqldb basic100 postgresqldb -c postgresqldb-example-config.json
The contents of postgresqldb-example-config.json:
{
"resourceGroup": "azure-service-broker",
"location": "eastus",
"postgresqlServerName": "generated-string",
"postgresqlServerParameters": {
"allowPostgresqlServerFirewallRules": [
{
"ruleName": "all",
"startIpAddress": "0.0.0.0",
"endIpAddress": "255.255.255.255"
}
],
"properties": {
"version": "9.6",
"sslEnforcement": "Disabled",
"storageMB": 51200,
"administratorLogin": "generated-string",
"administratorLoginPassword": "generated-string"
}
}
}
The value generated-string indicates the corresponding parameter can be generated by the broker if Allow to Generate Names and Passwords for the Missing checked in broker configuration.
For more information, see this topic.
Bind
Bind the service instance postgresqldb to an app.
$ cf bind-service myapp mysqldb
The credentials have the following format:
"VCAP_SERVICES": {
"azure-postgresqldb": [
{
"credentials": {
"postgresqlServerName": "postgresqlservera",
"postgresqlDatabaseName": "postgresqldba",
"postgresqlServerFullyQualifiedDomainName": "postgresqlservera.postgres.database.azure.com",
"administratorLogin": "ulrich",
"administratorLoginPassword": "u1r8chP@ss",
"jdbcUrl": "jdbc:postgresql://postgresqlservera.postgres.database.azure.com:5432/postgresqldba?user=ulrich@fake-server&password=u1r8chP@ss&ssl=true",
"hostname": "postgresqlservera.postgres.database.azure.com",
"port": 5432,
"name": "postgresqldba",
"username": "ulrich",
"password": "u1r8chP@ss",
"uri": "postgres://ulrich@postgresqlservera:u1r8chP@ss@postgresqlservera.postgres.database.azure.com:5432/postgresqldba"
}
}
]
}
You can get the credentials from ENV['VCAP_SERVICES'].
Note: Run cf unbind-service to delete the binding.
Azure CosmosDB
Create
To create an Azure CosmosSQL service instance named cosmosdb with the standard plan:
(if default parameters for the service have been set)
$ cf create-service azure-cosmosdb standard cosmosdb
To create a service instance with custom parameters:
$ cf create-service azure-cosmosdb standard cosmosdb -c cosmosdb-example-config.json
The contents of cosmosdb-example-config.json:
{
"resourceGroup": "azure-service-broker",
"cosmosDbAccountName": "generated-string",
"cosmosDbName": "generated-string",
"location": "eastus",
"kind": "DocumentDB"
}
The value generated-string indicates the corresponding parameter can be generated by the broker if Allow to Generate Names and Passwords for the Missing checked in broker configuration.
For more information, see this topic.
Bind
Bind the service instance postgresqldb to an app.
$ cf bind-service myapp mysqldb
The credentials have the following format:
"VCAP_SERVICES": {
"azure-cosmosdb": [
{
"credentials": {
"cosmosdb_host_endpoint": "https://YOUR_COSMOSDB_ACCOUNT_NAME.documents.azure.com:443/",
"cosmosdb_master_key": "YOUR_SECRET_KEY_ENDING_IN_==",
"cosmosdb_readonly_master_key": "YOUR_READONLY_SECRET_KEY_ENDING_IN_==",
"cosmosdb_database_id": "YOUR_COSMOSDB_NAME",
"cosmosdb_database_link": "dbs/ID_ENDING_IN_==/"
}
}
]
}
For the kind “MongoDB”, the credentials have the following format:
"VCAP_SERVICES": {
"azure-cosmosdb": [
{
"credentials": {
"cosmosdb_host_endpoint": "https://YOUR_COSMOSDB_ACCOUNT_NAME.documents.azure.com:10255/",
"cosmosdb_username": "YOUR_COSMOSDB_ACCOUNT_NAME",
"cosmosdb_password": "YOUR_PASSWORD_ENDING_IN_==",
"cosmosdb_database_name": "YOUR_COSMOSDB_NAME",
"cosmosdb_connection_string": "mongodb://:@?ssl=true&replicaSet=globaldb"
}
}
]
}
You can get the credentials from ENV['VCAP_SERVICES'].
Note: Run cf unbind-service to delete the binding.
Delete a Service Instance
Note: Before deleting a service instance, ensure there are no apps bound to the service instance and no data contained within, such as objects in a storage account.
Run the following command to delete a service instance:
$ cf delete-service YOUR-SERVICE-INSTANCE Really delete the service YOUR-SERVICE-INSTANCE> y Deleting service YOUR-SERVICE-INSTANCE in org system / space dev1 as appdev1... OK Delete in progress. Use 'cf services' or 'cf service YOUR-SERVICE-INSTANCE' to check operation status.