Using Azure Service Broker
This topic describes how to use Azure Service Broker.
Before performing the procedures in this topic, ensure that you have installed the Cloud Foundry Command Line Interface (cf CLI).
List Services
In a terminal window, run
cf marketplaceto list all the service offerings from Azure Service Broker.Run
cf marketplace -s SERVICEto view the descriptions for the plans of a service.
Note: See the Azure Pricing topic to view pricing details for each service.
Create Service Instances
This section describes how to create service instances for the services offered by Azure Service Broker.
Azure Storage
Create
Run cf create-service azure-storage to create a new storage account. The following example creates a storage account named mystorageaccount with the standard plan:
$ cf create-service azure-storage standard mystorage -c storage-example-config.json
The contents of storage-example-config.json:
{
"resource_group_name": "myResourceGroup",
"storage_account_name": "mystorageaccount",
"location": "eastus",
"account_type": "Standard_LRS"
}
You can find more details here.
Bind
Bind the service instance mystorage to an app.
$ cf bind-service myapp mystorage
The credentials have the following format:
"VCAP_SERVICES": {
"azure-storage": [
{
"credentials": {
"primary_access_key": "PRIMARY-ACCOUNT-KEY",
"secondary_access_key": "SECONDARY-ACCOUNT-KEY",
"storage_account_name": "ACCOUNT-NAME"
}
}
]
}
You can get the credentials from the ENV['VCAP_SERVICES'] environment variable.
Note: Run cf unbind-service to delete the binding.
Azure Redis Cache
Create
Run cf create-service azure-rediscache to create a new redis cache. The following example creates a redis cache named myrediscache with the standard plan:
$ cf create-service azure-rediscache basic myrediscache -c rediscache-example-config.json
The contents of rediscache-example-config.json:
{
"resourceGroup": "redisResourceGroup",
"cacheName": "myrediscache",
"parameters": {
"location": "eastus",
"enableNonSslPort": false,
"sku": {
"name": "Basic",
"family": "C",
"capacity": 0
}
}
}
For more information, see this topic.
Bind
Bind the service instance myrediscache to an app.
$ cf bind-service myapp myrediscache
The credentials have the following format:
"VCAP_SERVICES": {
"azure-rediscache": [
{
"credentials": {
"hostname": ".redis.cache.windows.net",
"name": "",
"port": 6379,
"primaryKey": "",
"secondaryKey": "",
"sslPort": 6380
}
}
]
}
You can get the credentials from ENV['VCAP_SERVICES'].
Note: Run cf unbind-service to delete the binding.
Azure DocumentDB
Create
Run cf create-service azure-documentdb to create a new documentdb host and database. The following example shows how to create a documentdb host named mydocdb and a documentdb database named docdb123 with the standard plan:
$ cf create-service azure-documentdb standard mydocdb -c documentdb-example-config.json
The contents of documentdb-example-config.json:
{
"resourceGroup": "my-resource-group-name",
"docDbAccountName": "mydocdb",
"docDbName": "docdb123",
"location": "westus"
}
For more information, see this topic.
Bind
Bind the service instance mydocdb to an app.
$ cf bind-service myapp mydocdb
The credentials have the following format:
"VCAP_SERVICES": {
"azure-documentdb": [
{
"credentials": {
"documentdb_host_endpoint": "https://YOUR_DOCUMENTDB_NAME.documents.azure.com:443/",
"documentdb_master_key": "YOUR_SECRET_KEY_ENDING_IN_==",
"documentdb_database_id": "YOUR_DOCUMENTDB_NAME",
"documentdb_database_link": "dbs/ID_ENDING_IN_==/"
}
}
]
}
You can get the credentials from ENV['VCAP_SERVICES'].
Note: Run cf unbind-service to delete the binding.
Azure Service Bus and Event Hub
Create
Run cf create-service azure-servicebus to create a new service bus or event hub.
The following example creates a service bus named myservicebus with the standard plan:
$ cf create-service azure-servicebus standard myservicebus -c servicebus-example-config.json
The contents of servicebus-example-config.json:
{
"resource_group_name": "myResourceGroup",
"namespace_name": "myservicebus",
"location": "eastus",
"type": "Messaging",
"messaging_tier": "Standard"
}
The following example creates an event hub named myeventhub with the standard plan:
$ cf create-service azure-servicebus standard myeventhub -c eventhub-example-config.json
The contents of eventhub-example-config.json:
{
"resource_group_name": "myResourceGroup",
"namespace_name": "myeventhub",
"location": "eastus",
"type": "EventHub",
"messaging_tier": "Standard"
}
For more information, see this topic.
Bind
Bind the service instance myservicebus to an app.
$ cf bind-service myapp myservicebus
The credentials have the following format:
"VCAP_SERVICES": {
"azure-servicebus": [
{
"credentials": {
"namespace_name": "cf-2eac2d52-bfc9-4d0f-af28-c02187689d72",
"key_name": "KEY-NAME",
"key_value": "KEY-VALUE",
}
}
]
}
You can get the credentials from ENV['VCAP_SERVICES'].
Note: Run cf unbind-service to delete the binding.
Azure SQL Database
Create
Run cf create-service azure-sqldb to create a new SQL server and database. The following example creates a SQL database named mysqldb with the standard plan:
$ cf create-service azure-sqldb standard mysqldb -c sqldb-example-config.json
The contents of sqldb-example-config.json:
{
"resourceGroup": "sqldbResourceGroup",
"location": "westus",
"sqlServerName": "mysqlserver",
"sqlServerParameters": {
"allowSqlServerFirewallRules": [
{
"ruleName": "new rule",
"startIpAddress": "0.0.0.0",
"endIpAddress": "255.255.255.255"
}
],
"properties": {
"administratorLogin": "myusername",
"administratorLoginPassword": "mypassword"
}
},
"sqldbName": "mysqldb",
"transparentDataEncryption": true,
"sqldbParameters": {
"properties": {
"collation": "SQL_Latin1_General_CP1_CI_AS"
}
}
}
Here is a second example of sqldb-example-config.json where servers are specified in the broker configuration:
{
"resourceGroup": "sqldbResourceGroup",
"location": "westus",
"sqlServerName": "mysqlserver",
"sqldbName": "mysqldb",
"transparentDataEncryption": true,
"sqldbParameters": {
"properties": {
"collation": "SQL_Latin1_General_CP1_CI_AS"
}
}
}
For more information, see this topic.
Bind
Bind the service instance mysqldb to an app.
$ cf bind-service myapp mysqldb
The credentials have the following format:
"VCAP_SERVICES": {
"azure-sqldb": [
{
"credentials": {
"sqldbName": "sqlDbA",
"sqlServerName": "fake-server",
"sqlServerFullyQualifiedDomainName": "fake-server.database.windows.net",
"databaseLogin": "ulrich",
"databaseLoginPassword": "u1r8chP@ss",
"jdbcUrl": "jdbc:sqlserver://fake-server.database.windows.net:1433;database=fake-database;user=fake-admin;password=fake-password;Encrypt=true;TrustServerCertificate=false;HostNameInCertificate=*.database.windows.net;loginTimeout=30",
"jdbcUrlForAuditingEnabled": "jdbc:sqlserver://fake-server.database.secure.windows.net:1433;database=fake-database;user=fake-admin;password=fake-password;Encrypt=true;TrustServerCertificate=false;HostNameInCertificate=*.database.secure.windows.net;loginTimeout=30"
}
}
]
}
You can use jdbcUrlForAuditingEnabled to connect to the database if auditing is enabled. For more information, see this topic.
You can get the credentials from ENV['VCAP_SERVICES'].
Note: Run cf unbind-service to delete the binding.
Azure Database for MySQL
Create
Run cf create-service azure-mysqldb to create a new MySQL instance. The following example creates a MySQL instance named mysqlservera with the basic100 plan:
$ cf create-service azure-mysqldb basic100 mysqldb -c mysqldb-example-config.json
The contents of mysqldb-example-config.json:
{
"resourceGroup": "mysqldbResourceGroup",
"location": "westus",
"mysqlServerName": "mysqlservera",
"mysqlServerParameters": {
"allowMysqlServerFirewallRules": [
{
"ruleName": "newrule",
"startIpAddress": "0.0.0.0",
"endIpAddress": "255.255.255.255"
}
],
"properties": {
"version": "5.6",
"sslEnforcement": "Disabled",
"storageMB": 51200,
"administratorLogin": "myusername",
"administratorLoginPassword": "myPASSw0rd"
}
}
}
For more information, see this topic.
Bind
Bind the service instance mysqldb to an app.
$ cf bind-service myapp mysqldb
The credentials have the following format:
"VCAP_SERVICES": {
"azure-mysqldb": [
{
"credentials": {
"mysqlServerName": "mysqlservera",
"mysqlServerFullyQualifiedDomainName": "mysqlservera.mysql.database.azure.com",
"administratorLogin": "ulrich",
"administratorLoginPassword": "u1r8chP@ss",
"jdbcUrl": "jdbc:mysql://mysqlservera.mysql.database.azure.com:3306/{your_database}?verifyServerCertificate=true&useSSL=true&requireSSL=false"
}
}
]
}
The character “&” in JDBC url is encoded into “\u0026” by the Cloud Controller. Your app may need to handle this.
You can get the credentials from ENV['VCAP_SERVICES'].
Note: Run cf unbind-service to delete the binding.
Azure Database for PostgreSQL
Create
Run cf create-service azure-postgresqldb to create a new PostgreSQL instance. The following example creates a PostgreSQL instance named postgresqldb with the basic100 plan:
$ cf create-service azure-postgresqldb basic100 postgresqldb -c postgresqldb-example-config.json
The contents of postgresqldb-example-config.json:
{
"resourceGroup": "postgresqldbResourceGroup",
"location": "westus",
"postgresqlServerName": "postgresqlservera",
"postgresqlServerParameters": {
"allowPostgresqlServerFirewallRules": [
{
"ruleName": "newrule",
"startIpAddress": "0.0.0.0",
"endIpAddress": "255.255.255.255"
}
],
"properties": {
"version": "9.6",
"sslEnforcement": "Disabled",
"storageMB": 51200,
"administratorLogin": "myusername",
"administratorLoginPassword": "myPASSw0rd"
}
}
}
For more information, see this topic.
Bind
Bind the service instance postgresqldb to an app.
$ cf bind-service myapp mysqldb
The credentials have the following format:
"VCAP_SERVICES": {
"azure-postgresqldb": [
{
"credentials": {
"postgresqlServerName": "postgresqlservera",
"postgresqlServerFullyQualifiedDomainName": "postgresqlservera.postgresql.database.azure.com",
"administratorLogin": "ulrich",
"administratorLoginPassword": "u1r8chP@ss",
"jdbcUrl": "jdbc:postgresql://postgresqlservera.postgres.database.azure.com:5432/{your_database}?user=ulrich@postgresqlservera&password=u1r8chP@ss&ssl=true"
}
}
]
}
The character “&” in JDBC url is encoded into “\u0026” by the Cloud Controller. Your app may need to handle this.
You can get the credentials from ENV['VCAP_SERVICES'].
Note: Run cf unbind-service to delete the binding.
Azure CosmosDB
Create
Run cf create-service azure-cosmosdb to create a new CosmosSQL account with a database. The following example create a CosmosDB instance named cosmosdb with the standard plan:
$ cf create-service azure-cosmosdb standard cosmosdb -c cosmosdb-example-config.json
The contents of cosmosdb-example-config.json:
{
"resourceGroup": "cosmosdbResourceGroup",
"cosmosDbAccountName": "testcosmosdbaccount",
"cosmosDbName": "testcosmosdb",
"location": "eastus",
"kind": "DocumentDB"
}
For more information, see this topic.
Bind
Bind the service instance postgresqldb to an app.
$ cf bind-service myapp mysqldb
The credentials have the following format:
"VCAP_SERVICES": {
"azure-cosmosdb": [
{
"credentials": {
"cosmosdb_host_endpoint": "https://YOUR_COSMOSDB_ACCOUNT_NAME.documents.azure.com:443/",
"cosmosdb_master_key": "YOUR_SECRET_KEY_ENDING_IN_==",
"cosmosdb_readonly_master_key": "YOUR_READONLY_SECRET_KEY_ENDING_IN_==",
"cosmosdb_database_id": "YOUR_COSMOSDB_NAME",
"cosmosdb_database_link": "dbs/ID_ENDING_IN_==/"
}
}
]
}
For the kind “MongoDB”, the credentials have the following format:
"VCAP_SERVICES": {
"azure-cosmosdb": [
{
"credentials": {
"cosmosdb_host_endpoint": "https://YOUR_COSMOSDB_ACCOUNT_NAME.documents.azure.com:10255/",
"cosmosdb_username": "YOUR_COSMOSDB_ACCOUNT_NAME",
"cosmosdb_password": "YOUR_PASSWORD_ENDING_IN_==",
"cosmosdb_database_name": "YOUR_COSMOSDB_NAME",
"cosmosdb_connection_string": "mongodb://:@?ssl=true&replicaSet=globaldb"
}
}
]
}
You can get the credentials from ENV['VCAP_SERVICES'].
Note: Run cf unbind-service to delete the binding.
Delete a Service Instance
Note: Before deleting a service instance, ensure there are no apps bound to the service instance and no data contained within, such as objects in a storage account.
Run the following command to delete a service instance:
$ cf delete-service YOUR-SERVICE-INSTANCE Really delete the service YOUR-SERVICE-INSTANCE> y Deleting service YOUR-SERVICE-INSTANCE in org system / space dev1 as appdev1... OK Delete in progress. Use 'cf services' or 'cf service YOUR-SERVICE-INSTANCE' to check operation status.