Are Bluemix service endpoints publicly accessible?

2
votes

I'm developing a CF application using IBM Bluemix. Once a service has been provisioned and bound to the app, is there any requirement that the credentials it provides refer to a publicly-accessible URL or IP address?

I ask because I've been experimenting with Cloudfocker, which provides a local approximation of the Cloud Foundry runtime environment, for a faster app development workflow. But to do any serious work, you need access to the services bound to your app in the real Bluemix. (You'd also need Bluemix's set of buildpacks too, but I'm ignoring that for the time being).

For example, say I'm developing an app that uses a database. I want to connect directly to the DB service instance from my Cloudfocker environment running on my local machine. Can I do that?

I ran a few experiments, and the results varied: a Cloudant service handed out a legal URL that I could reach from anywhere, but a Mongodb service gave me an IP that appears to refuse connections from non-Bluemix clients (see below).

# My endpoint is: mongodb://23.246.199.67:10027/db

# Within a Bluemix app, works
vcap@18jf19lbdo5:~$ nc -v 23.246.199.67 10027
Connection to 23.246.199.67 10027 port [tcp/*] succeeded!
^C
vcap@18jf19lbdo5:~$ 


# Outside Bluemix, fails
mamacdon@markm-vm:~$ nc -v 23.246.199.67 10027
nc: connect to 23.246.199.67 port 10027 (tcp) failed: Connection timed out
mamacdon@markm-vm:~$

Is this approach feasible, or will I have to resort to some kind of tunnel solution instead?

3
servicedockercloudcloud-foundryibm-cloud

3 Answers

5
votes

Some of the services are publicly accessible. It depends on the service. When I develop locally, I have my application detect the environment (check for VCAP_SERVICES environment variable) and connect to a local/test db when running locally.

4
votes

Of the database services offered in Bluemix, the ones that are accessible from outside of Bluemix applications include: Cloudant, dashDB and SQL Database. You may find the credential information (URL, username, password, database name, and port number) from VCAP_SERVICES environment variable.

For dashDB and SQL Database, you will also need to download the driver for connection (if you don't have a DB2 client or Data Studio pre-installed). For example, in dashDB:

  1. Click on your dashDB service instance
  2. You can launch dashDB service using "Launch" button top right hand side.
  3. Once the dashDB dashboard loads, on left hand side, click on : Setup -> Connect Applications
  4. Download the dashDB driver and note the credential information required for connection (URL, username, password, database name, and port number) from the page
0
votes

The other answers have convinced me that there's no general solution that will work with all Bluemix services in CFv2. (Older versions of CF offered a cf tunnel command, but it is no longer supported.)

The good news is that Cloud Foundry's forthcoming "Diego" release will support SSH'ing directly into an app instance, which will enable port tunnelling. So you will be able gain external access to the services available inside your app… eventually.

See this mailing list thread for details.