cf create-service-broker fails with connection refused

Question

I'm experimenting with CF in my local bosh-lite setup. The apps that I deploy into if work well. I am now trying to follow the steps here https://github.com/cf-platform-eng/cf-community-workshop/blob/master/demos/service-broker-lab.adoc to try out the custom service broker setup.

The https://github.com/mstine/haash-broker application starts and is running fine:

$ cf apps
name            requested state   instances   memory   disk   urls
haash-broker    started           1/1         768M     1G     haash-broker.vbox.mojito, haash-broker.192.168.50.6.xip.io

I can access it from my host machine browser well: http://haash-broker.192.168.50.6.xip.io/v2/catalog

But when I execute the

cf create-service-broker haash-broker warreng natedogg http://haash-broker.192.168.50.6.xip.io

I get

$ cf create-service-broker haash-broker warreng natedogg http://haash-broker.192.168.50.6.xip.io
Creating service broker haash-broker as admin...
FAILED
Server error, status code: 502, error code: 10001, message: The service broker could not be reached: http://haash-broker.192.168.50.6.xip.io/v2/catalog

When I log in into the CC VM:

$ bosh -e vbox -f cf ssh api/eb4cec99-bab1-4513-a980-fb92775ac2d8

I can ping the hostname:

api/eb4cec99-bab1-4513-a980-fb92775ac2d8:~$ sudo ping haash-broker.192.168.50.6.xip.io
PING haash-broker.192.168.50.6.xip.io (192.168.50.6) 56(84) bytes of data.
64 bytes from 192.168.50.6: icmp_seq=1 ttl=64 time=0.080 ms

But wget connection gets refused:

api/eb4cec99-bab1-4513-a980-fb92775ac2d8:~$ wget http://warreng:natedogg@haash-broker.192.168.50.6.xip.io/v2/catalog
--2018-04-06 04:19:05--  http://warreng:*password*@haash-broker.192.168.50.6.xip.io/v2/catalog
Resolving haash-broker.192.168.50.6.xip.io (haash-broker.192.168.50.6.xip.io)... 192.168.50.6
Connecting to haash-broker.192.168.50.6.xip.io (haash-broker.192.168.50.6.xip.io)|192.168.50.6|:80... failed: Connection refused.

The firewall permits everything on that VM (sudo iptables -L). The hostname gets resolved properly. The ping works and the 80 port is open on the target IP, since I can reach it from my host browser.

How can that be that the wget doesn't work in such situation? This also seems to be the reason for me failing to create a service broker cf create-service-broker

UPDATE

I've managed to to execute the cf create-service-broker command with URL of an nginx reverse proxy running outside of my bosh-lite environment. The proxy redirects to the same initial URL http://haash-broker.192.168.50.6.xip.io and the command succeeds in this way. But the subsequent

cf create-service-broker haash-broker warreng natedogg http://haash-broker.192.168.50.1.xip.io:9999
cf enable-service-access haash
cf create-service HaaSh basic my-hash

(where haash-broker.192.168.50.1.xip.io:9999 is my nginx proxy) fails with

Server error, status code: 502, error code: 10001, message: The service broker rejected the request to http://haash-broker.192.168.50.1.xip.io:9999/v2/service_instances/4ef19154-d238-4cb3-8003-803fba53af3f?accepts_incomplete=true. Status Code: 400 Bad Request, Body: {"timestamp":1523008856993,"error":"Bad Request","status":400,"message":""}

I can see in both nginx and broker app logs that the the request reaches the broker and it answers with 400. Debugging now why.

Answer 1

Can you post the result of --server-response option used with wget? Also what happens when you try to curl the broker?

Broker requires credentials, but it is interesting if it responds with 401 or 500 on the first request that wget makes without credentials.