Hi Yao, I think you can use dispatch file <https://cloud.google.com/appengine/docs/flexible/php/how-requests-are-routed#routing_with_a_dispatch_file> or `target` in `cron.yaml` <https://cloud.google.com/appengine/docs/flexible/php/scheduling-jobs-with-cron-yaml#about> . Feel free to let us know if our Flex documentation <https://cloud.google.com/appengine/docs/flexible/php/> doesn't help you find solutions.
Thanks, On Tue, May 23, 2017 at 8:36 AM Yao Li <[email protected]> wrote: > I removed login:admin in app.yaml and it works for cron jobs. > > Is there anyway to run cron jobs for specific service? (for example, I > have 3 services, www, default, custom, they use different databases, how > can I run a cron job only for service custom?) > > On Monday, May 22, 2017 at 10:17:18 PM UTC-7, Yao Li wrote: > >> I investigated 403 check before accessing static file but there is no >> problem there. >> >> The only code to check 403 is the before() function which is executed >> before run cron job, but it didn't print out the debug code I added in the >> before() function, there is only one line log: >> >> 21:24:22.536GET403162 B0 msAppEngine-Google; (+ >> http://code.google.com/appengine)/Cron/myFunction >> > >> >> On Monday, May 22, 2017 at 3:46:58 PM UTC-7, Yao Li wrote: >> > Is there a way to config cron job for specific service? (for example, I >>> have 3 services, www, default, custom, they use different databases, how >>> can I run a cron job only for service custom?) >>> >>> On Monday, May 8, 2017 at 1:19:44 PM UTC-7, Yao Li wrote: >>> >> Yes, I found one (403 check) before accessing static file and I will >>>> figure out what happened there. >>>> >>>> On Friday, May 5, 2017 at 2:57:20 PM UTC-7, Takashi Matsuo (Google) >>>> wrote: >>>> >>> >>>>> Sorry sent it too early... >>>>> >>>>> Do you have any other place to return 403 in the code path in your >>>>> cron handler? >>>>> Your logic seems fine. I suspect that there might be another check for >>>>> signed in state of the user, and now it gives you 403. >>>>> >>>>> On Fri, May 5, 2017 at 11:35 AM Takashi Matsuo <[email protected]> >>>>> wrote: >>>>> >>>> >>>>>> Do you have any other place to return 403 in your cron ? >>>>>> >>>>>> On Fri, May 5, 2017 at 10:58 AM Yao Li <[email protected]> wrote: >>>>>> >>>>> You are right, I found the code to check >>>>>>> $_SERVER['HTTP_X_APPENGINE_CRON'] >>>>>>> >>>>>>> public function before() { >>>>>>> if ($_SERVER['HTTP_X_APPENGINE_CRON'] != 'true') { >>>>>>> a\Error::raiseHttp403(); >>>>>>> } >>>>>>> } >>>>>>> >>>>>>> >>>>>>> It complains with 403 which means it's not from app engine? But I'm >>>>>>> sure it's from app engine flex env and it should set the value as true, >>>>>>> right? >>>>>>> >>>>>>> On Thursday, May 4, 2017 at 1:27:38 PM UTC-7, Takashi Matsuo >>>>>>> (Google) wrote: >>>>>>> >>>>>>>> >>>>>>>> Hi Yao, >>>>>>>> >>>>>>>> App Engine Flex doesn't support the handler section in app.yaml. >>>>>>>> I think you're getting 403 because you're also restricting your >>>>>>>> cron handlers in your code somewhere. Can you do a quick code review >>>>>>>> on the >>>>>>>> cron handler, and change it to check the $_SERVER value as I mentioned? >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>> On Thu, May 4, 2017 at 1:18 PM Yao Li <[email protected]> wrote: >>>>>>>> >>>>>>> Yes, it's for authorized users and worked for standard env, handler >>>>>>>>> part doesn't work for flex and I added routes file. >>>>>>>>> >>>>>>>>> As the log, it should come from App Engine. >>>>>>>>> >>>>>>>>> Do I need remove cron config part in app.yaml or even delete the >>>>>>>>> whole handler setting? >>>>>>>>> >>>>>>>>> >>>>>>>>> 03:20:40.199 GET 403 162 B 0 ms AppEngine-Google; (+ >>>>>>>>> http://code.google.com/appengine) /Cron/checkDeliveredBatch2 >>>>>>>>> 130.211.1.37 - "GET /Cron/checkDeliveredBatch2" 403 162 "-" >>>>>>>>> "AppEngine-Google; (+http://code.google.com/appengine)" >>>>>>>>> { >>>>>>>>> insertId: "9.......l" >>>>>>>>> jsonPayload: { >>>>>>>>> trace: "$traceId" >>>>>>>>> latencySeconds: "0.000" >>>>>>>>> time: null >>>>>>>>> } >>>>>>>>> httpRequest: { >>>>>>>>> requestMethod: "GET" >>>>>>>>> requestUrl: "/Cron/checkDeliveredBatch2" >>>>>>>>> status: 403 >>>>>>>>> responseSize: "162" >>>>>>>>> userAgent: "AppEngine-Google; (+ >>>>>>>>> http://code.google.com/appengine)" >>>>>>>>> remoteIp: "1...2...1...37" >>>>>>>>> referer: "-" >>>>>>>>> } >>>>>>>>> resource: { >>>>>>>>> type: "gae_app" >>>>>>>>> >>>>>>>>> labels: {…} >>>>>>>>> } >>>>>>>>> timestamp: "2017-05-04T10:20:40.199761605Z" >>>>>>>>> labels: { >>>>>>>>> compute.googleapis.com/zone: "us-central1-b" >>>>>>>>> appengine.googleapis.com/trace_id: "5.......a" >>>>>>>>> compute.googleapis.com/resource_name: "5......7" >>>>>>>>> compute.googleapis.com/resource_id: "7.......4" >>>>>>>>> } >>>>>>>>> logName: "projects/f-s/logs/appengine.googleapis.com >>>>>>>>> %2Fnginx.request" >>>>>>>>> } >>>>>>>>> >>>>>>>>> On Thursday, May 4, 2017 at 12:35:39 PM UTC-7, Takashi Matsuo >>>>>>>>> (Google) wrote: >>>>>>>>> >>>>>>>>>> >>>>>>>>>> Hi Yao, >>>>>>>>>> >>>>>>>>>> I think your handlers are protected only for authorized users, >>>>>>>>>> right? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> https://cloud.google.com/appengine/docs/flexible/nodejs/scheduling-jobs-with-cron-yaml#securing_urls_for_cron >>>>>>>>>> On App Engine flex, it changed how to secure your cron handlers. >>>>>>>>>> Check $_SERVER['HTTP_X_APPENGINE_CRON'] and if it's true, the >>>>>>>>>> requests are coming from App Engine cron service. >>>>>>>>>> >>>>>>>>> On Thu, May 4, 2017 at 12:13 PM Yao Li <[email protected]> wrote: >>>>>>>>>> >>>>>>>>> cron.yaml >>>>>>>>>>> >>>>>>>>>>> cron: >>>>>>>>>>> - description: check USPS Scanned every 4 hours >>>>>>>>>>> url: /Cron/checkUSPSScanned >>>>>>>>>>> schedule: every 4 hours >>>>>>>>>>> retry_parameters: >>>>>>>>>>> min_backoff_seconds: 5 >>>>>>>>>>> max_doublings: 5 >>>>>>>>>>> >>>>>>>>>>> - description: check USPS Scanned every 4 hours (batch 2) >>>>>>>>>>> url: /Cron/checkUSPSScannedBatch2 >>>>>>>>>>> schedule: every 4 hours >>>>>>>>>>> retry_parameters: >>>>>>>>>>> min_backoff_seconds: 5 >>>>>>>>>>> max_doublings: 5 >>>>>>>>>>> >>>>>>>>>>> - description: check Delivered every 4 hours >>>>>>>>>>> url: /Cron/checkDelivered >>>>>>>>>>> schedule: every 4 hours >>>>>>>>>>> retry_parameters: >>>>>>>>>>> min_backoff_seconds: 5 >>>>>>>>>>> max_doublings: 5 >>>>>>>>>>> >>>>>>>>>>> - description: check Delivered every 4 hours (batch 2) >>>>>>>>>>> url: /Cron/checkDeliveredBatch2 >>>>>>>>>>> schedule: every 4 hours >>>>>>>>>>> retry_parameters: >>>>>>>>>>> min_backoff_seconds: 5 >>>>>>>>>>> max_doublings: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> app.yaml >>>>>>>>>>> >>>>>>>>>>> runtime: custom >>>>>>>>>>> env: flex >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> handlers: >>>>>>>>>>> - url: /v\d+/.* >>>>>>>>>>> script: api/index.php >>>>>>>>>>> secure: always >>>>>>>>>>> >>>>>>>>>>> - url: /.* >>>>>>>>>>> script: index.php >>>>>>>>>>> secure: always >>>>>>>>>>> >>>>>>>>>>> - url: /Cron/.* >>>>>>>>>>> script: index.php >>>>>>>>>>> secure: always >>>>>>>>>>> login: admin >>>>>>>>>>> >>>>>>>>>>> resources: >>>>>>>>>>> cpu: 0.5 >>>>>>>>>>> memory_gb: 1.0 >>>>>>>>>>> disk_size_gb: 10 >>>>>>>>>>> >>>>>>>>>>> env_variables: >>>>>>>>>>> WHITELIST_FUNCTIONS: phpinfo >>>>>>>>>>> >>>>>>>>>>> beta_settings: >>>>>>>>>>> cloud_sql_instances: "f-s:us-central1:flex-prod-usc-sql-2" >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> \classes\cron\Routes.php >>>>>>>>>>> >>>>>>>>>>> namespace classes\cron; >>>>>>>>>>> >>>>>>>>>>> class Routes { >>>>>>>>>>> public static $default = array( >>>>>>>>>>> '~^/Cron/checkUSPSScanned?(\?.*)?$~' => >>>>>>>>>>> array('\classes\controllers\Cron', 'checkUSPSScanned'), >>>>>>>>>>> '~^/Cron/checkUSPSScannedBatch2?(\?.*)?$~' => >>>>>>>>>>> array('\classes\controllers\Cron', 'checkUSPSScannedBatch2'), >>>>>>>>>>> '~^/Cron/checkDelivered?(\?.*)?$~' => >>>>>>>>>>> array('\classes\controllers\Cron', 'checkDelivered'), >>>>>>>>>>> '~^/Cron/checkDeliveredBatch2?(\?.*)?$~' => >>>>>>>>>>> array('\classes\controllers\Cron', 'checkDeliveredBatch2') >>>>>>>>>>> ); >>>>>>>>>>> } >>>>>>>>>>> >>>>>>>>>>> On Thursday, May 4, 2017 at 10:25:21 AM UTC-7, Takashi Matsuo >>>>>>>>>>> (Google) wrote: >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Hi Yao, >>>>>>>>>>>> >>>>>>>>>>>> Cron works for me on my Flex app. >>>>>>>>>>>> >>>>>>>>>>>> Can you show your cron.yaml, and app.yaml? >>>>>>>>>>>> >>>>>>>>>>> On Thu, May 4, 2017 at 8:03 AM Yao Li <[email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>> btw, I did add cron job routing when initializing app in flex >>>>>>>>>>>>> env, the cron routes are defined in app.yaml (handler part) for >>>>>>>>>>>>> standard >>>>>>>>>>>>> env. >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Thursday, May 4, 2017 at 7:57:49 AM UTC-7, Yao Li wrote: >>>>>>>>>>>>> >>>>>>>>>>>> I add New Relic install script in Dockerfile of app level and >>>>>>>>>>>>>> it works, thanks. >>>>>>>>>>>>>> >>>>>>>>>>>>>> The cron job has 403 issue after I deploy the app in GAE flex >>>>>>>>>>>>>> env as default service, it works well (200) previously with app >>>>>>>>>>>>>> in GAE >>>>>>>>>>>>>> standard env. >>>>>>>>>>>>>> >>>>>>>>>>>>> Do I need do some configuration for flex one? >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Monday, May 1, 2017 at 12:47:45 PM UTC-7, Takashi Matsuo >>>>>>>>>>>>>> (Google) wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi Yao, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> FYI, we released a new Runtime image >>>>>>>>>>>>>>> <https://github.com/GoogleCloudPlatform/php-docker/releases/tag/2017-05-01-10-25> >>>>>>>>>>>>>>> which should capture the logs on stderr by default. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Mon, May 1, 2017 at 10:28 AM Yao Li <[email protected]> >>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 1. I have to install New Relic agent on instance manually >>>>>>>>>>>>>>>> with script currently after ssh, is there a way (API, script >>>>>>>>>>>>>>>> or something >>>>>>>>>>>>>>>> else) to install the following script automatically? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Use runtime:custom and add required piece in your >>>>>>>>>>>>>>> Dockerfile, except for the `/usr/bin/newrelic-daemon start` >>>>>>>>>>>>>>> line. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Then have a file named `additional-supervisord.conf` with >>>>>>>>>>>>>>> the following: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ``` >>>>>>>>>>>>>>> [program:newrelic-daemon] >>>>>>>>>>>>>>> command = /usr/bin/newrelic-daemon -f >>>>>>>>>>>>>>> stdout_logfile = /dev/stdout >>>>>>>>>>>>>>> stdout_logfile_maxbytes=0 >>>>>>>>>>>>>>> stderr_logfile = /dev/stderr >>>>>>>>>>>>>>> stderr_logfile_maxbytes=0 >>>>>>>>>>>>>>> user = root >>>>>>>>>>>>>>> autostart = true >>>>>>>>>>>>>>> autorestart = true >>>>>>>>>>>>>>> priority = 5 >>>>>>>>>>>>>>> stopwaitsecs = 20 >>>>>>>>>>>>>>> ``` >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>>> I don't know if the newrelic daemon requires root, so this >>>>>>>>>>>>>>> configuration runs as root in this example, but please use >>>>>>>>>>>>>>> another account >>>>>>>>>>>>>>> if possible. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I haven't tested it myself, but technically it should work. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- Takashi >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ``` >>>>>>>>>>>>>>>> wget -r -l1 -nd -A"linux.tar.gz" >>>>>>>>>>>>>>>> https://download.newrelic.com/php_agent/release/ >>>>>>>>>>>>>>>> gzip -dc newrelic*.tar.gz | tar xf - >>>>>>>>>>>>>>>> cd newrelic-php5* >>>>>>>>>>>>>>>> rm -f >>>>>>>>>>>>>>>> /opt/php56/lib/x86_64-linux-gnu/extensions/no-debug-non-zts-20131226/newrelic.so >>>>>>>>>>>>>>>> cp ./agent/x64/newrelic-20131226.so >>>>>>>>>>>>>>>> /opt/php56/lib/x86_64-linux-gnu/extensions/no-debug-non-zts-20131226/newrelic.so >>>>>>>>>>>>>>>> cp ./daemon/newrelic-daemon.x64 /usr/bin/newrelic-daemon >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> sed -i -e 's/"REPLACE_WITH_REAL_KEY"/*yourLicenseKey*/g' >>>>>>>>>>>>>>>> ./scripts/newrelic.ini.template >>>>>>>>>>>>>>>> sed -i -e 's/PHP Application/*yourApplicationName*/g' >>>>>>>>>>>>>>>> ./scripts/newrelic.ini.template >>>>>>>>>>>>>>>> cp ./scripts/newrelic.ini.template >>>>>>>>>>>>>>>> /opt/php56/lib/ext.enabled:/opt/php56/lib/conf.d:/app/newrelic.ini >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> /usr/bin/newrelic-daemon start >>>>>>>>>>>>>>>> ``` >>>>>>>>>>>>>>>> 2. I saw there are 2 or 3 instances in flex env, it seems I >>>>>>>>>>>>>>>> have to install New Relic (NR) agent on each one, right? >>>>>>>>>>>>>>>> (because every >>>>>>>>>>>>>>>> instance is independent to hold the app, I didn't see NR agent >>>>>>>>>>>>>>>> on the 1st >>>>>>>>>>>>>>>> instance if I only installed on 2nd or 3rd) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Monday, May 1, 2017 at 9:46:20 AM UTC-7, Takashi Matsuo >>>>>>>>>>>>>>>> (Google) wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <blockquote class="gmail_quote" >>>>>>>>>>>>>>>> style="margin:0;margin-left:0.8ex;border-left:1px #ccc >>>>>>>>>>>>>>>> solid;padding >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/google-appengine. > To view this discussion on the web visit > https://groups.google.com/d/msgid/google-appengine/a13e5b9e-a092-4a8a-affb-6ae2b1276699%40googlegroups.com > <https://groups.google.com/d/msgid/google-appengine/a13e5b9e-a092-4a8a-affb-6ae2b1276699%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- -- Takashi -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/CADWEYXixoe6nbsBr3kWboWXW%3DMhk10D_t_si7xfnZbOWfedbZg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
