Sunday, August 23, 2015

Stateless DEIS - no Ceph

I'm sure Ceph is fine.  But, I don't want to add any uneccesary complexity to my DEIS cluster.  And, I don't know Ceph well enough to feel comfortable keeping it if I don't have to.

Below are a few notes I took in trying to get my stateless DEIS 1.9.0 cluster going.

First, I needed a log server to which I could send syslog from DEIS.  BTW, the "deis logs" command will cease to work once you send them to an external syslog service.  We are testing CloudWatch Logs.  Funny enough, I ended up trying Amazon ECS to host a docker image configured with CloudWatch Logs.  I fired up a service with two syslog tasks (listeners).  I will use these syslog servers for other purposes as well.

Second, I needed a PostgreSQL database.  RDS to the rescue.  So far, I'm getting by with a t2.micro.

Third, I needed some external storage for real files.  DEIS allows for an S3 backend.  I found no documentation for required permissions.  So, I tinkered until I came up with this small set:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1440163063000",
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::the-bucket/*"
            ]
        },
        {
            "Resource": "arn:aws:s3:::the-bucket",
            "Action": "s3:*",
            "Effect": "Allow"
        },
        {
            "Resource": "*",
            "Action": "s3:ListAllMyBuckets",
            "Effect": "Allow"
        }
    ]
}

The special deis install stateless-platform & deis start stateless-platform are the commands used to turn up the lean environment.  I had trouble with the registry starting until I tweaked the S3 permissions.  The builder wouldn't start because the controller didn't start (/deis/controller/* etcd keys didn't exist).

After much angst, and by running each command in fleetctl cat deis-controller individually, I found that the password for my postgres database had a single quote in it.  My luck, the startup script also used single quotes around the password.  FAILHORN!  After getting the controller whipped into shape, it still shows as inactive/dead in deisctl list.  But, I can register/login; and, the builder automatically continued after the controller came on.

So, I just first my first app to it.  I'm already enjoying (of necessity) those CloudWatch Logs.  Weeee!

No comments:

Post a Comment