Fork me on GitHub

if we would like to automatically push and deploy some of our branches to datomic cloud ions through CodePipeline/CodeBuild. What exact permissions does the codebuild instance profile need for being able to e.g. download the ions dependencies from the datomic maven S3 bucket? Also, I don't see any documentation on what is needed for pushing to codedeploy. Currently everything is happening as an admin user from a dev machine. Or is there a better way to setup CI for your ions?

Joe Lane15:10:29

My company has the exact same questions as @stijn. We are very interested in hearing about the best practices for CI/CD with Ions. After digging last night I found the top level codepipeline page seems to have my Ions application registered so maybe there is just manual exploration to be done?


@stijn Not sure what exactly is needed, but as a first step you could have a permission that is allowed to forward the admin role to codebuild. This will not give the admin permission to the dev machine


We just saw a blip when deploying an ion:

ERROR, :message cryo is not a recognized vendor code (Service: AWSResourceGroupsTaggingAPI; Status Code: 400; Error Code: InvalidParameterException
There's no reference to cryo in our code. We saw it happen from two different remote laptops in two different states (MN and TN). Retrying the same deploy a few minutes later succeeded just fine. Any ideas? (I'm stepping away from my machine for a while, so won't be following up immediately, but happy to do so when I get back.)

Joe Lane19:10:04

@grzm I ran into this last night on a different project, thought it was just a blip.


@grzm can you DM me the full error with request ID


I am going to log a case to AWS since you’ve both seen this. I’d like to see if they can track this down or provide any clues on what is unavailable.


@grzm I sent @jaret the error message


can/should the same valcache dir be shared by multiple peer processes?


@U09R86PA4 multiple peers each with their own valcache. I’ll look to add that to the docs, but sharing is not supported.


That’s too bad. Having shared big Valcache on a dev laptop (which is often multiprocess but same small set of remote txors) is the best use case I see. I run memcached for this now; shared Valcache would be much bigger, persist across reboots, and free up the ram now used for memcached


How do Valcache and memcached interact if both are enabled?


@U09R86PA4 You can’t use Valcache and memcached together. Its one or the other. The tradeoffs are discussed here


I am aware of the tradeoffs; I didn't realize they were mutually exclusive choices


could this be made clearer also?


Yes. I agree. It needs to be made clearer in the docs.


that's also unfortunate, because a transactor can no longer eagerly populate memcached to shield storage from peer cache misses if the peer is using valcache


Thanks @wilkes I just sent @jaret one that I got as well.