Fork me on GitHub
#datomic
<
2018-10-16
>
stijn13:10:40

if we would like to automatically push and deploy some of our branches to datomic cloud ions through CodePipeline/CodeBuild. What exact permissions does the codebuild instance profile need for being able to e.g. download the ions dependencies from the datomic maven S3 bucket? Also, I don't see any documentation on what is needed for pushing to codedeploy. Currently everything is happening as an admin user from a dev machine. Or is there a better way to setup CI for your ions?

Joe Lane15:10:29

My company has the exact same questions as @stijn. We are very interested in hearing about the best practices for CI/CD with Ions. After digging last night I found the top level codepipeline page seems to have my Ions application registered so maybe there is just manual exploration to be done?

jeroenvandijk15:10:26

@stijn Not sure what exactly is needed, but as a first step you could have a permission that is allowed to forward the admin role to codebuild. This will not give the admin permission to the dev machine

grzm19:10:02

We just saw a blip when deploying an ion:

ERROR, :message cryo is not a recognized vendor code (Service: AWSResourceGroupsTaggingAPI; Status Code: 400; Error Code: InvalidParameterException
There's no reference to cryo in our code. We saw it happen from two different remote laptops in two different states (MN and TN). Retrying the same deploy a few minutes later succeeded just fine. Any ideas? (I'm stepping away from my machine for a while, so won't be following up immediately, but happy to do so when I get back.)

Joe Lane19:10:04

@grzm I ran into this last night on a different project, thought it was just a blip.

jaret19:10:55

@grzm can you DM me the full error with request ID

jaret19:10:41

I am going to log a case to AWS since you’ve both seen this. I’d like to see if they can track this down or provide any clues on what is unavailable.

wilkes19:10:16

@grzm I sent @jaret the error message

favila20:10:15

can/should the same valcache dir be shared by multiple peer processes?

jaret00:10:17

@U09R86PA4 multiple peers each with their own valcache. I’ll look to add that to the docs, but sharing is not supported.

favila00:10:40

That’s too bad. Having shared big Valcache on a dev laptop (which is often multiprocess but same small set of remote txors) is the best use case I see. I run memcached for this now; shared Valcache would be much bigger, persist across reboots, and free up the ram now used for memcached

favila00:10:33

How do Valcache and memcached interact if both are enabled?

jaret19:10:45

@U09R86PA4 You can’t use Valcache and memcached together. Its one or the other. The tradeoffs are discussed here http://staging.docs.datomic.com/on-prem/valcache.html#vs-memcached

favila19:10:39

I am aware of the tradeoffs; I didn't realize they were mutually exclusive choices

favila19:10:59

could this be made clearer also?

jaret19:10:14

Yes. I agree. It needs to be made clearer in the docs.

favila19:10:25

that's also unfortunate, because a transactor can no longer eagerly populate memcached to shield storage from peer cache misses if the peer is using valcache

grzm21:10:23

Thanks @wilkes I just sent @jaret one that I got as well.