Fork me on GitHub
#juxt
<
2017-09-08
>
jonpither05:09:34

The ami used is a bog standard Ubuntu server instance @steveb8n. Maybe Roll could auto determine the AMI if one is not supplied.. that could be handy.

jonpither05:09:35

Sorry, didn't realise the one in Roll is only for eu-west-1 !

steveb8n05:09:56

true although maybe just adding that to the docs for now would be enough to avoid my issue

steveb8n05:09:14

I already tried a pretty basic Ubuntu AMI and it failed on jdk install (see above). It could have been specific to the one I tried

steveb8n05:09:38

either way, I’ll try copying your AMI into my region, to keep moving.

steveb8n05:09:57

while you are here. Is there any sample code in edge for reading/decrypting KMS secrets? The doc’s mention KMS and I liked it (after learning about it) but it would be good to reference an example somewhere

jonpither05:09:29

Sure. Not sure we have any docs.. there is a blog post in the works! I will see what we have. It is very cool and worth it. Roll does some KMS stuff but I need to verify.

dominicm06:09:10

@steveb8n I'm gonna have a go at writing a script to get the Ubuntu image for the given region today.

dominicm06:09:34

I'll try and port it to pack-datomic too

steveb8n06:09:11

cool. I’ll hold off until you’ve tried. BTW there was no good vanilla Ubuntu image in the Sydney region. one mo and and paste in the list

steveb8n06:09:59

it’s 50 items so maybe I won’t paste in. but they are all php servers so probably not ideal

steveb8n06:09:19

that means that your script will not work in my region regardless. do you care?

steveb8n06:09:49

I can still copy the Edge AMI into my region to workaround this

dominicm06:09:38

@steveb8n https://cloud-images.ubuntu.com/locator/ec2/ apparently there's official ones? Did you try them?

steveb8n06:09:19

hmm, I missed those somehow. thanks for the correction

steveb8n06:09:37

I’ve gotta pop out for an hour but I’ll try one of those right after I get back

dominicm06:09:48

@steveb8n let me know how you get on, because I'd love to use this list to automatically determine the correct AMI for people.

stijn07:09:05

@dominicm how do you capture the resulting ami name for use in terraform afterwards?

dominicm07:09:37

@stijn for pack datomic? Currently it's a manual process. I wonder if it needs to be though.

stijn07:09:08

well, the use case for pack-datomic for us is that I want to have some code on the datomic transactor classpath

stijn07:09:01

we're running into trouble using rules inside a transactor function, and the only way I've been able to make it work is by putting the rules in a clojure file that is visible to the transactor jvm

stijn07:09:28

but, if these rules change (not very often), I need to rebuild the ami

stijn07:09:52

i need to think about this, if doing it automatically is even a good idea 🙂

dominicm08:09:45

Agreed. The other option is that user data launches the datomic instance, and it does that after uploading the clojure files.

steveb8n08:09:27

@dominicm I’m trying to re-deploy using that AMI but having trouble with existing deployed stuff. I’ve manually deleted all but one but can’t find where to delete the “instance profile”

steveb8n08:09:28

aws_iam_instance_profile.nextdoc: Error creating IAM instance profile dev-nextdoc: EntityAlreadyExists: Instance Profile dev-nextdoc already exists. status code: 409, request id: c8e259dc-946e-11e7-9e63-637aa216adbb

steveb8n08:09:37

any suggestions?

dominicm08:09:49

@steveb8n I'd try under a credentials section. I'll be in the office in 5m and can be more precise.

dominicm08:09:11

Iam is a security thing though

dominicm08:09:29

I think terraform destroy will work actually

dominicm08:09:32

That's easier

steveb8n08:09:34

yep, docs say that an “instance profile” is just an IAM role but nothing with that name is present

steveb8n08:09:45

ok I’ll try destroy

steveb8n08:09:38

no joy. destroy worked cleanly but still blocked by the “instance profile”

steveb8n08:09:08

I wonder if some kind of eventual consistency is in play here

steveb8n08:09:20

because there’s no such IAM role

dominicm08:09:55

I once got locked out of aws for a couple hours because my password reset was eventually consistent. Too slowly consistent.

steveb8n08:09:46

I can see it using CLI, just don’t know where to look in console

steveb8n08:09:53

I’ll try deleting using CLI

dominicm08:09:00

this is strange indeed

steveb8n08:09:11

success! at least I’m past the “instance profile”. EC2 instance now booting so I can check the AMI… finally

steveb8n08:09:33

strange that “instance profile” in AWS is not an easy cleanup via console

steveb8n08:09:33

more success. that AMI shows no apt-get errors in user-data.log so looks good

steveb8n08:09:57

jdk installed as well so I’d say this AMI is good. Now I need to spend some time matching my uberjar to the shape of the Edge uberjar.

steveb8n08:09:27

but that will have to wait till my morning as it’s dinner time. thanks again!

steveb8n08:09:09

happy days 🙂

steveb8n10:09:04

I fixed the uberjar and my app is now running and accessible via http. That's a win. I'll work on using KMS keys over the weekend and will sync up for next steps on your Monday

steveb8n10:09:19

In the meantime, have a great weekend

jonpither10:09:54

well done @steveb8n! I will review all text in this thread and github issues soon. I really appreciate your efforts in testing all this out

steveb8n10:09:59

Likewise. A great team effort. This is a really valuable library.