#airship (2018-12)

Documenting is close to folding laundry in my happiness index.

yea, it’s like pulling teeth

haha

Pulling teeth is short and intense, documenting is more like a week long back pain.

lol

good point

Hi Everyone, I’ve started documenting the ecs cluster module here: https://airship.tf/guide/ecs_cluster/. For ‘better’ English I’ll find someone to take a look, but would love to have input from you guys on the structure itself.

wow maarten! looks great

Vuerocks

The codeblocks are currently json, very soon hcl https://github.com/PrismJS/prism/pull/1594

i think you definitely made the right choice for this project

going to take a closer look at some of the UI/UX elements and have our guy incorporate that into our docs

nice ::: warning

the writing on this page is exceptional

@john294 you might want to talk with @maarten about airship for what you guys are doing. It’s a great turnkey solution for ECS used by Blinkist, among others.

@john294 has joined the channel

Hi @john294! I’m afk very soon, but happy to talk any time.

Basically they’ve built a very easy turnkey solution for using ECS with Terraform. Cloud Posse has our own modules, but @maarten is going above and beyond with airship.

He’s specifically trying to make it easier for smaller startups to get up and running quickly

@i5okie has joined the channel

hi

moved here from general. im trying to implement and automagical experience for our devs to create review apps, after we move from heroku to aws.

I’m imagining it being almost like circle-ci. by that i mean have “service images” like postgresdb, and other normal images, like ruby-2.3-8-node-browsers kind. most likely only have a single ecs instance, or cluster of 1, and devs would launch review apps from command line (i’m working on a gem, have a bunch of heroku cli - like features already implemented, this would be next). to either deploy from PR, or from local staged files.

came here for some inspiration / suggestions / opinions

looks like traefik will be pretty important

@joshmyers has joined the channel

@i5okie Is this an unsolved problems that needs code written or is there something you could take off the shelf?

Traefik is

Airship looks nice!

yeah i was looking at airship too.

i still don’t really understand how airship can help

Hu @i5okie I’m not really online now, but tomorrow I’ll have plenty of time to show you around what airship is about. I just started documenting ( work in progress ) https://airship.tf . Its guide is only covering the cluster at the moment, the ecs service module which is 99% of the logic isn’t covered yet, just a little bit in the (unfinished) getting started section. You can take a look here: github.com/blinkist/terraform-aws-airship-ecs-service . Maybe you can explain your use-case a bit and let’s discuss tomorrow !

Hmm if i were to use airship, which looks great.. Looking at your guide (great work so far!!!) I think in my use case I’ll need to replace nginx with Traefik

i think that’d be a killer combo

Cunning use of the data lambda for bootstrap

@i5okie Have done similar with Traefik and the ECS backend. Worked nicely

josh, the only ecs+traefik tutorials I’ve found out there so far. are somewhat useless / not well documented.

I’m trying to hack together the airship moduel some of the cloud-posse modules, into a nice ecs stack. then try to figure out how to make a service module to bring-up a traefik service.. one thing at a time i guess

So is the plan with Airship to bring it into Cloud-Posse family?

For the time being , I think this is an independent project. But honestly, we just want people doing cool stuff to be part of the community.

I totally endorse what @maarten is building with airship + blinkist

I know @jamie is contributing to it among others

i like that

@i5okie I’d love to know how you see your setup working. In my documentation I will have to work-out a few common use-cases. So I’d love to hear yours.

Im thinking to just use terraform to document the infrastructure for the ecs. So I’d like to have a small ecs cluster, and some docker images in ecr. like our usual ruby image, then a postgresql / redis service.. I’m still a bit new to this, so im not sure if ruby would be a task or not?

right now we’re primarily on heroku, and have review apps that can get spun up from github PRs. So in my case, I’d want to write some code that devs would run in their command line to spin up a ‘review app’ (ruby + postgresql + redis images) responding to <app>-<hash>.mydomain.com as per traefik.. then when QA is done verifying or whatever, we can kill the review app afterwords.

Hi @i5okie I’ve done something similar with Airship, but less dynamic than your idea. For a QA environment I’ve created multiple services of the same application, let’s call it app running on the same ECS cluster. The 5 different services were preconfigured by terraform and had planet names, earth, mars, uranus etc. At PR, or however the deployment was configured, the developer creates a branch named app-mars-[JIRA-TICKET] and the application was then deployed to the app-mars ECS Service. Route53 and a single Application Load Balancer takes care of routing the traffic to the Planet QA ECS Service. A who-is-blocking-what-service-app on Slack takes care of not having developers deploying at the same planet at the time, what never was a problem really.

yeah that kind of sounds similar. So i guess in my case, the LB would point to traefik. then traefik would point to one of the deployed apps..

What is the need for traefik here, if the ALB already does the routing ?

auto discovery i guess

rather uhm reverse proxy

i have wildcard *.apps.mydomain.com pointing to traefik. so anything i type in myapp-v3344.apps.mydomain.com traefik would then say ah okay this goes here..

kinda like this: https://netbears.com/blog/traefik-cluster-ecs/

except someone who wrote this has incomplete documentation and i can’t get that to work.

so im trying to do basically the same, but starting with terraform, the airship module, and going from there.

I’m seeing where you’re getting at now. It’s a little different idea from what I’m used to and that makes it interesting. The question is how you want to deploy your others services then. Running terraform at PR ? Or are you ok with pre-configuring a set of services to which you can deploy after.

so lets forget about PRs for now

i want to have this in terraform so its documented, in case we need to tear down the stack and bring it up in the future. or on another aws account.. etc.

so for other services.. I was thinking if it’d be possible to do something like how CircleCi config file has the main -image ruby:2.5 for example, and then below you specify -image postgresql:9.6-alpine for example..

so i think that when ‘deploy command’ is triggered, i’l have to spin up the ruby image, and the postgresql/ redis images and then associate those three together. (this probably has nothing to do with terraform at this point)

I’ve used RDS in a shared tenancy model for that as production is also using RDS and I like to have production more or less in sync with everything else

what i’ve described above would be insane for production. its for ephemeral apps with like short life-spans of a couple minutes to a couple days tops.

it’s quite a challenge lol. i’ve never done anything like this before

Let me know if if you struggle with something on the way! The mindset behind the airship modules is slightly different from your use-case but we’re engineers, so we can make everything work

yep, i have to run out for a bit. but i have a question about your config example

tty soon

sure, just post!

I use airship and cloudposse combined. I like to add the null_label into airship, so i can cascade the conststant labeling and tagging down through all the modules via context.

I have used Traefik, and it is easy to add into the mix

IF I get a moment, i’ll build up an example

@Ryan Ryke has joined the channel

0.8.4: Task scheduler fix (#27) What

Rewrite of the javascript Task scheduler, it wasn’t working properly with AWSVPC networking. Limited the name of the jobs to 32 chars. Fixed a bug which effected ecs services without a load balancer as the condition was still set to match NONE instead of none

I fell off the earth.. looks like my project has been scrapped for the foreseeable future ;(. But now I’ll be playing with Airship the way it was designed haha

The question I had was… vpc_security_group_ids = ["${module.ecs_instance_sg.this_security_group_id}","${module.admin_sg.this_security_group_id}"] What is the intent with these SGs? Or what are the suggested rules?

The Autoscaling Group of instances needs to allow incoming traffic from the Load Balancer. I’m describing it here //airship.tf/guide/ecs_cluster/#security-groups>

have you taken a look at the new blue/green deployment feature?

How to spend a weekend. My start on the ECS service documentation.. https://airship.tf/guide/ecs_service/ Would love to have input on anything guys!

love these diagrams

Love them too If you have time please tell me what you don’t like!

this is the most documented terraform module on the internet

I’ll have to wear sunglasses outside now.

hahah

@Steven has joined the channel

@jamie https://github.com/blinkist/terraform-aws-airship-ecs-service/blob/service_discovery/modules/ecs_service/main.tf With SRV record as DNS type the Service doesn’t get registered, do you have any idea ?

Do you have an example set up using it currently?

that you can make a change to and test?

in this bit: https://github.com/blinkist/terraform-aws-airship-ecs-service/blob/8688cc50e0e5a6adfcacba7ddeb75e40c4911f9a/modules/ecs_service/main.tf#L214

can you comment out the port line

Isn’t the port needed for SRV ?

# port = "${var.container_port}"

No. I’ve just read through my code and my collegues code where we ahve used srv records.

and never actually added the port value tehre

I just want to see if that is doing anything funny

even though it is mentioned in the tf documentation

https://www.terraform.io/docs/providers/aws/r/ecs_service.html#port

So it should work. I have also been reviewing the api https://docs.aws.amazon.com/cli/latest/reference/servicediscovery/create-service.html

The Service Discovery instance could not be registered.

Task comes up, is healthy

But is it working with A records?

then gets killed

yes

can try again

maybe MULTIVALUE routing with SRV is the problem ?

no, it can do it

But try toggling that… andthen also try commenting out

  # Needed for private namespaces
  health_check_custom_config {
    failure_threshold = "${var.service_discovery_healthcheck_custom_failure_threshold}"
  }

Since it may also be the helth check modifiers that do it

ok, now also have the same with A records, not sure what changed then.

ok good. At least we know its not srv now

You didn’t accedentally create a terraform.local route53 zone did you?

as well as the example.terraform.local zone

no, they make it

‘they’

the borg

hehe

no change

Can you do a destroy and apply?

just the service or also the namespace ?

namespace too

if you can easily do it

Also, what network mode are you using?

awsvpc? or host/bridge

awsvpc

same shit, i give up for now

@jamie @jonboulle If you want to have another avatar or introduction next to your name, let me know

Also, if you can write better than me, let me know

https://airship.tf/introduction/

@niek has joined the channel

@niek is also an author of ECS modules, happy to have you here

@maarten thx

0.8.5: Changed the lambda to be dependent of the policy which belongs to the… … (#30) lambda lookup policy dependency fix

welcome @niek!

@timo has joined the channel

Hi everyone. First, thanks for your ECS terraform modules! I was following the instructions https://airship.tf/getting_started/ to set up a fargate cluster but i am getting 6 value of 'count' cannot be computed errors as soon as I add the ecs_service module:

* module.ecs_service_nginx.module.alb_handling.aws_lb_listener_rule.host_based_routing_ssl_custom_listen_host: aws_lb_listener_rule.host_based_routing_ssl_custom_listen_host: value of 'count' cannot be computed
* module.ecs_service_nginx.module.alb_handling.aws_lb_listener_rule.host_based_routing_custom_listen_host: aws_lb_listener_rule.host_based_routing_custom_listen_host: value of 'count' cannot be computed
* module.ecs_service_nginx.module.alb_handling.aws_lb_listener_rule.host_based_routing_ssl_custom_listen_host_cognito_auth: aws_lb_listener_rule.host_based_routing_ssl_custom_listen_host_cognito_auth: value of 'count' cannot be computed
* module.ecs_service_nginx.module.alb_handling.aws_route53_record.record_alias_a: aws_route53_record.record_alias_a: value of 'count' cannot be computed
* module.ecs_service_nginx.module.alb_handling.aws_lb_listener_rule.host_based_routing_custom_listen_host_redirect_to_https: aws_lb_listener_rule.host_based_routing_custom_listen_host_redirect_to_https: value of 'count' cannot be computed
* module.ecs_service_nginx.module.alb_handling.aws_route53_record.record: aws_route53_record.record: value of 'count' cannot be computed

I am using terraform 0.11.11 and I was able to provision all resources, once I add the ecs_service module it fails

Hi @timo thnks, That’s a lot of errors, and they don’t make much sense to me. Could you post a GIST of your sample code & terraform plan. Tomorrow I have some time, but I’m traveling as well.

@maarten Airship in DevOps weekly, nice!

Oh cool, I’m not even subscribed, do you want to fwd that to me ?

let’s see if I can get it if I subscribe now

https://www.devopsweekly.com

I subscribed but not getting the old one I think, can’t find any active archives.

Close to finishing service discovery, @jamie do you have time to take a look ? branch:service_discovery

  service_discovery_enabled = true

  service_discovery_properties {
    namespace_id                         = "${aws_service_discovery_private_dns_namespace.test.id}"
    dns_ttl                              = "60"
    dns_type                             = "A"
    routing_policy                       = "MULTIVALUE"
    healthcheck_custom_failure_threshold = "1"
  }

Hi merry Xmas - did you manage to fix the weird issue with it?

merry xmas!

yes, i don’t have it anymore, also I found a way to disable container_port now for A type records but setting it to false ..

https://github.com/blinkist/terraform-aws-airship-ecs-service/blob/999b5034fcc3f8d81f279677b62b9d2c06464590/modules/ecs_service/main.tf#L169

Ah good. I can’t do the pr right now as I’m out of my hotel. But I can within 24 hours!

I’m at schiphol this video is loading very slowly

haha

nice one

Reviewed the changes. There is one instance of var.tags when it should be local.tags

Apart from that, approved!

0.8.6: Service discovery (#28) Added service discovery.. service_discovery_enabled = true service_discovery_properties { namespace_id = “${aws_service_discovery_private_dns_namespace.test.id}” dns_ttl = “60” dns_type = “A” routing_policy = “MULTIVALUE” healthcheck_custom_failure_threshold = “1” }

Next stop, Traefik

@jbye has joined the channel

@github140 has joined the channel

Welcome aboard @jbye and @github140! I’m off for new years partying in Belgrade until the 2nd of January, most likely afk. If there’s anything I can help you with, let me know and I’ll get back to you when I can.