#geodesic (2021-08)

geodesic https://github.com/cloudposse/geodesic

Discussions related to https://github.com/cloudposse/geodesic Archive: https://archive.sweetops.com/geodesic/

2021-08-24

Matt Gowie avatar
Matt Gowie

@Jeremy (Cloud Posse) @Erik Osterman (Cloud Posse) Any best practice or suggestion on where to put a daemon initialization script that I always need to be executed on container start (regardless of the Docker CMD)? I have a daemon start script that I put in /rootfs/etc/profile.d/, which works when the container starts via a login shell, but it does not work if the container starts from within Spacelift which I assume is due to the fact that they pass a separate docker run command (makes sense).

Matt Gowie avatar
Matt Gowie

This is just a small script to start the sdm listen --daemon command, which is necessary to connect to SDM resources within the container.

Matt Gowie avatar
Matt Gowie

I’m sure if my linux-fu was stronger I’d know the answer to this… but figured ya’ll would be able to easily point me in the right direction.

Matt Gowie avatar
Matt Gowie

I’m moving forward with an entrypoint.sh script as that will definitively ensure it is always run. Appreciate if ya’ll have any geodesic specific suggestions though.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
geodesic/atlantis.sh at master · cloudposse/geodesic attachment image

Geodesic is a DevOps Linux Distro. We use it as a cloud automation shell. It's the fastest way to get up and running with a rock solid Open Source toolchain. ★ this repo! https://slack.cloud

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

this is how we did something similar for atlantis

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so profile.d is meant for interactive login sessions

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

init.d is meant for non-interactive sessions

Matt Gowie avatar
Matt Gowie

Yeah I was checking that out and tried putting my script into init.d. But it seems that didn’t do it either. I’m assuming because when the CMD is overwritten it then doesn’t call /usr/local/bin/init which results in not looping over /etc/init.d

1
Matt Gowie avatar
Matt Gowie

If I was running it as the installed binary then that would work. But that doesn’t jive with Spacelift being the docker runner.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yes, in the end init is just our “entrypoint” script

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

and the only way for this to work is that some entrypoint needs to run it

Jeremy (Cloud Posse) avatar
Jeremy (Cloud Posse)

Entrypoint is not a sure thing, either, since that can be overridden, too.

Jeremy (Cloud Posse) avatar
Jeremy (Cloud Posse)

Our standard entrypoint is bash, our standard CMD is -c boot. Boot detects whether or not there is a terminal attached, which is probably where you are seeing Spacelift diverge from running locally.

This is part of implementing some magic that makes it possible to pipe the output of Geodesic into a shell and have that cause Geodesic to install itself on the host.

Jeremy (Cloud Posse) avatar
Jeremy (Cloud Posse)

I don’t know how Spacelift runs Geodesic. I will look into it, but if you know, @Matt Gowie, please share.

Jeremy (Cloud Posse) avatar
Jeremy (Cloud Posse)

OK, @Matt Gowie I have confirmed that Spacelift overwrites both entrypoint and cmd so you cannot get a daemon init to run via Docker config. You need to configure Spacelift to run the daemon. You can do that by including the daemon initialization in the

stack_defaults:
  before_init:

configuration block in the source repo’s .spacelift/config.yml . See https://docs.spacelift.io/concepts/configuration/runtime-configuration#before_-and-after_-hooks

Matt Gowie avatar
Matt Gowie

Ah interesting. Great to know @Jeremy (Cloud Posse) — Appreciate that. I had started down that path earlier in the day anyway, but that is a good thing to keep in mind regarding this.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

ahhhh good point @Jeremy (Cloud Posse) i forgot that it does that

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

are you using our spacelift component @Matt Gowie?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

if so, I wouldn’t do it this way at all

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

this belongs in cloudinit

Jeremy (Cloud Posse) avatar
Jeremy (Cloud Posse)

Docker images don’t run cloudinit. He’s talking about running something inside the Geodesic container.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

spacelift AMI

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

we run geodesic as the image that spacelift uses

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

strongdm probably should be install at the host-level and not at the individual container level

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

especially if spacelift containers are short lived

Matt Gowie avatar
Matt Gowie

I am using the Spacelift component. I didn’t think about it being at the host level since then the connections need to be long lived and available to all Spacelift Stacks. But an interesting idea.

2021-08-23

Michael Dizon avatar
Michael Dizon

i’m going through the tutorial here https://docs.cloudposse.com/howto/geodesic/authenticate-with-aws-vault/. however when i run docker run cloudposse/geodesic:latest-debian | bash , geodesic doesn’t get installed to /usr/local/bin. when I add -it I see a bunch of Command not found errors. This is on both a mac and a linux. Also tried running sudo bash

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

head’s up @Jeremy (Cloud Posse) has a PR to deprecate this in favor of leapp

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Replace aws-auth with Leapp by Nuru · Pull Request #540 · cloudposse/docs attachment image

what Deprecate aws-auth Add instructions for Leapp why Leapp works properly with Federated Logins and AWS SSO, aws-auth does not.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

regarding the errors you’re getting, can you make sure you’ve pulled the latest image?

Michael Dizon avatar
Michael Dizon

saw that! when’s it getting merged? also, i was able to get it running by building my own image. it only worked on my linux machine though

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

it should be very user friendly at this point. if not, please open issue on geodesic repo and we’ll have @Jeremy (Cloud Posse) take a look.

and by user friendly, I mean it should error gracefully with instructions on what to do.

Michael Dizon avatar
Michael Dizon

yeah no errors, if i didn’t pass the -ti flag it would fail silently

Jeremy (Cloud Posse) avatar
Jeremy (Cloud Posse)

@ When I run

docker run cloudposse/geodesic:latest-debian | bash

I get a message printed out. (Too long to copy here.) If you do not get a message, that is worth investigating.

The case where you run

docker run -it cloudposse/geodesic:dev-alpine  | bash

is one I did not think of guarding against. I will fix that.

Michael Dizon avatar
Michael Dizon

@Jeremy (Cloud Posse) here’s the output when I run docker run cloudposse/geodesic:latest-debian | bash

########################################################################################
# Attach a terminal (docker run --rm --it ...) if you want to run a shell.
# Run the following to install the script that runs
# Geodesic with all its features (the recommended way to use Geodesic):
#   docker run --rm cloudposse/geodesic:latest-debian init | bash
# (On a Linux workstation, you might need to use "sudo bash" instead of just "bash")
########################################################################################
Michael Dizon avatar
Michael Dizon

geodesic is not created in the /usr/local/bin dir

Jeremy (Cloud Posse) avatar
Jeremy (Cloud Posse)

Yes, I thought that was made clear in the output message. How would you suggest I make it clearer?

Michael Dizon avatar
Michael Dizon

sigh. i guess i glazed over the init part

Michael Dizon avatar
Michael Dizon

thanks for the help

Jeremy (Cloud Posse) avatar
Jeremy (Cloud Posse)

Thanks for showing another path we need to guard against.

2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yep! thanks for the feedback

Michael Dizon avatar
Michael Dizon

any ideas?

2021-08-21

Michael Dizon avatar
Michael Dizon

does atmos support terraform 1.0+

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

atmos is just a wrapper that calls other binaries (it also parses all the variables from yaml config). Whatever terraform version you have installed and made default, it will be called

Michael Dizon avatar
Michael Dizon

thanks man!

    keyboard_arrow_up