Channels
#general
Title
h
hallowed-king-98702
03/07/2019, 10:50 PMHey is there a way to upload some code to an ec2 instance? I’m using userData but it’s throwing a gRPC error specifying that my file is larger than max
c
creamy-potato-29402
03/07/2019, 10:51 PMhmm cc @stocky-spoon-28903?
I think no?
h
hallowed-king-98702
03/07/2019, 10:55 PMWhat’s the typical approach towards spinning up a basic server with an app? I’ve tried ECS but as noted yesterday, I can’t connect to external services.
c
creamy-potato-29402
03/07/2019, 11:00 PMuh, are you doing this from inside a security group and vpc?
h
hallowed-king-98702
03/07/2019, 11:01 PMThe ecs? I’m just creating a cloud.Service and not using ECS directly.
c
creamy-potato-29402
03/07/2019, 11:02 PMHmm, @lemon-spoon-91807 knwos more about cloud.Service, but if you can’t connect to external services that sounds like you are launching into a VPC that has restrictive permissions.
oh when you say you CAN’T you mean that you’re not allowed to, or you are but something is stopping you.
l
lemon-spoon-91807
03/07/2019, 11:03 PMcould you clarify what you mean by: "upload some code to an ec2 instance? " 🙂
h
hallowed-king-98702
03/07/2019, 11:04 PMThat’s what I figured but I’m not specifying the VPC or anything - just letting pulumi do it’s thing. And by can’t I mean I get a timeout when trying to GET a basic webpage (which works locally)
c
creamy-potato-29402
03/07/2019, 11:04 PMyou’d deploy into a default vpc
in that case
you always deploy into a vpc.
h
hallowed-king-98702
03/07/2019, 11:04 PM@lemon-spoon-91807 I’m trying to upload a go app to an EC2 instance and getting
8 RESOURCE_EXHAUSTED: grpc: received message larger than max (8762430 vs. 4194304)Is the default VPC fairly open or?
c
creamy-potato-29402
03/07/2019, 11:05 PMdepends on how it was set up
it can be, typically in a realistic corporate setting you’d really lock down or delete it.
h
hallowed-king-98702
03/07/2019, 11:06 PMI’m not setting up, that’s the thing. It looks like pulumi (or ECS) is automatically setting up the VPC for me.
c
creamy-potato-29402
03/07/2019, 11:06 PMI mean, it comes with your AWS account.
l
lemon-spoon-91807
03/07/2019, 11:06 PMHi Andy. Let's step back for a second 🙂
c
creamy-potato-29402
03/07/2019, 11:07 PMIf you don’t specify a VPC, EC2 runs the instance inside the that default VPC
l
lemon-spoon-91807
03/07/2019, 11:07 PMCould you clarify, at a higher level, what you're tryin to accomplish? Knowing htat, we can better help determine what the right approach is to go forward.
c
creamy-potato-29402
03/07/2019, 11:07 PMoh maybe cloud.service does
h
hallowed-king-98702
03/07/2019, 11:07 PMI’m trying to use pulumi to launch a site and a web scrapper (two services).
Trying to use cloud.Service prevents me from making external requests (hence the web scraper breaks since it can’t talk to the world)
l
lemon-spoon-91807
03/07/2019, 11:08 PMOk. Removing 'pulumi' for a moment, what would you normally be doing with AWS?
h
hallowed-king-98702
03/07/2019, 11:08 PMI then attempted to spin up an EC2 server and use userData or userDataBase64 to upload some code
I haven’t used ECS directly. But with EC2 I would spin up a server and just upload some code (SFTP or some other mechanism) which is what I’m trying to avoid.
l
lemon-spoon-91807
03/07/2019, 11:10 PMOk. So this is more a question of how to use ECS, then pulumi in particular. For ECS, the idea is generally that it's a 'container orchestrator'
i.e. you provide what you want to run in Docker containers, and you use ECS as the orchestration system that ensures that the right configuration of machiens are running your containers.
h
hallowed-king-98702
03/07/2019, 11:11 PMShouldn’t the containers be able to access external services (make an HTTP request to google for example)?
l
lemon-spoon-91807
03/07/2019, 11:11 PMit really depends on how you've configured your network.
so, for example, we have some really helpful APIs to help here in
@pulumi/awsx(note: the
xawsxThere, you can easily make some services, pointing at some containers, using ECS as the orchestrator. ECS then has two main strategies for managing instances you can use. 'Fargate', or 'EC2'
h
hallowed-king-98702
03/07/2019, 11:13 PMSo you’re saying use the ecs api there
l
lemon-spoon-91807
03/07/2019, 11:13 PM'EC2' gives a lot more control, but is a lot more work on your part. 'Fargate' takes away from control, but makes it a lot easier to just have things work.
h
hallowed-king-98702
03/07/2019, 11:14 PMWhat about
@pulumi/cloud-awsl
lemon-spoon-91807
03/07/2019, 11:14 PMIt is. But it will also hide a lot of stuff.
h
hallowed-king-98702
03/07/2019, 11:14 PMSo by default it looks to create a restrictive VPC. Is that correct? And this prevents external access??
l
lemon-spoon-91807
03/07/2019, 11:15 PMno. by default i beleive it is using your account's default-VPC
unless you've specified otherwise. a nd it will try to use the public subnets of that VPC by defualt if you have any
but i'm not sure what the configuration of your VPC is.
in pulumi/awsx you have a lot more control here. including specifying an entirely independent VPC to run things in.
h
hallowed-king-98702
03/07/2019, 11:16 PMHow do I attach a new VPC to a cloud.Service? Or is that not possible?
l
lemon-spoon-91807
03/07/2019, 11:17 PMpulumi/cloud was more an attempt to show how you could create cross-cloud attachments.
but when you really need to be able to configure the individual cloud stuff, packages like
@pulumi/awsxHow do I attach a new VPC to a cloud.Service? Or is that not possible?
For that, i would recommend using awsx. let me try to find an example
h
hallowed-king-98702
03/07/2019, 11:18 PMso
@pulumi/cloud-awsl
lemon-spoon-91807
03/07/2019, 11:19 PMHere are some basic examples of making your own VPCs: https://github.com/pulumi/pulumi-awsx/blob/master/nodejs/awsx/examples/vpc/index.ts
Here are examples of how you could create an ECS Service sitting on top of Fargate: https://github.com/pulumi/pulumi-awsx/blob/master/nodejs/awsx/examples/fargate/fargate.ts
I would put it more like this: cloud-aws is not an area of high investment 🙂
h
hallowed-king-98702
03/07/2019, 11:19 PMlol. Gotcha
now what about spinning up a raw EC2 server and uploading a binary and running it? It seems userData isn’t a way to go.
l
lemon-spoon-91807
03/07/2019, 11:21 PMthat isn't something i'm personally familiar with
my question would first start with: how would you normally do this with AWS's apis?
h
hallowed-king-98702
03/07/2019, 11:22 PMtypically spin up a server and then SSH into it 😅
Then git clone, or download a release (curl) or similar
l
lemon-spoon-91807
03/07/2019, 11:22 PMso... you could do all that if you wanted 🙂
it's more of a really low level way of doing things
i think more modern practices would be recommending you dockerize things
that said, you could cetainly use pulumi to create your EC2 server...
and then still ssh into it
h
hallowed-king-98702
03/07/2019, 11:25 PMya. I’ve managed to create the server, just not upload data. I guess then use sftp (separate lib) to upload
l
lemon-spoon-91807
03/07/2019, 11:25 PMthat should still likely work.
h
hallowed-king-98702
03/07/2019, 11:26 PMBut pulumi doesn’t provide any wrappers or conveniences in order to do so?
l
lemon-spoon-91807
03/07/2019, 11:26 PMfor that? no. But if you dockerize things, then definitely yes.
For example, we'll shell out to docker, build everything for you, upload your container to ECR (AWS's container registry), and point your services at those containers
see, for example:
Here, we show an example of creating a Service based off of some container that is built locally (from the
./appthe Service will sit on fargate to manage instances automatically, and ECS will ensure you always have at least to isntances running.
and the Service will be exposed through an NLB to the internet through port 80.
Does that make sense?
The benefit of the Docker/containerized approach is taht it's very clear what you're running on these instances. as opposed to whatever random changes were made when ssh'ed in. this keeps things highly repeatable and managable
it's also much easier to test as you literally can just use the same containers locally that are in AWS.
h
hallowed-king-98702
03/07/2019, 11:34 PMya. I’ve used docker before so I’m familiar with it (just not ECS directly). I’ll try playing around with awsx and avoid
@pulumi/could-awsI have one other thing to note. I’ve tried using pulumi to build docker images and it works great locally, but fails in github actions (it looks like pulumi uses a blocked docker command, can’t remember off the top of my head). My current solution is to have a separate dockerize action which uploads to ECR and then use that image in pulumi.
l
lemon-spoon-91807
03/07/2019, 11:36 PMbut fails in github actions (it looks like pulumi uses a blocked docker command, can’t remember off the top of my head)
h
hallowed-king-98702
03/07/2019, 11:36 PMIs there a plan to address this issue in the future?
l
lemon-spoon-91807
03/07/2019, 11:36 PMhrmm... it works successfully for us in our CI. I can pull in someone else to help you with that
taggign @bitter-oil-46081
Matt, could you possibly help out Andy with https://pulumi-community.slack.com/team/UGR3PG0FR when you have some time?
h
hallowed-king-98702
03/07/2019, 11:38 PMthanks for the help @lemon-spoon-91807. Appreciate it!
b
bitter-oil-46081
03/07/2019, 11:45 PM@lemon-spoon-91807 The problem is that the execution environment that github actions run in disallow certain docker commands that
@pulumi/dockerdocker image inspect@pulumi/dockerh
hallowed-king-98702
03/07/2019, 11:46 PMya, that’s the command!
l
lemon-spoon-91807
03/07/2019, 11:46 PMI apologize. I completely misunderstood. I thought this was about running
pulumiMatt thinks we have a bug on this. If not, we'll open one.
h
hallowed-king-98702
03/07/2019, 11:47 PMno worries
b
bitter-oil-46081
03/07/2019, 11:47 PMI moved a bug we had in cloud (that andy opened, sorry for the delay, andy) to pulumi/docker: https://github.com/pulumi/pulumi-docker/issues/84
l
lemon-spoon-91807
03/07/2019, 11:47 PMCan't guarantee we'll necessarily have a solution though. I'd have to understand the restrictions of 'github actions' and what (if any) recommendations there are for doing this sort of thing.
h
hallowed-king-98702
03/07/2019, 11:48 PMNot a problem. I’m sure you guys are busy
Thanks for the help @bitter-oil-46081 and @lemon-spoon-91807. Just want to say that I’m really enjoying pulumi
b
bitter-oil-46081
03/07/2019, 11:53 PM👍
l
lemon-spoon-91807
03/07/2019, 11:53 PMThat's great to hear!