This message was deleted.

sparse-intern-71089

02/22/2021, 12:24 PM

This message was deleted.

broad-dog-22463

02/22/2021, 2:46 PM

Hi @bitter-river-54082 Please can you show me the code that is causing you the issues here?

bitter-river-54082

02/22/2021, 2:50 PM

This is the code of my

migration-provisioner

that is executing before the NAT gateway created :

Copy code

export const Migration = new Provisioner<string, never>("migration-provisioner", {
    dep: config.version.version,
    onCreate: runMigration,
    changeToken: "",
}, {
    dependsOn: [
        ec2.servicesInstance,
        ec2.servicesDataVolume,
        ssm.runMigrationDocument,
    ],
})

export const delay = (t: number) => new Promise(resolve => setTimeout(resolve, t))

function runMigration(): Promise<never> {
    return new Promise((resolve, reject) => {
        const runMigrationDocumentName = ssm.runMigrationDocument.name.get()
        const servicesInstanceId = ec2.servicesInstance.id.get()
        const ssmClient = new AWS.SSM({region: config.aws.region})

        ssmClient.sendCommand({
            DocumentName: runMigrationDocumentName,
            InstanceIds: [servicesInstanceId],
            Parameters: {
                "dryRun": ["false"],
            },
        }).promise().then(response => delay(3000).then(() => ssmClient.waitFor("commandExecuted", {
            CommandId: response.Command!.CommandId!,
            InstanceId: servicesInstanceId,
            $waiter: {
                delay: 5,
                maxAttempts: 60,
            },
        }).promise().then(response => {
            if (response.Status != "Success") {
                throw new Error(`Migration failed with status '${response.Status}'`)
            }
            resolve()
        }))).catch(reject)
    })
}

broad-dog-22463

02/22/2021, 2:54 PM

Ok, I need to see the program where you are defining your VPC + Instance

bitter-river-54082

02/22/2021, 3:20 PM

Copy code

export const vpc = new awsx.ec2.Vpc("vpc", {
    cidrBlock: config.vpc?.cidrBlock,
    numberOfAvailabilityZones: 2,
    tags: {
        deployment: config.deploymentName,
    },
})

broad-dog-22463

02/22/2021, 3:21 PM

ok, so you are then deploying instances right? Where do you relate the instance with the VPC?

bitter-river-54082

02/22/2021, 3:25 PM

Instance :

Copy code

export const servicesInstance = new aws.ec2.Instance("services", {
    ami: config.ami.services[config.aws.region],
    ebsOptimized: true,
    ebsBlockDevices: [{
        deviceName: "/dev/sdf",
        encrypted: true,
        volumeSize: 100,
        volumeType: "gp2",
    }],
    iamInstanceProfile: iam.servicesInstanceProfile,
    instanceType: aws.ec2.InstanceTypes.M5_Large,
    keyName: config.aws.keyPair,
    metadataOptions: {
        httpEndpoint: "enabled",
        httpPutResponseHopLimit: 2,
        httpTokens: "required",
    },
    rootBlockDevice: {
        encrypted: true,
    },
    subnetId: pulumi.output(vpc.vpc.privateSubnetIds).apply(subnets => subnets[0]),
    tags: {
        deployment: config.deploymentName,
        role: "services",
    },
    userData: pulumi.all([
        s3.configBucket.bucket,
        efs.capsuleCache?.id,
        efs.datasets.id,
        config.stackname,
    ]).apply(([
        configBucketName,
        capsuleCacheEfsId,
        datasetsEfsId,
        pulumiStackName,
    ]) => {
        const template = handlebars.compile(fs.readFileSync("ec2-init-services.sh", "utf8"))
        return template({
            configBucketName,
            capsuleCacheEfsId,
            datasetsEfsId,
            pulumiStackName,
        })
    }),
    vpcSecurityGroupIds: [vpc.sgServices.id],
}, {
    dependsOn: [
        vpc.vpc,
        efs.capsuleCache,
        efs.datasets,
        s3.configBucket,
        cloudwatch.instancesLogGroup,
        cloudwatch.servicesLogGroup,
    ],
    ignoreChanges: ["ebsBlockDevices"],
})

broad-dog-22463

02/22/2021, 3:26 PM

so you have this in your instance:

Copy code

subnetId: pulumi.output(vpc.vpc.privateSubnetIds).apply(subnets => subnets[0]),

So if the instance isn't waiting on the VPC then this would fail

broad-dog-22463

02/22/2021, 3:27 PM

So it means that the Migration is failing to wait for the Instance to be fully available right?

bitter-river-54082

02/22/2021, 3:28 PM

yes

broad-dog-22463

02/22/2021, 3:55 PM

ok, so your Migration code is going to have to do the work of checking to see if the instance is "REady" - once a successful creation of an instance is achieved from the API, then Pulumi's job is effectively over I'm afraid...

bitter-river-54082

02/22/2021, 4:04 PM

ok, how should it be done?

fierce-cpu-94517

02/23/2021, 1:17 AM

@broad-dog-22463 the issue that we have is that the EC2 instance is brought up before all VPC resources have been provisioned. Specifically, it is created before the NAT gateways. There is no explicit dependency between the ec2 instance resource and the NAT gateway resources, but there is an implicit dependency since the instance relies on internet access to perform its cloud init scripts. We hoped that adding a dependency on the

awsx.ec2.Vpc

will do the trick but we don't see the desired effect.

Open in Slack

Previous Next

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.