coop-cloud/karrot
coop-cloud
/
karrot
0
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity

Improvements! #4

New Issue
Closed
opened 2023-10-19 00:50:08 +00:00 by nicksellen · 2 comments
nicksellen commented 2023-10-19 00:50:08 +00:00
Member
Copy Link

I just ran through a fresh setup, and got a Karrot out the end 🥳 https://app.karrot-selfhost.nicksellen.co.uk (I did an ansible set up for the server itself --> https://github.com/karrot-dev/karrot-ansible)

I encountered a few niggles and potential improvements along the way, so I'll make a list here, can split them out into their issue if it's worth it:

  • various things should be in secrets
    • DATABASE_PASSWORD, should generate one
    • SECRET_KEY, should generate one
    • SMTP_PASSWORD, manually inserted if using SMTP
    • MAXMIND_LICENSE_KEY manually inserted if using it
  • app does not start without MAXMIND_* credentials set [1], they should be optional
  • /api/bootstrap is not a good healthcheck url, firstly all API urls need trailing /, secondly it's a more expensive endpoint, /api/config/ would be better
  • when redeploying with new SMTP config, worker container did not restart (missing SMTP stuff in environment)
  • deployment shows an error, even though it actually works [2], it might be not using ssh config to connect to server? not sure...
  • redeploying app has downtime in between [3]

[1] with maxmind stuff set it shows

Updating geoip data, first time could be slow...
Your account ID or license key is invalid
Your account ID or license key is invalid

[2] deployment that looks like an error, but it works

❯ abra app deploy app.karrot-selfhost.nicksellen.co.uk --force
WARN[0000] app.karrot-selfhost.nicksellen.co.uk is already deployed but continuing (--force/--chaos)
+----------------------------------+--------+-------------+--------------------------------------+-------------+
|              SERVER              | RECIPE |   CONFIG    |                DOMAIN                |   VERSION   |
+----------------------------------+--------+-------------+--------------------------------------+-------------+
| karrot-selfhost.nicksellen.co.uk | karrot | compose.yml | app.karrot-selfhost.nicksellen.co.uk | 0.1.0+0.1.0 |
+----------------------------------+--------+-------------+--------------------------------------+-------------+
? continue with deployment? Yes
INFO[0055] Updating service app_karrot-selfhost_nicksellen_co_uk_db (id: m0h291ilvg17i50yd6vn49nuc)
INFO[0057] Updating service app_karrot-selfhost_nicksellen_co_uk_web (id: ioddjl22blzr8m7dxehufdrds)
INFO[0058] Updating service app_karrot-selfhost_nicksellen_co_uk_app (id: i02hcr0qb2qtje8qh6plur8gk)
INFO[0060] Updating service app_karrot-selfhost_nicksellen_co_uk_worker (id: e7toglrh2sprjyr7ct0vwv7lm)
INFO[0062] Updating service app_karrot-selfhost_nicksellen_co_uk_redis (id: 0eljgtgzsez74mmcgiiuaqtlm)
INFO[0064] Waiting for app.karrot-selfhost.nicksellen.co.uk to deploy... please hold 🤚
FATA[0068] error during connect: Get "http://docker.example.com/v1.43/services/ioddjl22blzr8m7dxehufdrds?insertDefaults=false": command [ssh -o ConnectTimeout=5 -l nick -p 22 -- karrot-selfhost.nicksellen.co.uk docker system dial-stdio] has exited with exit status 255, please make sure the URL is valid, and Docker 18.09 or later is installed on the remote host: stderr=mux_client_request_session: session request failed: Session open refused by peer
 sh: connect to host karrot-selfhost.nicksellen.co.uk port 22: Connection refused

[3]

seems to go:

  • 502 Bad Gateway on API requests
  • then 404 page not found on the main URL for quite a while (a minute or two)
  • then springs back into life
I just ran through a fresh setup, and got a Karrot out the end 🥳 https://app.karrot-selfhost.nicksellen.co.uk (I did an ansible set up for the server itself --> https://github.com/karrot-dev/karrot-ansible) I encountered a few niggles and potential improvements along the way, so I'll make a list here, can split them out into their issue if it's worth it: - various things should be in secrets - DATABASE_PASSWORD, should generate one - SECRET_KEY, should generate one - SMTP_PASSWORD, manually inserted if using SMTP - MAXMIND_LICENSE_KEY manually inserted if using it - app does not start without MAXMIND_\* credentials set [1], they should be optional - `/api/bootstrap` is not a good healthcheck url, firstly all API urls need trailing `/`, secondly it's a more expensive endpoint, `/api/config/` would be better - when redeploying with new SMTP config, worker container did not restart (missing SMTP stuff in environment) - deployment shows an error, even though it actually works [2], it _might_ be not using ssh config to connect to server? not sure... - redeploying app has downtime in between [3] [1] with maxmind stuff set it shows ``` Updating geoip data, first time could be slow... Your account ID or license key is invalid Your account ID or license key is invalid ``` [2] deployment that looks like an error, but it works ``` ❯ abra app deploy app.karrot-selfhost.nicksellen.co.uk --force WARN[0000] app.karrot-selfhost.nicksellen.co.uk is already deployed but continuing (--force/--chaos) +----------------------------------+--------+-------------+--------------------------------------+-------------+ | SERVER | RECIPE | CONFIG | DOMAIN | VERSION | +----------------------------------+--------+-------------+--------------------------------------+-------------+ | karrot-selfhost.nicksellen.co.uk | karrot | compose.yml | app.karrot-selfhost.nicksellen.co.uk | 0.1.0+0.1.0 | +----------------------------------+--------+-------------+--------------------------------------+-------------+ ? continue with deployment? Yes INFO[0055] Updating service app_karrot-selfhost_nicksellen_co_uk_db (id: m0h291ilvg17i50yd6vn49nuc) INFO[0057] Updating service app_karrot-selfhost_nicksellen_co_uk_web (id: ioddjl22blzr8m7dxehufdrds) INFO[0058] Updating service app_karrot-selfhost_nicksellen_co_uk_app (id: i02hcr0qb2qtje8qh6plur8gk) INFO[0060] Updating service app_karrot-selfhost_nicksellen_co_uk_worker (id: e7toglrh2sprjyr7ct0vwv7lm) INFO[0062] Updating service app_karrot-selfhost_nicksellen_co_uk_redis (id: 0eljgtgzsez74mmcgiiuaqtlm) INFO[0064] Waiting for app.karrot-selfhost.nicksellen.co.uk to deploy... please hold 🤚 FATA[0068] error during connect: Get "http://docker.example.com/v1.43/services/ioddjl22blzr8m7dxehufdrds?insertDefaults=false": command [ssh -o ConnectTimeout=5 -l nick -p 22 -- karrot-selfhost.nicksellen.co.uk docker system dial-stdio] has exited with exit status 255, please make sure the URL is valid, and Docker 18.09 or later is installed on the remote host: stderr=mux_client_request_session: session request failed: Session open refused by peer sh: connect to host karrot-selfhost.nicksellen.co.uk port 22: Connection refused ``` [3] seems to go: - 502 Bad Gateway on API requests - then 404 page not found on the main URL for quite a while (a minute or two) - then springs back into life
🎉 1
nicksellen commented 2023-10-19 18:14:58 +00:00
Author
Member
Copy Link

Ok, I would consider this done now, me and @knoflook had a session today and we accomplished:

  • updated karrot images to newest version, and including the docker stuff for building and hosting them over at https://github.com/karrot-dev/karrot-docker-images
  • added the 4 things that should be secrets as secrets
  • support it to run even if MAXMIND* GeoIP stuff is not set up, and improve setup to use docker configs
  • added an entrypoint script rather than cramming everything into docker command
  • fixed up health checks
  • added SMTP config to worker
  • fixed CSRF configuration for django
  • battled our way through various confusing things :)
Ok, I would consider this done now, me and @knoflook had a session today and we accomplished: - updated karrot images to newest version, and including the docker stuff for building and hosting them over at https://github.com/karrot-dev/karrot-docker-images - added the 4 things that should be secrets as secrets - support it to run even if MAXMIND\* GeoIP stuff is not set up, and improve setup to use docker configs - added an entrypoint script rather than cramming everything into docker command - fixed up health checks - added SMTP config to worker - fixed CSRF configuration for django - battled our way through various confusing things :)
❤️ 1
nicksellen commented 2023-10-19 18:26:34 +00:00
Author
Member
Copy Link

The remaining issues I think are more general stuff about co-op cloud, rather than about this specific recipe.

There is also some room for more karrot-specific work (not about the recipe), some ideas were:

  • support *_FILE configuration variants natively in karrot, to avoid having to use the custom entrypoint, and might be useful in other environments
  • resolve/refine how we build karrot releases
  • consider moving away from GitHub
  • consider creating an instance setup wizard, so configuration is done via nice UI, not env vars

As for co-op cloud things a few things came up:

  • would be nice to be able to specify which secrets can be auto generated, and which are for human insertion (that is insertion by humans, not into insertion into humans)
  • initial deployment is quite slow before certificate is created, so url returns scary invalid cert error for quite a while, not clear what triggers the creation
  • during redeployments, there is downtime, and a range of different errors, 404, 503, ... etc, can we have zero downtime deployment? (we have that currently without docker)
  • I always wonder why I need to use --force when redeploying with config changes
  • I always forget where to put the app name in commands, some commands (e.g. abra app new) can prompt me for info (the server), maybe that would be nice if app is omitted to prompt... or be able to set one in my env/local config

For bigger dreamy future things, I wonder:

  • would be nice to have protocols/specs for how apps can sort of "auto wire" themselves up if it detects compatible interfaces (e.g. auto set SMTP configs if you are running something that provides SMTP)
  • I dream about "instance config wizard" standard, where an app can make available a standard interface, then use co-op cloud interface to configure it, maybe unrealistic, and per-app wizards are better and can provide more context
  • would love something as smooth as cloudron (I didn't use it, but hear about it), I guess that's a clicky UI hosted somewhere...

On the way I created this ansible repo to set up a server ready for using co-op cloud with --> https://github.com/karrot-dev/karrot-docker-images

Overall very happy and excited! (oh, this wasn't supposed to be My Big Writeup, but hey ho)

The remaining issues I think are more general stuff about co-op cloud, rather than about this specific recipe. There is also some room for more karrot-specific work (not about the recipe), some ideas were: - support \*_FILE configuration variants natively in karrot, to avoid having to use the custom entrypoint, and might be useful in other environments - resolve/refine how we build karrot releases - consider moving away from GitHub - consider creating an instance setup wizard, so configuration is done via nice UI, not env vars As for co-op cloud things a few things came up: - would be nice to be able to specify which secrets can be auto generated, and which are for human insertion (that is insertion by humans, not into insertion into humans) - initial deployment is quite slow before certificate is created, so url returns scary invalid cert error for quite a while, not clear what triggers the creation - during redeployments, there is downtime, and a range of different errors, 404, 503, ... etc, can we have zero downtime deployment? (we have that currently without docker) - I always wonder why I need to use `--force` when redeploying with config changes - I always forget where to put the app name in commands, some commands (e.g. abra app new) can prompt me for info (the server), maybe that would be nice if app is omitted to prompt... or be able to set one in my env/local config For bigger dreamy future things, I wonder: - would be nice to have protocols/specs for how apps can sort of "auto wire" themselves up if it detects compatible interfaces (e.g. auto set SMTP configs if you are running something that provides SMTP) - I dream about "instance config wizard" standard, where an app can make available a standard interface, then use co-op cloud interface to configure it, maybe unrealistic, and per-app wizards are better and can provide more context - would love something as smooth as cloudron (I didn't use it, but hear about it), I guess that's a clicky UI hosted somewhere... On the way I created this ansible repo to set up a server ready for using co-op cloud with --> https://github.com/karrot-dev/karrot-docker-images Overall very happy and excited! (oh, this wasn't supposed to be My Big Writeup, but hey ho)
👀 1
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
change/use-new-docker-images
mail
dev
1.1.0+14.1.0
1.0.0+14.0.1
0.1.10+13.0.0
0.1.9+13.0.0
0.1.8+13.0.0
0.1.5+0.1.4
0.1.4+0.1.3
0.1.3+0.1.3
0.1.2+0.1.2
0.1.0+0.1.0
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: coop-cloud/karrot#4
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?