search

pulumi / pulumi-metabase

Apache License 2.0
2 stars 3 forks source link

503 Service Temporarily Unavailable on Initial Deploy #21

Open damianesteban opened 6 months ago

damianesteban commented 6 months ago

What happened?

I followed the directions as per the documentation, and though Pulumi is successful, I get a 503 when I try to access Metabase.

Unfortunately, I cannot see any logs in the ECS console.

Example

Here is my Pulumi Code:

const metabaseService = new metabase.Metabase("metabaseService", {});
export const metabaseUrl = metabaseService.dnsName;

Output of pulumi about

CLI          
Version      3.105.0
Go Version   go1.21.6
Go Compiler  gc

Plugins
NAME      VERSION
aws       6.12.3
aws       5.43.0
awsx      2.3.0
docker    4.5.0
docker    3.6.1
metabase  0.0.3
nodejs    unknown
random    4.15.1

Host     
OS       darwin
Version  14.2.1
Arch     arm64

This project is written in nodejs: executable='/Users/damianesteban/.nvm/versions/node/v18.18.2/bin/node' version='v18.18.2'

Current Stack: xxxxxx/main-stack/production

TYPE                                                    URN
pulumi:pulumi:Stack                                     urn:pulumi:production::main-stack::pulumi:pulumi:Stack::main-stack-production
pulumi:providers:aws                                    urn:pulumi:production::main-stack::pulumi:providers:aws::default_6_12_3
aws:s3/bucket:Bucket                                    urn:pulumi:production::main-stack::aws:s3/bucket:Bucket::aurora-snapz-backup
aws:iam/policy:Policy                                   urn:pulumi:production::main-stack::aws:iam/policy:Policy::githubActions
pulumi:providers:metabase                               urn:pulumi:production::main-stack::pulumi:providers:metabase::default_0_0_3
pulumi:providers:awsx                                   urn:pulumi:production::main-stack::pulumi:providers:awsx::default_2_3_0
metabase:index:Metabase                                 urn:pulumi:production::main-stack::metabase:index:Metabase::metabaseService
aws:iam/role:Role                                       urn:pulumi:production::main-stack::aws:iam/role:Role::rds-s3-export-role
aws:ecr/repository:Repository                           urn:pulumi:production::main-stack::aws:ecr/repository:Repository::xxxxxx-repository
aws:ecs/cluster:Cluster                                 urn:pulumi:production::main-stack::aws:ecs/cluster:Cluster::main-cluster
aws:s3/bucket:Bucket                                    urn:pulumi:production::main-stack::aws:s3/bucket:Bucket::fileUploads
aws:iam/user:User                                       urn:pulumi:production::main-stack::aws:iam/user:User::github-actions
aws:kms/key:Key                                         urn:pulumi:production::main-stack::aws:kms/key:Key::dbKmsKey
awsx:ec2:Vpc                                            urn:pulumi:production::main-stack::awsx:ec2:Vpc::main-vpc
pulumi:providers:aws                                    urn:pulumi:production::main-stack::pulumi:providers:aws::default
aws:iam/role:Role                                       urn:pulumi:production::main-stack::aws:iam/role:Role::taskRole
aws:iam/role:Role                                       urn:pulumi:production::main-stack::aws:iam/role:Role::ecsTaskExecutionRole
pulumi:providers:aws                                    urn:pulumi:production::main-stack::pulumi:providers:aws::default_6_9_0
pulumi:providers:random                                 urn:pulumi:production::main-stack::pulumi:providers:random::default
aws:iam/userPolicyAttachment:UserPolicyAttachment       urn:pulumi:production::main-stack::aws:iam/userPolicyAttachment:UserPolicyAttachment::githubActions-policy-attachment
aws:iam/rolePolicy:RolePolicy                           urn:pulumi:production::main-stack::aws:iam/rolePolicy:RolePolicy::rds-s3-export-policy
aws:s3/bucketPublicAccessBlock:BucketPublicAccessBlock  urn:pulumi:production::main-stack::aws:s3/bucketPublicAccessBlock:BucketPublicAccessBlock::fileUploadsPublicAccessBlock
aws:iam/rolePolicy:RolePolicy                           urn:pulumi:production::main-stack::aws:iam/rolePolicy:RolePolicy::taskRolePolicy
aws:iam/rolePolicyAttachment:RolePolicyAttachment       urn:pulumi:production::main-stack::aws:iam/rolePolicyAttachment:RolePolicyAttachment::ecsTasksExecutionRole
aws:iam/rolePolicy:RolePolicy                           urn:pulumi:production::main-stack::aws:iam/rolePolicy:RolePolicy::readCredentialSecrets
aws:iam/rolePolicy:RolePolicy                           urn:pulumi:production::main-stack::aws:iam/rolePolicy:RolePolicy::downloadECRImages
aws:iam/rolePolicy:RolePolicy                           urn:pulumi:production::main-stack::aws:iam/rolePolicy:RolePolicy::createCloudwatchLogs
random:index/randomString:RandomString                  urn:pulumi:production::main-stack::metabase:index:Metabase$random:index/randomString:RandomString::metabaseservice-metabase
aws:ec2/vpc:Vpc                                         urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc::main-vpc
aws:ec2/subnet:Subnet                                   urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::main-vpc-private-2
aws:ec2/subnet:Subnet                                   urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::main-vpc-private-1
aws:ec2/internetGateway:InternetGateway                 urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/internetGateway:InternetGateway::main-vpc
aws:ec2/subnet:Subnet                                   urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::main-vpc-public-1
aws:ec2/subnet:Subnet                                   urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::main-vpc-private-3
aws:ec2/subnet:Subnet                                   urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::main-vpc-public-2
aws:ec2/subnet:Subnet                                   urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::main-vpc-public-3
aws:ec2/routeTable:RouteTable                           urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::main-vpc-private-2
aws:ec2/routeTable:RouteTable                           urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::main-vpc-private-1
aws:ec2/routeTable:RouteTable                           urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::main-vpc-public-1
aws:ec2/eip:Eip                                         urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/eip:Eip::main-vpc-1
aws:ec2/routeTable:RouteTable                           urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::main-vpc-private-3
aws:ec2/routeTable:RouteTable                           urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::main-vpc-public-2
aws:ec2/eip:Eip                                         urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/eip:Eip::main-vpc-2
aws:ec2/eip:Eip                                         urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/eip:Eip::main-vpc-3
aws:ec2/routeTable:RouteTable                           urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::main-vpc-public-3
aws:ec2/defaultVpc:DefaultVpc                           urn:pulumi:production::main-stack::metabase:index:Metabase$aws:ec2/defaultVpc:DefaultVpc::metabaseService
aws:ec2/routeTableAssociation:RouteTableAssociation     urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::main-vpc-private-2
aws:ec2/routeTableAssociation:RouteTableAssociation     urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::main-vpc-private-1
aws:ec2/routeTableAssociation:RouteTableAssociation     urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::main-vpc-public-1
aws:ec2/route:Route                                     urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::main-vpc-public-1
aws:ec2/natGateway:NatGateway                           urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/natGateway:NatGateway::main-vpc-1
aws:ec2/routeTableAssociation:RouteTableAssociation     urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::main-vpc-private-3
aws:ec2/routeTableAssociation:RouteTableAssociation     urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::main-vpc-public-2
aws:ec2/route:Route                                     urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::main-vpc-public-2
aws:ec2/natGateway:NatGateway                           urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/natGateway:NatGateway::main-vpc-2
aws:ec2/natGateway:NatGateway                           urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/natGateway:NatGateway::main-vpc-3
aws:ec2/routeTableAssociation:RouteTableAssociation     urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::main-vpc-public-3
aws:ec2/route:Route                                     urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::main-vpc-public-3
aws:iam/role:Role                                       urn:pulumi:production::main-stack::metabase:index:Metabase$aws:iam/role:Role::metabaseservice-metabase-ecsTaskExecutionRole
aws:ec2/route:Route                                     urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::main-vpc-private-1
aws:ec2/route:Route                                     urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::main-vpc-private-2
aws:ec2/route:Route                                     urn:pulumi:production::main-stack::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::main-vpc-private-3
awsx:ecs:FargateTaskDefinition                          urn:pulumi:production::main-stack::awsx:ecs:FargateTaskDefinition::source-worker-task
pulumi:providers:pulumi                                 urn:pulumi:production::main-stack::pulumi:providers:pulumi::default
aws:iam/rolePolicyAttachment:RolePolicyAttachment       urn:pulumi:production::main-stack::metabase:index:Metabase$aws:iam/rolePolicyAttachment:RolePolicyAttachment::metabaseservice-metabase-ecsTaskExecutionRolePolicy
aws:lb/targetGroup:TargetGroup                          urn:pulumi:production::main-stack::aws:lb/targetGroup:TargetGroup::source-alb-target-group
aws:ec2/securityGroup:SecurityGroup                     urn:pulumi:production::main-stack::aws:ec2/securityGroup:SecurityGroup::alb-sg
aws:rds/subnetGroup:SubnetGroup                         urn:pulumi:production::main-stack::aws:rds/subnetGroup:SubnetGroup::rds-subnet
aws:cloudwatch/logGroup:LogGroup                        urn:pulumi:production::main-stack::awsx:ecs:FargateTaskDefinition$aws:cloudwatch/logGroup:LogGroup::source-worker-task
aws:ec2/securityGroup:SecurityGroup                     urn:pulumi:production::main-stack::aws:ec2/securityGroup:SecurityGroup::rds-sg
aws:ec2/securityGroupRule:SecurityGroupRule             urn:pulumi:production::main-stack::aws:ec2/securityGroupRule:SecurityGroupRule::rds-bastion-sg-rule
aws:lb/targetGroup:TargetGroup                          urn:pulumi:production::main-stack::metabase:index:Metabase$aws:lb/targetGroup:TargetGroup::metabaseservice-metabase
aws:rds/subnetGroup:SubnetGroup                         urn:pulumi:production::main-stack::metabase:index:Metabase$aws:rds/subnetGroup:SubnetGroup::metabaseservice-metabase
aws:ec2/securityGroup:SecurityGroup                     urn:pulumi:production::main-stack::metabase:index:Metabase$aws:ec2/securityGroup:SecurityGroup::metabaseservice-metabase-sg
aws:ecs/taskDefinition:TaskDefinition                   urn:pulumi:production::main-stack::awsx:ecs:FargateTaskDefinition$aws:ecs/taskDefinition:TaskDefinition::source-worker-task
awsx:ecs:FargateTaskDefinition                          urn:pulumi:production::main-stack::awsx:ecs:FargateTaskDefinition::source-api-task
aws:ec2/securityGroupRule:SecurityGroupRule             urn:pulumi:production::main-stack::metabase:index:Metabase$aws:ec2/securityGroupRule:SecurityGroupRule::metabaseservice-metabase-egress
aws:cloudwatch/logGroup:LogGroup                        urn:pulumi:production::main-stack::awsx:ecs:FargateTaskDefinition$aws:cloudwatch/logGroup:LogGroup::source-api-task
aws:ec2/securityGroupRule:SecurityGroupRule             urn:pulumi:production::main-stack::metabase:index:Metabase$aws:ec2/securityGroupRule:SecurityGroupRule::metabaseservice-metabase-self
aws:ecs/taskDefinition:TaskDefinition                   urn:pulumi:production::main-stack::awsx:ecs:FargateTaskDefinition$aws:ecs/taskDefinition:TaskDefinition::source-api-task
awsx:lb:ApplicationLoadBalancer                         urn:pulumi:production::main-stack::awsx:lb:ApplicationLoadBalancer::source-alb
aws:ecs/cluster:Cluster                                 urn:pulumi:production::main-stack::metabase:index:Metabase$aws:ecs/cluster:Cluster::metabaseservice-metabase
aws:lb/loadBalancer:LoadBalancer                        urn:pulumi:production::main-stack::awsx:lb:ApplicationLoadBalancer$aws:lb/loadBalancer:LoadBalancer::source-alb
aws:ec2/securityGroup:SecurityGroup                     urn:pulumi:production::main-stack::metabase:index:Metabase$aws:ec2/securityGroup:SecurityGroup::metabaseservice-metabase-lb-sg
aws:lb/targetGroup:TargetGroup                          urn:pulumi:production::main-stack::awsx:lb:ApplicationLoadBalancer$aws:lb/targetGroup:TargetGroup::source-alb
aws:lb/listener:Listener                                urn:pulumi:production::main-stack::awsx:lb:ApplicationLoadBalancer$aws:lb/listener:Listener::source-alb-0
awsx:ecs:FargateService                                 urn:pulumi:production::main-stack::awsx:ecs:FargateService::source-worker
aws:route53/record:Record                               urn:pulumi:production::main-stack::aws:route53/record:Record::source-alb-record
aws:lb/listener:Listener                                urn:pulumi:production::main-stack::aws:lb/listener:Listener::source-alb-https-listener
aws:ec2/securityGroupRule:SecurityGroupRule             urn:pulumi:production::main-stack::metabase:index:Metabase$aws:ec2/securityGroupRule:SecurityGroupRule::metabaseservice-metabase-segment
aws:rds/cluster:Cluster                                 urn:pulumi:production::main-stack::metabase:index:Metabase$aws:rds/cluster:Cluster::metabaseservice-metabase
aws:ecs/taskDefinition:TaskDefinition                   urn:pulumi:production::main-stack::metabase:index:Metabase$aws:ecs/taskDefinition:TaskDefinition::metabaseservice-metabase
aws:lb/loadBalancer:LoadBalancer                        urn:pulumi:production::main-stack::metabase:index:Metabase$aws:lb/loadBalancer:LoadBalancer::metabaseservice-metabase
aws:lb/listener:Listener                                urn:pulumi:production::main-stack::metabase:index:Metabase$aws:lb/listener:Listener::metabaseservice-metabase
aws:ecs/service:Service                                 urn:pulumi:production::main-stack::metabase:index:Metabase$aws:ecs/service:Service::metabaseservice-metabase
aws:ecs/service:Service                                 urn:pulumi:production::main-stack::awsx:ecs:FargateService$aws:ecs/service:Service::source-worker
awsx:ecs:FargateService                                 urn:pulumi:production::main-stack::awsx:ecs:FargateService::source-api
aws:ecs/service:Service                                 urn:pulumi:production::main-stack::awsx:ecs:FargateService$aws:ecs/service:Service::source-api

Found no pending operations associated with production

Backend        
Name           pulumi.com
URL            https://app.pulumi.com/damianesteban
User           damianesteban
Organizations  damianesteban, xxxxxx
Token type     personal

Pulumi locates its logs in /var/folders/vc/q1n9bgzj2sv_51gbmrvjxr5c0000gn/T/ by default
warning: Failed to get information about the Pulumi program's dependencies: could not find either /Users/damianesteban/src/xxxxxx/xxxxxx-infrastructure/main-production/yarn.lock or /Users/damianesteban/src/xxxxxx/xxxxxx-infrastructure/main-production/package-lock.json

Additional context

I would love to use this Provider and even contribute to it.

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

scottslowe commented 6 months ago

Thanks for this issue, @damianesteban! It is a known issue that it sometimes takes 2-3 minutes before the ECS service will start responding, and until it does start responding you'll get a 503. Do you mind if I ask how long you waited after the service was created?

matthewelwell commented 3 months ago

I am also seeing a similar issue. It looks as though the ECS service is just flapping, but I can't see any useful logs being outputted from the tasks that are being killed. See screenshot below for event logs from the service.

image

You can also see that the tasks never seem to register as healthy in the target group (which is likely what is causing the 503/504s). I just see this in the target group.

image

Inspecting a failed task, this is unfortunately all I can see.

image

Confirmation of empty logs.

image

I have tried updating the health check endpoint in the target group to /api/health as per the article here, however, that only seemed to make the issue worse and caused the health checks to actively fail.

image

I'm continuing to investigate but any assistance here would be greatly appreciated. Note that, in direct response to the question asked by @scottslowe to the author of this issue, I waited ~10 minutes for the service to come online and I was still seeing 503s (well technically a mixture of 503s, 502s and 504s as the ECS service flapped about).

matthewelwell commented 3 months ago

For a limited period of time, it looks like the service does at least try to load, but I just see the following (it never loads past this loading screen):

image image
matthewelwell commented 3 months ago

For anyone getting here, the issue is that the RDS configuration is outdated. This package is configured to create a serverless (v1) RDS instance using mysql 5.7 which (it seems) metabase no longer supports. Because of this, the migrations fail and hence, the service never becomes healthy.

To resolve this, I manually added logging configuration which seems to have been commented out here. This was possibly because of incorrect IAM policies. I think perhaps the task execution role needs access to createLogGroup although I have not yet verified this - I just created the log group manually myself.

Once I had the logs, I was able to determine the above DB issue and tried to just update the engine version using the (undocumented) database: DatabaseArgs init parameter to the Metabase constructor (see here). I tried to set engine_version=8.0.mysql_aurora.3.05.2 but unfortunately with the combination of other parameters that are hardcoded, this doesn't work (since 8.0 is not available via serverless v1).

Finally, I ended up just creating a new RDS serverless v2 instance from scratch and manually updated the task definition to point to the new database.

Based on this, I think there is a significant chunk of work to do against this repository to update the RDS configuration. A few options here would be:

  1. Allow users to just create the RDS instance outside of this and provide the instance details to the Metabase constructor
  2. Allow users to configure more options for the RDS instance
  3. Update the default configuration to use correct versions of RDS and DB engines.

Probably a combination of all 3 of the above is the best approach.

tday commented 1 month ago

I was able to resolve this by changing the metabase version to one that works with the supported Aurora version

const metabaseService = new metabase.Metabase("metabaseService", {
    metabaseVersion: "v0.47.0"
});