search

shieldproject / shield-boshrelease

BOSH Release for shield
MIT License
11 stars 17 forks source link

Running postgres in a dedicated instances does not work #57

Closed janaurka closed 7 years ago

janaurka commented 7 years ago

Hey

Apparently it is currently not possible to run postgres in another vm/instance then nginx+shield-daemon.

Having a bosh2.0 style manifest which puts everything onto one VM:

---
name: shield
director_uuid: <uuid>

releases:
- name: shield
  version: latest

stemcells:
- alias: trusty
  name: bosh-vsphere-esxi-ubuntu-trusty-go_agent
  version: latest

instance_groups:
- azs:
  - az1
  name: shield
  instances: 1
  vm_type: 2cpu_4gbram_20gbdisk
  stemcell: trusty

  networks:
  - name: static
    static_ips: 10.35.96.66
  jobs:
  - name: nginx
    release: shield
  - name: shield-daemon
    release: shield
  - name: shield-agent
    release: shield
  - name: postgres
    release: shield
  properties:
    shield:
      daemon:
        domain: 10.35.96.66
        ssh_private_key: |+
          <private-key-stuff>
        database:
          type: postgres
          host: 10.35.96.66
          port: 5524
          username: shieldadmin
          password: admin
          db: shielddb
      agent:
        autoprovision: "https://10.35.96.66"
    databases:
      address: 10.35.96.66
      databases:
      - citext: true
        name: shielddb
        tag: shield
      - citext: true
        name: sessionsdb
        tag: sessions
      db_scheme: postgres
      port: 5524
      roles:
      - name: shieldadmin
        password: admin
        tag: admin

update:
  canaries: 1
  max_in_flight: 50
  canary_watch_time: 5000-120000
  update_watch_time: 5000-120000

This is working fine.

When trying to give postgres a dedicated vm:

---
name: shield-multi-vms
director_uuid: <uuid>

releases:
- name: shield
  version: latest

stemcells:
- alias: trusty
  name: bosh-vsphere-esxi-ubuntu-trusty-go_agent
  version: latest

instance_groups:
- azs:
  - az1
  name: shield
  instances: 1
  vm_type: 2cpu_4gbram_20gbdisk
  stemcell: trusty

  networks:
  - name: static
    static_ips: 10.35.96.67
  jobs:
  - name: nginx
    release: shield
  - name: shield-daemon
    release: shield
  - name: shield-agent
    release: shield
  properties:
    shield:
      daemon:
        domain: 10.35.96.67
        ssh_private_key: |+
          <private-key>
        database:
          type: postgres
          host: 10.35.96.68
          port: 5524
          username: shieldadmin
          password: admin
          db: shielddb
      agent:
        autoprovision: "https://10.35.96.67"
- azs:
  - az1
  name: postgres
  instances: 1
  vm_type: 2cpu_4gbram_20gbdisk
  stemcell: trusty

  networks:
  - name: static
    static_ips: 10.35.96.68
  jobs:
  - name: postgres
    release: shield
  properties:
    databases:
      address: 10.35.96.68
      databases:
      - citext: true
        name: shielddb
        tag: shield
      - citext: true
        name: sessionsdb
        tag: sessions
      db_scheme: postgres
      port: 5524
      roles:
      - name: shieldadmin
        password: admin
        tag: admin

update:
  canaries: 1
  max_in_flight: 50
  canary_watch_time: 5000-120000
  update_watch_time: 5000-120000

fails with:

Director task 481
  Started preparing deployment > Preparing deployment. Done (00:00:00)

  Started preparing package compilation > Finding packages to compile. Done (00:00:00)

  Started creating missing vms
  Started creating missing vms > shield/e636d5bc-4e27-4800-8d1c-4a9286207f5a (0)
  Started creating missing vms > postgres/d241e01b-1483-429e-8da8-1c9137a66663 (0)
     Done creating missing vms > shield/e636d5bc-4e27-4800-8d1c-4a9286207f5a (0) (00:00:52)
     Done creating missing vms > postgres/d241e01b-1483-429e-8da8-1c9137a66663 (0) (00:00:54)
     Done creating missing vms (00:00:54)

  Started updating instance shield > shield/e636d5bc-4e27-4800-8d1c-4a9286207f5a (0) (canary). Failed: 'shield/0 (e636d5bc-4e27-4800-8d1c-4a9286207f5a)' is not running after update. Review logs for failed jobs: shield-daemon (00:02:23)

Error 400007: 'shield/0 (e636d5bc-4e27-4800-8d1c-4a9286207f5a)' is not running after update. Review logs for failed jobs: shield-daemon

Task 481 error

The shield-daemon fails because it cannot connect to postgres, because there is not even a postgres running:

/d241e01b-1483-429e-8da8-1c9137a66663:/var/vcap/sys/log$ ps aux |grep postgres
/d241e01b-1483-429e-8da8-1c9137a66663:/var/vcap/sys/log$ netstat -tulpen
(No info could be read for "-p": geteuid()=1001 but you should be root.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode       PID/Program name
tcp        0      0 0.0.0.0:32785           0.0.0.0:*               LISTEN      103        10455       -               
tcp        0      0 127.0.0.1:33331         0.0.0.0:*               LISTEN      0          12301       -               
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          11300       -               
tcp        0      0 127.0.0.1:2822          0.0.0.0:*               LISTEN      0          12300       -               
tcp        0      0 127.0.0.1:2825          0.0.0.0:*               LISTEN      0          11465       -               
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      0          10405       -               
tcp6       0      0 :::22                   :::*                    LISTEN      0          11302       -               
tcp6       0      0 :::47455                :::*                    LISTEN      103        10459       -               
tcp6       0      0 :::111                  :::*                    LISTEN      0          10408       -               
udp        0      0 0.0.0.0:37550           0.0.0.0:*                           103        10452       -               
udp        0      0 0.0.0.0:735             0.0.0.0:*                           0          10404       -               
udp        0      0 127.0.0.1:756           0.0.0.0:*                           0          10436       -               
udp        0      0 0.0.0.0:111             0.0.0.0:*                           0          10399       -               
udp6       0      0 :::735                  :::*                                0          10407       -               
udp6       0      0 :::111                  :::*                                0          10406       -               
udp6       0      0 :::53597                :::*                                103        10457       -

Can we somehow make it possible to separate the postgres instance from shield-daemon?

cheers

geofffranks commented 7 years ago

Does this succeed if you put the db instance group before the shield instance group?

Sent from my iPhone

On Dec 21, 2016, at 7:07 AM, janaurka notifications@github.com wrote:

Hey

Apparently it is currently not possible to run postgres in another vm/instance then nginx+shield-daemon.

Having a bosh2.0 style manifest which puts everything onto one VM:

name: shield director_uuid:

releases:

  • name: shield version: latest

stemcells:

  • alias: trusty name: bosh-vsphere-esxi-ubuntu-trusty-go_agent version: latest

instance_groups:

  • azs:

    • az1 name: shield instances: 1 vm_type: 2cpu_4gbram_20gbdisk stemcell: trusty

    networks:

    • name: static static_ips: 10.35.96.66 jobs:
    • name: nginx release: shield
    • name: shield-daemon release: shield
    • name: shield-agent release: shield
    • name: postgres release: shield properties: shield: daemon: domain: 10.35.96.66 ssh_private_key: |+ database: type: postgres host: 10.35.96.66 port: 5524 username: shieldadmin password: admin db: shielddb agent: autoprovision: "https://10.35.96.66" databases: address: 10.35.96.66 databases: - citext: true name: shielddb tag: shield - citext: true name: sessionsdb tag: sessions db_scheme: postgres port: 5524 roles: - name: shieldadmin password: admin tag: admin

update: canaries: 1 max_in_flight: 50 canary_watch_time: 5000-120000 update_watch_time: 5000-120000 This is working fine.

When trying to give postgres a dedicated vm:

name: shield-multi-vms director_uuid:

releases:

  • name: shield version: latest

stemcells:

  • alias: trusty name: bosh-vsphere-esxi-ubuntu-trusty-go_agent version: latest

instance_groups:

  • azs:

    • az1 name: shield instances: 1 vm_type: 2cpu_4gbram_20gbdisk stemcell: trusty

    networks:

    • name: static static_ips: 10.35.96.67 jobs:
    • name: nginx release: shield
    • name: shield-daemon release: shield
    • name: shield-agent release: shield properties: shield: daemon: domain: 10.35.96.67 ssh_private_key: |+ database: type: postgres host: 10.35.96.68 port: 5524 username: shieldadmin password: admin db: shielddb agent: autoprovision: "https://10.35.96.67"

  • azs:

    • az1 name: postgres instances: 1 vm_type: 2cpu_4gbram_20gbdisk stemcell: trusty

    networks:

    • name: static static_ips: 10.35.96.68 jobs:
    • name: postgres release: shield properties: databases: address: 10.35.96.68 databases:
      • citext: true name: shielddb tag: shield
      • citext: true name: sessionsdb tag: sessions db_scheme: postgres port: 5524 roles:
      • name: shieldadmin password: admin tag: admin

update: canaries: 1 max_in_flight: 50 canary_watch_time: 5000-120000 update_watch_time: 5000-120000 fails with:

Director task 481 Started preparing deployment > Preparing deployment. Done (00:00:00)

Started preparing package compilation > Finding packages to compile. Done (00:00:00)

Started creating missing vms Started creating missing vms > shield/e636d5bc-4e27-4800-8d1c-4a9286207f5a (0) Started creating missing vms > postgres/d241e01b-1483-429e-8da8-1c9137a66663 (0) Done creating missing vms > shield/e636d5bc-4e27-4800-8d1c-4a9286207f5a (0) (00:00:52) Done creating missing vms > postgres/d241e01b-1483-429e-8da8-1c9137a66663 (0) (00:00:54) Done creating missing vms (00:00:54)

Started updating instance shield > shield/e636d5bc-4e27-4800-8d1c-4a9286207f5a (0) (canary). Failed: 'shield/0 (e636d5bc-4e27-4800-8d1c-4a9286207f5a)' is not running after update. Review logs for failed jobs: shield-daemon (00:02:23)

Error 400007: 'shield/0 (e636d5bc-4e27-4800-8d1c-4a9286207f5a)' is not running after update. Review logs for failed jobs: shield-daemon

Task 481 error The shield-daemon fails because it cannot connect to postgres, because there is not even a postgres running:

/d241e01b-1483-429e-8da8-1c9137a66663:/var/vcap/sys/log$ ps aux |grep postgres /d241e01b-1483-429e-8da8-1c9137a66663:/var/vcap/sys/log$ netstat -tulpen (No info could be read for "-p": geteuid()=1001 but you should be root.) Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 0.0.0.0:32785 0.0.0.0: LISTEN 103 10455 -
tcp 0 0 127.0.0.1:33331 0.0.0.0: LISTEN 0 12301 -
tcp 0 0 0.0.0.0:22 0.0.0.0: LISTEN 0 11300 -
tcp 0 0 127.0.0.1:2822 0.0.0.0: LISTEN 0 12300 -
tcp 0 0 127.0.0.1:2825 0.0.0.0: LISTEN 0 11465 -
tcp 0 0 0.0.0.0:111 0.0.0.0: LISTEN 0 10405 -
tcp6 0 0 :::22 ::: LISTEN 0 11302 -
tcp6 0 0 :::47455 ::: LISTEN 103 10459 -
tcp6 0 0 :::111 ::: LISTEN 0 10408 -
udp 0 0 0.0.0.0:37550 0.0.0.0: 103 10452 -
udp 0 0 0.0.0.0:735 0.0.0.0: 0 10404 -
udp 0 0 127.0.0.1:756 0.0.0.0: 0 10436 -
udp 0 0 0.0.0.0:111 0.0.0.0: 0 10399 -
udp6 0 0 :::735 ::: 0 10407 -
udp6 0 0 :::111 ::: 0 10406 -
udp6 0 0 :::53597 ::: 103 10457 - Can we somehow make it possible to separate the postgres instance from shield-daemon?

cheers

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

janaurka commented 7 years ago

@geofffranks: lol, this works. + I had to attach a persistent_disk which makes sense.

Well, then this issue is solved. Maybe it would be wise to add a note in the documentation, what do you think?