Clojurians Log v2

The ami used is a bog standard Ubuntu server instance @steveb8n. Maybe Roll could auto determine the AMI if one is not supplied.. that could be handy.

Sorry, didn't realise the one in Roll is only for eu-west-1 !

true although maybe just adding that to the docs for now would be enough to avoid my issue

I already tried a pretty basic Ubuntu AMI and it failed on jdk install (see above). It could have been specific to the one I tried

either way, I’ll try copying your AMI into my region, to keep moving.

while you are here. Is there any sample code in edge for reading/decrypting KMS secrets? The doc’s mention KMS and I liked it (after learning about it) but it would be good to reference an example somewhere

Sure. Not sure we have any docs.. there is a blog post in the works! I will see what we have. It is very cool and worth it. Roll does some KMS stuff but I need to verify.

@steveb8n I'm gonna have a go at writing a script to get the Ubuntu image for the given region today.

I'll try and port it to pack-datomic too

Pass. /cc @jonpither

cool. I’ll hold off until you’ve tried. BTW there was no good vanilla Ubuntu image in the Sydney region. one mo and and paste in the list

it’s 50 items so maybe I won’t paste in. but they are all php servers so probably not ideal

that means that your script will not work in my region regardless. do you care?

I can still copy the Edge AMI into my region to workaround this

@steveb8n https://cloud-images.ubuntu.com/locator/ec2/ apparently there's official ones? Did you try them?

hmm, I missed those somehow. thanks for the correction

I’ve gotta pop out for an hour but I’ll try one of those right after I get back

I have checked the original repo that @jonpither mentions in the README from @robert-stuttaford and that one includes the DDB storage provisioning so I will go ahead and adapt that one

@steveb8n let me know how you get on, because I'd love to use this list to automatically determine the correct AMI for people.

@dominicm how do you capture the resulting ami name for use in terraform afterwards?

@stijn for pack datomic? Currently it's a manual process. I wonder if it needs to be though.

well, the use case for pack-datomic for us is that I want to have some code on the datomic transactor classpath

we're running into trouble using rules inside a transactor function, and the only way I've been able to make it work is by putting the rules in a clojure file that is visible to the transactor jvm

but, if these rules change (not very often), I need to rebuild the ami

i need to think about this, if doing it automatically is even a good idea 🙂

Agreed. The other option is that user data launches the datomic instance, and it does that after uploading the clojure files.

@dominicm I’m trying to re-deploy using that AMI but having trouble with existing deployed stuff. I’ve manually deleted all but one but can’t find where to delete the “instance profile”

aws_iam_instance_profile.nextdoc: Error creating IAM instance profile dev-nextdoc: EntityAlreadyExists: Instance Profile dev-nextdoc already exists. status code: 409, request id: c8e259dc-946e-11e7-9e63-637aa216adbb

any suggestions?

@steveb8n I'd try under a credentials section. I'll be in the office in 5m and can be more precise.

Iam is a security thing though

I think terraform destroy will work actually

That's easier

yep, docs say that an “instance profile” is just an IAM role but nothing with that name is present

ok I’ll try destroy

no joy. destroy worked cleanly but still blocked by the “instance profile”

I wonder if some kind of eventual consistency is in play here

because there’s no such IAM role

I once got locked out of aws for a couple hours because my password reset was eventually consistent. Too slowly consistent.

I can see it using CLI, just don’t know where to look in console

I’ll try deleting using CLI

okay, 😆

this is strange indeed

success! at least I’m past the “instance profile”. EC2 instance now booting so I can check the AMI… finally

strange that “instance profile” in AWS is not an easy cleanup via console

more success. that AMI shows no apt-get errors in user-data.log so looks good

jdk installed as well so I’d say this AMI is good. Now I need to spend some time matching my uberjar to the shape of the Edge uberjar.

but that will have to wait till my morning as it’s dinner time. thanks again!

happy days 🙂

I fixed the uberjar and my app is now running and accessible via http. That's a win. I'll work on using KMS keys over the weekend and will sync up for next steps on your Monday

In the meantime, have a great weekend

well done @steveb8n! I will review all text in this thread and github issues soon. I really appreciate your efforts in testing all this out

Likewise. A great team effort. This is a really valuable library.