App.spec file for aws ECS blue green deployment - amazon-web-services

When i run App.spec file for aws ECS blue green deployment the error is coming : "The deployment failed because the AppSpec file that specifies the deployment configuration is missing or has an invalid configuration. Failed to parse your appspec file. Please validate your appspec format and try again later." If anyone
knows about this error. Please let me know me.

Validate your AppSpec File
File syntax Validation:
you can use a browser-based tool such as YAML lint http://www.yamllint.com or an Online YAML parser http://yaml-online-parser.appspot.com to help you check your YAML syntax. Most of the time, it would solve your problem.
File Location validation:
Make sure to name your AppSpec File as appspec.yml, To verify that you have placed your AppSpec file in the root directory of the application's source content's directory structure, run one of the following commands:
On local Linux, macOS, or Unix instances:
ls path/to/root/directory/appspec.yml
If the AppSpec file is not located there, a "No such file or directory" error is displayed.
On local Windows instances:
dir path\to\root\directory\appspec.yml
If the AppSpec file is not located there, a "File Not Found" error is displayed.
AppSpec File example for an Amazon ECS deployment
Following is an example of an AppSpec file written in YAML for deploying an Amazon ECS service.
version: 0.0
Resources:
- TargetService:
Type: AWS::ECS::Service
Properties:
TaskDefinition: "arn:aws:ecs:us-east-1:111222333444:task-definition/my-task-definition-family-name:1"
LoadBalancerInfo:
ContainerName: "SampleApplicationName"
ContainerPort: 80
# Optional properties
PlatformVersion: "LATEST"
NetworkConfiguration:
AwsvpcConfiguration:
Subnets: ["subnet-1234abcd","subnet-5678abcd"]
SecurityGroups: ["sg-12345678"]
AssignPublicIp: "ENABLED"
CapacityProviderStrategy:
- Base: 1
CapacityProvider: "FARGATE_SPOT"
Weight: 2
- Base: 0
CapacityProvider: "FARGATE"
Weight: 1
Hooks:
- BeforeInstall: "LambdaFunctionToValidateBeforeInstall"
- AfterInstall: "LambdaFunctionToValidateAfterInstall"
- AfterAllowTestTraffic: "LambdaFunctionToValidateAfterTestTrafficStarts"
- BeforeAllowTraffic: "LambdaFunctionToValidateBeforeAllowingProductionTraffic"
- AfterAllowTraffic: "LambdaFunctionToValidateAfterAllowingProductionTraffic"
AppSpec File example for an Amazon EC2 deployment
See the hooks, which hooks are available and used to do what for a successful deployment.
version: 0.0
os: linux
files:
- source: /
destination: /var/www/html
file_exists_behavior: OVERWRITE
permissions:
- object: /var/www/html
pattern: "**"
owner: root
group: www-data
mode: 644 # gives read and write permissions to the owner of the object (6), read-only permissions to the group (4), and read-only permissions to all other users (4).
# acls:
# - u:deployer:rwx
type:
- file
- object: /var/www/html
pattern: "**"
owner: root
group: www-data
mode: 755 # sets the setuid attribute (4), gives full control permissions to the owner (7), gives read and execute permissions to the group (5), and gives read and execute permissions to all other users (5).
# acls:
# - u:deployer:rwx
type:
- directory
hooks:
BeforeBlockTraffic: # run tasks on instances before they are deregistered from a load balancer.
- location: ./devops/hooks/1_BeforeBlockTraffic.sh
timeout: 300
runas: deployer # we are running codedeploy as non-root user and only the root user has the ability to have runas "su" command without password authentication
# BlockTraffic: # can't be scripted
# - location: ./devops/hooks/2_BlockTraffic.sh
# timeout: 300
# # runas: deployer
AfterBlockTraffic: # run tasks on instances after they are deregistered from a load balancer.
- location: ./devops/hooks/3_AfterBlockTraffic.sh
timeout: 300
runas: deployer
ApplicationStop: # occurs even before the application revision is downloaded
- location: ./devops/hooks/4_ApplicationStop.sh
timeout: 300
runas: root
# DownloadBundle: # can't be scripted
# - location: ./devops/hooks/5_DownloadBundle.sh
# timeout: 300
# runas: deployer
BeforeInstall:
- location: ./devops/hooks/6_BeforeInstall.sh
timeout: 300
runas: root
# Install: # can't be scripted, copies the revision files from the temporary location to the final destination folder.
# - location: ./devops/hooks/7_Install.sh
# timeout: 300
# runas: deployer
AfterInstall:
- location: ./devops/hooks/8_AfterInstall.sh
timeout: 300
# runas: deployer
ApplicationStart:
- location: ./devops/hooks/9_ApplicationStart.sh
timeout: 300
runas: root
ValidateService:
- location: ./devops/hooks/10_ValidateService.sh
timeout: 300
runas: deployer
BeforeAllowTraffic: # run tasks on instances before they are registered with a load balancer.
- location: ./devops/hooks/11_BeforeAllowTraffic.sh
timeout: 300
# runas: deployer
# AllowTraffic: # can't be scripted
# - location: ./devops/hooks/12_AllowTraffic.sh
# timeout: 300
# # runas: deployer
AfterAllowTraffic: # run tasks on instances after they are registered with a load balancer.
- location: ./devops/hooks/13_AfterAllowTraffic.sh
timeout: 300
# runas: deployer

Related

Error creating peer channel Amazon Managed Blockchain Hyperledger Fabric v1.4

I hope someone could help me with the following problem.
I am using Amazon Managed Blockchain with the framework Hyperledge Fabric v1.4 and I followed this documentation https://docs.aws.amazon.com/managed-blockchain/latest/hyperledger-fabric-dev/get-started-create-channel.html.
This is the error I get when I try to create the channel with that command line:
Command line:
docker exec cli peer channel create -c mychannel -f /opt/home/mychannel.pb -o $ORDERER --cafile /opt/home/managedblockchain-tls-chain.pem --tls
Error:
2022-01-17 10:34:47.356 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Error: got unexpected status: BAD_REQUEST -- error validating channel creation transaction for new channel 'mychannel', could not succesfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
The admin certificate is in a folder "admin-msp".
My configxt.yaml (I did not get any error executing a previous step with "docker exec cli configtxgen -outputCreateChannelTx /opt/home/mychannel.pb -profile OneOrgChannel -channelID mychannel --configPath /opt/home/"):
Organizations:
- &Org1
Name: m-Q37N3LRUKNFDXBZ7GARMYFBYIE
ID: m-Q37N3LRUKNFDXBZ7GARMYFBYIE
Policies: &Org1Policies
Readers:
Type: Signature
Rule: "OR('Org1.member')"
# If your MSP is configured with the new NodeOUs, you might
# want to use a more specific rule like the following:
# Rule: "OR('Org1.admin', 'Org1.peer', 'Org1.client')"
Writers:
Type: Signature
Rule: "OR('Org1.member')"
# If your MSP is configured with the new NodeOUs, you might
# want to use a more specific rule like the following:
# Rule: "OR('Org1.admin', 'Org1.client')"
Admins:
Type: Signature
Rule: "OR('Org1.admin')"
# MSPDir is the filesystem path which contains the MSP configuration.
MSPDir: /opt/home/admin-msp
# AnchorPeers defines the location of peers which can be used for
# cross-org gossip communication. Note, this value is only encoded in
# the genesis block in the Application section context.
AnchorPeers:
- Host: 127.0.0.1
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
V1_3: false
V1_1: false
Orderer: &OrdererCapabilities
V1_4_2: true
V1_1: false
Application: &ApplicationCapabilities
V1_4_2: true
V1_3: false
V1_2: false
V1_1: false
Channel: &ChannelDefaults
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Application: &ApplicationDefaults
Policies: &ApplicationDefaultPolicies
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "ANY Readers"
Endorsement:
Type: ImplicitMeta
Rule: "ANY Readers"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Profiles:
OneOrgChannel:
<<: *ChannelDefaults
Consortium: AWSSystemConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *Org1
My docker-compose-cli.yaml file:
version: '2'
services:
cli:
container_name: cli
image: hyperledger/fabric-tools:1.4
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=info # Set logging level to debug for more verbose logging
- CORE_PEER_ID=cli
- CORE_CHAINCODE_KEEPALIVE=10
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/home/managedblockchain-tls-chain.pem
- CORE_PEER_LOCALMSPID=$Member
- CORE_PEER_MSPCONFIGPATH=/opt/home/admin-msp
- CORE_PEER_ADDRESS=$MyPeerNodeEndpoint
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- /home/ec2-user/fabric-samples/chaincode:/opt/gopath/src/github.com/
- /home/ec2-user:/opt/home
Thanks in advance :).

Code deploy appspec.yml permission specification for the pattern match vendor folder

I have below requirement that I need to archive with the AWS code-deploy appspec.yml, I am confused about how to do this, As no matter how I try, the composer/vendor folder/files do not get 755. Any idea on how to solve this?
1. I want everything (files and folders) in /var/www/html to be owned by nginx AND have permission 644 including folders and files.
2. Except "vendor" folder and files inside some modules, so I want to search for the pattern of folder "vendor" and set it to 755.
My current appsepc.yml is like below
version: 0.0
os: linux
files:
- source: /apps
destination: /var/www/html/apps
- source: /core
destination: /var/www/html/core
permissions:
- object: /var/www/html/
pattern: "**"
except: [ "./var/*", "*/vendor/*" ]
owner: nginx
group: nginx
mode: 644
type:
- file
- object: /var/www/html/
pattern: "*/vendor/*"
owner: nginx
group: nginx
mode: 755

How to correctly use dynamic inventories with Ansible?

I am trying to provide initial configuration and software installation to a newly created AWS EC2 instance by using Ansible. If I run my playbooks independently it works just as I want. However, if I try to automate it into a single playbook by using two imports, it doesn't work (probably because the dynamic inventory can't get the newly created IP address?)...
Running together:
[WARNING]: Could not match supplied host pattern, ignoring:
aws_region_eu_central_1
PLAY [variables from dynamic inventory] ****************************************
skipping: no hosts matched
Running separately:
TASK [Gathering Facts] *********************************************************
[WARNING]: Platform linux on host XX.XX.XX.XX is using the discovered Python
interpreter at /usr/bin/python, but future installation of another Python
interpreter could change the meaning of that path. See https://docs.ansible.com
/ansible/2.10/reference_appendices/interpreter_discovery.html for more
information.
ok: [XX.XX.XX.XX]
This is my main playbook:
- import_playbook: server-setup.yml
- import_playbook: server-configuration.yml
server-setup.yml:
---
# variables from dynamic inventory
- name: variables from dynamic inventory
remote_user: ec2-user
hosts: localhost
roles:
- ec2-instance
server-configuration.yml:
---
# variables from dynamic inventory
- name: variables from dynamic inventory
remote_user: ec2-user
become: true
become_method: sudo
become_user: root
ignore_unreachable: true
hosts: aws_region_eu_central_1
gather_facts: false
pre_tasks:
- pause:
minutes: 5
roles:
- { role: epel, sudo: true }
- { role: nodejs, sudo: true }
This is my ansible.cfg file:
[defaults]
inventory = test_aws_ec2.yaml
private_key_file = master-key.pem
enable_plugins = aws_ec2
host_key_checking = False
pipelining = True
log_path = ansible.log
roles_path = /roles
forks = 1000
and finally my hosts.ini:
[local]
localhost ansible_python_interpreter=/usr/local/bin/python3

CodeDeploy: Script at specified location: scripts/stop_server run as user root failed with exit code 1

No matter what I put inside the stop_server file the CodeDeploy ends up with the error as above.
I even commented out all the lines to simplify debugging, so now it looks inside like this
#!/bin/bash
# pkill -f node
My appspec.yml:
version: 0.0
os: linux
files:
- source: /app.js
destination: /home/ec2-user/node-website
- source: /package.json
destination: /home/ec2-user/node-website
- source: /public/
destination: /home/ec2-user/node-website/public
- source: /node_modules
destination: /home/ec2-user/node-website/node_modules
permissions:
- object: /
pattern: "**"
owner: ec2-user
group: ec2-user
hooks:
AfterInstall:
- location: scripts/install_dependencies
timeout: 300
runas: ec2-user
#- location: scripts/codestar_remote_access
# timeout: 300
# runas: ec2-user
- location: scripts/start_server
timeout: 300
runas: ec2-user
ApplicationStop:
- location: scripts/stop_server
timeout: 300
runas: ec2-user
Any sugestions highly appreciated!
When you do a deployment, it will actually use the ApplicationStop from your last successful deployment, not your current deployment. I resolved the problem by deleting the application that I have problem with and creating a new one.
You can check the code-deploy logs to find more details, the logs is normally located in:
/opt/codedeploy-agent/deployment-root/deployment-logs/codedeploy-agent-deployments.log
Find more detailed error logs and let me know if you still cannot figure it out

Code deploy error

Error CodeUnknownError
Script Name
Message: No such file or directory - /opt/codedeploy-agent/deployment-root/a449172f-ee92-4a07-b4eb-04c90047873b/d-URYKGM6UG/deployment-archive/appspec.yml
Log Tail
Can someone help me in figuring out what could be the issue?
It appears that your deployment has an error in the appspec.yml file, or the file is not at the root level of the archive.
Please double check the file location, and also check for typos, or invalid paths. Those types of problems can produce these errors.
version: 0.0
os: linux
files:
- source: /
destination: /var/www/html
permissions:
- object: /var/www/html
pattern: "**"
owner: apache
group: apache
mode: 755
type:
- file
hooks:
BeforeInstall:
- location: Scripts/installapache.sh
runas: root
- location: Scripts/startapache.sh
runas: root
AfterInstall:
- location: Scripts/restartapache.sh
runas: root