We Keep Coding

Multiple environments with one cluster sharing the same terraform state

I have created EKS cluster using terraform-aws-modules/vpc/aws with Terraform, I use one VPC with 3 private subnets on each AZs in Frankfurt. I've created two services (tomcat and psql) and deployment which are exposed via LoadBalancer and accessible via internet. It looks fine so far.
but the problem is that it's only one environment (DEV). I would like to create multiple environments like stage,test and more inside one VPC and inside one cluster, how to do it using terraform? should I create new files per environment? It would not make sense but nothing comes to my mind... I was considering also workspaces but the problem is that new workspace requires new state - it means that I need to create new VPC with new cluster per one workspace! maybe I should divide my terraform files to have something like "general" workspace and there would be a configuration to VPC and cluster, and create new workspaces for each of the environments? do you have any ideas or better solutions?
VPC - 172.26.0.0/16
+----------------------+----------------------------------+
| |
| |
| KUBERNETES CLUSTER |
| +-------------------------------------------------+ |
| | | |
| | | |
| | | |
| | +------------------+ +-----------------+ | |
| | | | | | | |
| | | TEST ENV | | DEV ENV | | |
| | | +------+ +-----+ | | +-----+ +-----+ | | |
| | | |tomcat| |psql | | | |tomcat |psql | | | |
| | | +------+ +-----+ | | +-----+ +-----+ | | |
| | | | | | | |
| | +------------------+ +-----------------+ | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| +-------------------------------------------------+ |
| |
+---------------------------------------------------------+

It is possible to create multiple environments in a single K8s cluster. You could use namespace for this. To access the different environments from outside the cluster, you can use a different domain name for each environment.
For example dev.abc.com to access the development environment and test.abc.com to access the test environment.

You can "separate the vpc" in its own state file. And then have a workspace for each EKS cluster. For the EKS you can pull the VPC info one of two ways, either from AWS data source by tag or from the state file.
Your tree structure would look something like this:
├── vpc
│ ├── main.tf
│ └── outputs.tf
└── eks
└── main.tf
Add the following to the backend settings in vpc/main.tf:
terraform {
backend "s3" {
...
key = "vpc/terraform.tfstate"
workspace_key_prefix = "vpc"
...
}
}
and eks/main.tf:
terraform {
backend "s3" {
...
key = "eks/terraform.tfstate"
workspace_key_prefix = "eks"
...
}
}
Passing the VPC to the EKS section:
Option 1 (pull from aws data source by name, ref https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc):
data "aws_vpc" "selected" {
filter {
...
}
}
Option 2 (pull from state file):
data "terraform_remote_state" "vpc" {
backend = "s3"
config = {
...
key = "vpc/terraform.tfstate"
workspace_key_prefix = "vpc"
...
}
}

It's not a good practice to manage your applications inside terraform, you can use terraform just to create your cluster (infra) EC2, EKS, VPC.... but what inside the cluster, you can use helm/kubectl.... to manage your pods, for example you can have two repositories, one for terraform iac and the other for projects, then you can manage your environments ( dev, staging, prod...) by namespaces...

Problem App Engine app to connect to MySQL in CloudSQL

I've configured SQL second gen. instance and App Engine application (Python 2.7) in one project. I've made necessary settings according to that page.
app.yaml
runtime: python27
api_version: 1
threadsafe: true
env_variables:
CLOUDSQL_CONNECTION_NAME: coral-heuristic-215610:us-central1:db-basic-1
CLOUDSQL_USER: root
CLOUDSQL_PASSWORD: xxxxxxxxx
beta_settings:
cloud_sql_instances: coral-heuristic-215610:us-central1:db-basic-1
libraries:
- name: lxml
version: latest
- name: MySQLdb
version: latest
handlers:
- url: /main
script: main.app
Now as I try to connect from the app (inside Cloud Shell), the error:
OperationalError: (2002, 'Can\'t connect to local MySQL server through socket \'/var/run/mysqld/mysqld.sock\' (2 "No such file or directory")')
Direct connection works:
$ gcloud sql connect db-basic-1 --user=root
was successful...
MySQL [correction_dict]> SHOW PROCESSLIST;
+--------+------+----------------------+-----------------+---------+------+----------+------------------+
| Id | User | Host | db | Command | Time | State | Info |
+--------+------+----------------------+-----------------+---------+------+----------+------------------+
| 9 | root | localhost | NULL | Sleep | 4 | | NULL |
| 10 | root | localhost | NULL | Sleep | 4 | | NULL |
| 112306 | root | 35.204.173.246:59210 | correction_dict | Query | 0 | starting | SHOW PROCESSLIST |
| 112357 | root | localhost | NULL | Sleep | 4 | | NULL |
| 112368 | root | localhost | NULL | Sleep | 0 | | NULL |
+--------+------+----------------------+-----------------+---------+------+----------+------------------+
I've authorized IP to connect to the Cloud SQL instance:
Any hints, help?

Google AppEngine Standard provides a unix socket at /cloudsql/[INSTANCE_CONNECTION_NAME] that automatically connects you to your CloudSQL instance. All you need to do is connect to it at that address. For the MySQLDb library, that looks like this:
db = MySQLdb.connect(
unix_socket=cloudsql_unix_socket,
user=CLOUDSQL_USER,
passwd=CLOUDSQL_PASSWORD)
(If you are running AppEngine Flexible, connecting is different and can be found here)

How to wait for a callback passed to Flask-SocketIO's emit()?

Is there a way in Flask-SocketIO to have a blocking/synchronous emit('event', callback) function that waits for the callback passed to it before returning?
Or -- is there a way to directly invoke the callback in an #socketio.on('event') handler instead of the plain return from that handler?
This is my situation specifically:
+-----------------+ +----------------------+ +----------------------+
| Browser | emit('serverGiveData', | Flask | emit('workerGiveData', | Worker |
| (webapp, JS) | browser_callback) | web server | server_callback) | (Python program) |
| | +------------------------> | | +--------------------> | |
| | | | | |
| socket.io 1.7.3 | data | Flask-SocketIO 2.8.2 | data |socketiIO-client 0.7.2|
| | <------------------------+ | | <--------------------+ | |
| | | | | |
+-----------------+ +----------------------+ +----------------------+
So the Browser wants data from the Worker and the Flask web server is just a proxy in between.
I would like the browser_callback() to be invoked after the Server receives the data from the Worker.
(I.e. I would like to call the browser_callback() from the server_callback()).
However, I cannot invoke the browser_callback() from server_callback() manually in Flask-SocketIO -- it is "automatically" invoked when I return from 'serverGiveData' handler function on the Server. That is why I would like to have a blocking/synchronous emit('workerGiveData') so that the handler on the Server doesn't return before the Worker delivers the data.
Here's the code
Browser
socketio.emit('serverGiveData', args, function (data) {
console.log('Received data');
});
Server
#socketio.on('serverGiveData')
def handler(msg):
socketio.emit('workerGiveData', msg, callback=server_callback)
return # When server_callback() gets called back
def server_callback(data):
print('Received data from Worker')
# Here I want to invoke client_callback(), i.e.
# I don't want handler() to return before this server_callback() is invoked
Worker
def handler(args, callback);
callback(data)
socketIO.on('workerGiveData', handler)
(I am aware I could emit('heyBrowserHeresData') from the server_callback() when the Worker delivers the data and listen on that event in the browser with browser_callback() code as the handler.
I would like to avoid that jumble.)

The Socket.IO protocol is event-based, not request/response based. I recommend that you don't use the callbacks, those are for quick acknowledgement that an event was received, not to provide results after some work was done.
Try this instead to use a new event to replace your callback:
+-----------------+ +----------------------+ +----------------------+
| Browser | emit('serverGiveData’) | Flask | emit('workerGiveData', | Worker |
| (webapp, JS) | | web server | server_callback) | (Python program) |
| | +------------------------> | | +--------------------> | |
| | | | | |
| socket.io 1.7.3 | emit(‘dataForBrowser’) | Flask-SocketIO 2.8.2 | data |socketiIO-client 0.7.2|
| | <------------------------+ | | <--------------------+ | |
| | | | | |
+-----------------+ +----------------------+ +----------------------+
You can leave the second callback on the server-side if that works well for you, or less you can also replace it with an event.

Cloud Foundry router cannot find api.xx.xxxx.com/info (AWS)

Finally managed to successfully deploy cloud foundry to AWS.
Mostly following instructions from http://docs.cloudfoundry.org/deploying/ec2/bootstrap-aws-vpc.html
Its failing at the validation step that is to get a success response for the following:
curl api.subdomain.domain/info
Of course I have substituted the subdomain and domain appropriately.
I am getting the error:
404 Not Found: Requested route ('api.XX.XXXXX.com') does not exist.
The request is coming till the Cloud foundry router router_z1. And I can see this error in the logs for router_z1.
Here is output of my bosh vms command:
------------------------------------+---------+---------------+--------------+
| Job/index | State | Resource Pool | IPs |
+------------------------------------+---------+---------------+--------------+
| unknown/unknown | running | medium_z1 | 10.10.16.254 |
| unknown/unknown | running | medium_z2 | 10.10.81.4 |
| unknown/unknown | running | small_errand | 10.10.17.1 |
| unknown/unknown | running | small_errand | 10.10.17.0 |
| api_worker_z1/0 | running | small_z1 | 10.10.17.20 |
| api_z1/0 | running | large_z1 | 10.10.17.18 |
| clock_global/0 | running | medium_z1 | 10.10.17.19 |
| etcd_z1/0 | running | medium_z1 | 10.10.16.20 |
| hm9000_z1/0 | running | medium_z1 | 10.10.17.21 |
| loggregator_trafficcontroller_z1/0 | running | small_z1 | 10.10.16.34 |
| loggregator_z1/0 | running | medium_z1 | 10.10.16.31 |
| login_z1/0 | running | medium_z1 | 10.10.17.17 |
| nats_z1/0 | running | medium_z1 | 10.10.16.11 |
| router_z1/0 | running | router_z1 | 10.10.16.15 |
| runner_z1/0 | running | runner_z1 | 10.10.17.22 |
| stats_z1/0 | running | small_z1 | 10.10.17.15 |
| uaa_z1/0 | running | medium_z1 | 10.10.17.16 |
+------------------------------------+---------+---------------+--------------+
The only change that I made in the CF deployment manifest was to eliminate instance from zone 2. The reason being AWS default limit for number of instances on EC2 in a particular region is 20.
Any pointers on how to resolve this issue will be appreciated.

Figured out the problem. Couple of issues:
In the CF deployment manifest make sure the system domain property
is <BOSH_VPC_SUBDOMAIN>.<BOSH_VPC_DOMAIN>. That is if you have
reserved cf.example.com for cloud foundry PaaS. Make sure
cf.example.com is what system_domain property in your cloud
foundry deployment manifest refers to. Infact example.com should
not appear in your deployment manifest anywhere without cf..
Through out the deployment manifest it is always cf.example.com
Do not use '#' in any of the passwords within the deployment
manifest. I have logged a bug for this in cf-releases:
https://github.com/cloudfoundry/cf-release/issues/527

rails 4 mysql2 gem Incorrect MySQL client library version! This gem was compiled for 5.5.30 but the client library is 5.6.19

upon deployment in production, I get this error , I don't understand where is coming from this 5.5.30... but I uninstalled the gem locally (oSX) and remotely (Debian) and reinstalled it... so it should be compiled with the latest libraries.. 5.6.19
here are both MySQL versions installed ...
on Debian
mysql -u root -p -e 'SHOW VARIABLES LIKE "%version%";'
Enter password:
+-------------------------+-------------------+
| Variable_name | Value |
+-------------------------+-------------------+
| innodb_version | 5.6.19 |
| protocol_version | 10 |
| slave_type_conversions | |
| version | 5.6.19-1~dotdeb.1 |
| version_comment | (Debian) |
| version_compile_machine | x86_64 |
| version_compile_os | debian-linux-gnu |
+-------------------------+-------------------+
on OSX
yves$ mysql -u root -p -e 'SHOW VARIABLES LIKE "%version%";'
Enter password:
+-------------------------+------------------------------+
| Variable_name | Value |
+-------------------------+------------------------------+
| innodb_version | 5.6.19 |
| protocol_version | 10 |
| slave_type_conversions | |
| version | 5.6.19 |
| version_comment | MySQL Community Server (GPL) |
| version_compile_machine | x86_64 |
| version_compile_os | osx10.7 |
+-------------------------+------------------------------+