From ffb69398f8bb01a782b90b759909c2d95a3947a4 Mon Sep 17 00:00:00 2001 From: Stefan Andres Charsley Date: Wed, 8 Dec 2021 14:17:38 +1300 Subject: [PATCH 1/5] wip --- Dockerfile | 3 +-- README.md | 57 +++++++++++++++++++++++++++++++------------------ fly.toml | 36 +++++++++++++++++++++++++------ init_cluster.sh | 5 ----- start_fly.sh | 21 ++++++++++++++---- 5 files changed, 84 insertions(+), 38 deletions(-) delete mode 100755 init_cluster.sh diff --git a/Dockerfile b/Dockerfile index b01e051..ad10a14 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,3 @@ -FROM cockroachdb/cockroach:v21.1.2 +FROM cockroachdb/cockroach:v21.1.6 -ADD init_cluster.sh /cockroach/ ADD start_fly.sh /cockroach/ \ No newline at end of file diff --git a/README.md b/README.md index 10781bc..e575c0e 100644 --- a/README.md +++ b/README.md @@ -1,43 +1,58 @@ # CockroachDB on Fly.io -> **Note:** this app requires version 0.0.223 or greater of the Fly CLI. Run `flyctl version update` before you follow these instructions. +> **Note:** this app requires version 0.0.261 or greater of the Fly CLI. Run `flyctl version update` before you follow these instructions. This is an example CockroachDB cluster that runs on multiple Fly.io regions. Deploying this app is relatively simple: 1. Clone this repository -2. [Install the `fly` CLI](https://fly.io/docs/hands-on/installing/) -2. Run `fly launch`. +2. [Install the `cockroach` CLI](https://www.cockroachlabs.com/docs/stable/install-cockroachdb.html) +3. [Install the `fly` CLI](https://fly.io/docs/hands-on/installing/) +4. Run `fly launch`. 1. Pick "yes" to copy existing configuration 2. When it asks if you want to deploy, say no -3. Create volumes: +5. Generate the Certificate Authority certificate and keypair (can reuse existing CA but don't share CA between production and non-production environments) ```bash - # one in Chicago - fly volumes create cdb_data --region ord --size 10 - # one in Paris - fly volumes create cdb_data --region cdg --size 10 - # one in Singapore - fly volumes create cdb_data --region sin --size 10 + > cockroach cert create-ca --certs-dir= --ca-key= ``` -4. Deploy an empty node +6. Generate the Node certificate and keypair + + _When generating the certificate, make sure to add external domains otherwise, e.g. `.fly.dev.`, `db.example.com`_ + ```bash - > fly deploy + > cockroach cert create-node --certs-dir= --ca-key= 127.0.0.1 localhost *.vm..internal *.nearest.of..internal ``` -5. Init the cluster: +8. Create volumes: ```bash - > fly ssh console -C '/cockroach/init_cluster.sh' - Connecting to cockroachdb-example.internal... complete - Cluster successfully initialized + # for single region, minimum 3 nodes required + > fly volumes create crdb_data --region --size 100 + > fly volumes create crdb_data --region --size 100 + > fly volumes create crdb_data --region --size 100 + + # for multi-region, minimum 3 regions required + > fly volumes create crdb_data --region --size 100 + > fly volumes create crdb_data --region --size 100 + > fly volumes create crdb_data --region --size 100 ``` -6. Scale to 3 nodes +9. Set VM size and scale to desired node count ```bash - > fly scale count 3 - Count changed to 3 + > fly scale vm --memory + > fly scale count + Count changed to + ``` +10. Deploy nodes + ```bash + > fly deploy + ``` +11. Init the cluster: + ```bash + > cockroach init --cluster-name= --host=.fly.dev --certs-dir= + Cluster successfully initialized ``` -7. View CockroachDB status +12. View CockroachDB status ```bash - fly ssh console -C '/cockroach/cockroach node status --insecure' + > cockroach node status --host=.fly.dev --certs-dir= ``` ## Hook up Grafana diff --git a/fly.toml b/fly.toml index 8b32398..70551e8 100644 --- a/fly.toml +++ b/fly.toml @@ -1,15 +1,39 @@ app = "cockroachdb-example" kill_signal = "SIGINT" -kill_timeout = 60 +kill_timeout = 300 [metrics] - port = 8080 - path = "/_status/vars" + port = 8080 + path = "/_status/vars" -[mount] -source="cdb_data" -destination="/cockroach/cockroach-data" +[[mounts]] + source = "crdb_data" + destination = "/cockroach/cockroach-data" [experimental] cmd = ["shell", "start_fly.sh"] + auto_rollback = false + private_network = true + +[[services]] + internal_port = 26257 + protocol = "tcp" + + [services.concurrency] + hard_limit = 1000 + soft_limit = 200 + + [[services.ports]] + handlers = [] + port = 26257 + + [[services.http_checks]] + interval = 10000 + grace_period = "60s" + method = "get" + path = "/health" + protocol = "https" + timeout = 10000 + tls_skip_verify = true + diff --git a/init_cluster.sh b/init_cluster.sh deleted file mode 100755 index 58858b9..0000000 --- a/init_cluster.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -set -eu - -exec /cockroach/cockroach init --insecure --cluster-name=$FLY_APP_NAME \ No newline at end of file diff --git a/start_fly.sh b/start_fly.sh index 953f54a..dea0719 100755 --- a/start_fly.sh +++ b/start_fly.sh @@ -2,14 +2,27 @@ set -eu +echo "Saving certificates to file system ..." +mkdir -p /cockroach/cockroach-certs +echo "${DB_CA_CRT}" > /cockroach/cockroach-certs/ca.crt +echo "${DB_NODE_CRT}" > /cockroach/cockroach-certs/node.crt +echo "${DB_NODE_KEY}" > /cockroach/cockroach-certs/node.key +chmod 0600 /cockroach/cockroach-certs/node.key + echo "Starting on Fly ..." echo exec /cockroach/cockroach start \ - --insecure \ - --locality=fly_region=$FLY_REGION \ + --logtostderr \ + --certs-dir=/cockroach/cockroach-certs \ --cluster-name=$FLY_APP_NAME \ + --locality=region=$FLY_REGION \ + --advertise-addr=$(hostname -s).vm.$FLY_APP_NAME.internal \ + --http-addr 0.0.0.0 \ --join=$FLY_APP_NAME.internal exec /cockroach/cockroach start \ - --insecure \ - --locality=fly_region=$FLY_REGION \ + --logtostderr \ + --certs-dir=/cockroach/cockroach-certs \ --cluster-name=$FLY_APP_NAME \ + --locality=region=$FLY_REGION \ + --advertise-addr=$(hostname -s).vm.$FLY_APP_NAME.internal \ + --http-addr 0.0.0.0 \ --join=$FLY_APP_NAME.internal \ No newline at end of file From 8f972613e7c12aea046d33b13a714323962a873f Mon Sep 17 00:00:00 2001 From: Stefan Andres Charsley Date: Wed, 8 Dec 2021 19:00:13 +1300 Subject: [PATCH 2/5] wip --- Dockerfile | 2 +- README.md | 28 +++++++++++++++++++++------- fly.toml | 52 ++++++++++++++++++++++++++++++++++++++-------------- start_fly.sh | 6 +++--- 4 files changed, 63 insertions(+), 25 deletions(-) diff --git a/Dockerfile b/Dockerfile index ad10a14..4f4c3c3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,3 @@ -FROM cockroachdb/cockroach:v21.1.6 +FROM cockroachdb/cockroach:v21.2.2 ADD start_fly.sh /cockroach/ \ No newline at end of file diff --git a/README.md b/README.md index e575c0e..c455909 100644 --- a/README.md +++ b/README.md @@ -21,9 +21,19 @@ Deploying this app is relatively simple: _When generating the certificate, make sure to add external domains otherwise, e.g. `.fly.dev.`, `db.example.com`_ ```bash - > cockroach cert create-node --certs-dir= --ca-key= 127.0.0.1 localhost *.vm..internal *.nearest.of..internal + > cockroach cert create-node --certs-dir= --ca-key= 127.0.0.1 localhost .internal "*.vm..internal" "*.nearest.of..internal" ``` -8. Create volumes: +7. Generate the root user certificate and keypair + ```bash + > cockroach cert create-client --certs-dir= --ca-key= root + ``` +8. Upload the certificates and keypair + ```bash + > base64 | fly secrets set DB_CA_CRT=- + > base64 | fly secrets set DB_NODE_CRT=- + > base64 | fly secrets set DB_NODE_KEY=- + ``` +9. Create volumes: ```bash # for single region, minimum 3 nodes required > fly volumes create crdb_data --region --size 100 @@ -35,22 +45,26 @@ Deploying this app is relatively simple: > fly volumes create crdb_data --region --size 100 > fly volumes create crdb_data --region --size 100 ``` -9. Set VM size and scale to desired node count +10. Set VM size and scale to desired node count ```bash - > fly scale vm --memory + > fly scale vm --memory + Scaled VM Type to + + CPU Cores: + Memory: GB > fly scale count Count changed to ``` -10. Deploy nodes +11. Deploy nodes ```bash > fly deploy ``` -11. Init the cluster: +12. Init the cluster: ```bash > cockroach init --cluster-name= --host=.fly.dev --certs-dir= Cluster successfully initialized ``` -12. View CockroachDB status +13. View CockroachDB status ```bash > cockroach node status --host=.fly.dev --certs-dir= ``` diff --git a/fly.toml b/fly.toml index 70551e8..9235009 100644 --- a/fly.toml +++ b/fly.toml @@ -3,19 +3,32 @@ app = "cockroachdb-example" kill_signal = "SIGINT" kill_timeout = 300 -[metrics] - port = 8080 - path = "/_status/vars" +[checks] -[[mounts]] - source = "crdb_data" - destination = "/cockroach/cockroach-data" + [checks.crdb_live] + grace_period = "60s" + interval = "10s" + method = "get" + path = "/health" + port = 8080 + protocol = "https" + timeout = "5s" + tls_skip_verify = true + type = "http" [experimental] - cmd = ["shell", "start_fly.sh"] auto_rollback = false + cmd = ["shell", "start_fly.sh"] private_network = true +[metrics] + path = "/_status/vars" + port = 8080 + +[[mounts]] + destination = "/cockroach/cockroach-data" + source = "crdb_data" + [[services]] internal_port = 26257 protocol = "tcp" @@ -26,14 +39,25 @@ kill_timeout = 300 [[services.ports]] handlers = [] - port = 26257 + port = 10000 - [[services.http_checks]] + [[services.tcp_checks]] interval = 10000 + timeout = 5000 grace_period = "60s" - method = "get" - path = "/health" - protocol = "https" - timeout = 10000 - tls_skip_verify = true +[[services]] + internal_port = 8080 + protocol = "tcp" + + [services.concurrency] + hard_limit = 100 + soft_limit = 20 + + [[services.ports]] + handlers = [] + port = 80 + + [[services.ports]] + handlers = [] + port = 443 diff --git a/start_fly.sh b/start_fly.sh index dea0719..247d63f 100755 --- a/start_fly.sh +++ b/start_fly.sh @@ -4,9 +4,9 @@ set -eu echo "Saving certificates to file system ..." mkdir -p /cockroach/cockroach-certs -echo "${DB_CA_CRT}" > /cockroach/cockroach-certs/ca.crt -echo "${DB_NODE_CRT}" > /cockroach/cockroach-certs/node.crt -echo "${DB_NODE_KEY}" > /cockroach/cockroach-certs/node.key +echo "${DB_CA_CRT}" | base64 --decode --ignore-garbage > /cockroach/cockroach-certs/ca.crt +echo "${DB_NODE_CRT}" | base64 --decode --ignore-garbage > /cockroach/cockroach-certs/node.crt +echo "${DB_NODE_KEY}" | base64 --decode --ignore-garbage > /cockroach/cockroach-certs/node.key chmod 0600 /cockroach/cockroach-certs/node.key echo "Starting on Fly ..." From 2cb1c7c08c0342f035d685a18f3e31a1509a2ca8 Mon Sep 17 00:00:00 2001 From: Stefan Andres Charsley Date: Wed, 8 Dec 2021 19:40:05 +1300 Subject: [PATCH 3/5] wip --- README.md | 8 ++++---- fly.toml | 19 ++----------------- start_fly.sh | 4 ++-- 3 files changed, 8 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index c455909..a41b531 100644 --- a/README.md +++ b/README.md @@ -18,10 +18,10 @@ Deploying this app is relatively simple: ``` 6. Generate the Node certificate and keypair - _When generating the certificate, make sure to add external domains otherwise, e.g. `.fly.dev.`, `db.example.com`_ + _When generating the certificate, you can add external domains as well, e.g. `db.example.com`_ ```bash - > cockroach cert create-node --certs-dir= --ca-key= 127.0.0.1 localhost .internal "*.vm..internal" "*.nearest.of..internal" + > cockroach cert create-node --certs-dir= --ca-key= 127.0.0.1 localhost .internal "*.vm..internal" "*.nearest.of..internal" .fly.dev ``` 7. Generate the root user certificate and keypair ```bash @@ -61,12 +61,12 @@ Deploying this app is relatively simple: ``` 12. Init the cluster: ```bash - > cockroach init --cluster-name= --host=.fly.dev --certs-dir= + > cockroach init --cluster-name= --host=.fly.dev:10000 --certs-dir= Cluster successfully initialized ``` 13. View CockroachDB status ```bash - > cockroach node status --host=.fly.dev --certs-dir= + > cockroach node status --host=.fly.dev:10000 --certs-dir= ``` ## Hook up Grafana diff --git a/fly.toml b/fly.toml index 9235009..313d996 100644 --- a/fly.toml +++ b/fly.toml @@ -36,28 +36,13 @@ kill_timeout = 300 [services.concurrency] hard_limit = 1000 soft_limit = 200 + type = "connections" [[services.ports]] handlers = [] port = 10000 [[services.tcp_checks]] + grace_period = "60s" interval = 10000 timeout = 5000 - grace_period = "60s" - -[[services]] - internal_port = 8080 - protocol = "tcp" - - [services.concurrency] - hard_limit = 100 - soft_limit = 20 - - [[services.ports]] - handlers = [] - port = 80 - - [[services.ports]] - handlers = [] - port = 443 diff --git a/start_fly.sh b/start_fly.sh index 247d63f..be45034 100755 --- a/start_fly.sh +++ b/start_fly.sh @@ -17,7 +17,7 @@ echo exec /cockroach/cockroach start \ --locality=region=$FLY_REGION \ --advertise-addr=$(hostname -s).vm.$FLY_APP_NAME.internal \ --http-addr 0.0.0.0 \ - --join=$FLY_APP_NAME.internal + --join=$FLY_APP_NAME.fly.dev:10000 exec /cockroach/cockroach start \ --logtostderr \ --certs-dir=/cockroach/cockroach-certs \ @@ -25,4 +25,4 @@ exec /cockroach/cockroach start \ --locality=region=$FLY_REGION \ --advertise-addr=$(hostname -s).vm.$FLY_APP_NAME.internal \ --http-addr 0.0.0.0 \ - --join=$FLY_APP_NAME.internal \ No newline at end of file + --join=$FLY_APP_NAME.fly.dev:10000 \ No newline at end of file From 415a79d82db6f04975a54ccd168dd1e00540f721 Mon Sep 17 00:00:00 2001 From: Stefan Andres Charsley Date: Wed, 15 Dec 2021 11:24:38 +1300 Subject: [PATCH 4/5] add join node regions --- Dockerfile | 2 ++ README.md | 8 ++++---- fly.toml | 2 +- start_fly.sh | 7 +++++-- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4f4c3c3..00891f0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,5 @@ FROM cockroachdb/cockroach:v21.2.2 +RUN microdnf install bind-utils + ADD start_fly.sh /cockroach/ \ No newline at end of file diff --git a/README.md b/README.md index a41b531..9a4c07c 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Deploying this app is relatively simple: _When generating the certificate, you can add external domains as well, e.g. `db.example.com`_ ```bash - > cockroach cert create-node --certs-dir= --ca-key= 127.0.0.1 localhost .internal "*.vm..internal" "*.nearest.of..internal" .fly.dev + > cockroach cert create-node --certs-dir= --ca-key= 127.0.0.1 localhost .internal "*..internal" "*.vm..internal" "*.nearest.of..internal" .fly.dev ``` 7. Generate the root user certificate and keypair ```bash @@ -65,9 +65,9 @@ Deploying this app is relatively simple: Cluster successfully initialized ``` 13. View CockroachDB status - ```bash - > cockroach node status --host=.fly.dev:10000 --certs-dir= - ``` + ```bash + > cockroach node status --host=.fly.dev:10000 --certs-dir= + ``` ## Hook up Grafana diff --git a/fly.toml b/fly.toml index 313d996..4c3709a 100644 --- a/fly.toml +++ b/fly.toml @@ -1,7 +1,7 @@ app = "cockroachdb-example" kill_signal = "SIGINT" -kill_timeout = 300 +kill_timeout = 120 [checks] diff --git a/start_fly.sh b/start_fly.sh index be45034..6e680be 100755 --- a/start_fly.sh +++ b/start_fly.sh @@ -9,6 +9,9 @@ echo "${DB_NODE_CRT}" | base64 --decode --ignore-garbage > /cockroach/cockroach- echo "${DB_NODE_KEY}" | base64 --decode --ignore-garbage > /cockroach/cockroach-certs/node.key chmod 0600 /cockroach/cockroach-certs/node.key +echo "Building list of regional join nodes..." +JOIN_NODES=$(dig +short TXT regions.$FLY_APP_NAME.internal | sed -E 's/(")//g;s/([a-z]*)/\1.'"$FLY_APP_NAME"'.internal/g') + echo "Starting on Fly ..." echo exec /cockroach/cockroach start \ --logtostderr \ @@ -17,7 +20,7 @@ echo exec /cockroach/cockroach start \ --locality=region=$FLY_REGION \ --advertise-addr=$(hostname -s).vm.$FLY_APP_NAME.internal \ --http-addr 0.0.0.0 \ - --join=$FLY_APP_NAME.fly.dev:10000 + --join=$JOIN_NODES,top10.nearest.of.$FLY_APP_NAME.internal,$FLY_APP_NAME.fly.dev:10000 exec /cockroach/cockroach start \ --logtostderr \ --certs-dir=/cockroach/cockroach-certs \ @@ -25,4 +28,4 @@ exec /cockroach/cockroach start \ --locality=region=$FLY_REGION \ --advertise-addr=$(hostname -s).vm.$FLY_APP_NAME.internal \ --http-addr 0.0.0.0 \ - --join=$FLY_APP_NAME.fly.dev:10000 \ No newline at end of file + --join=$JOIN_NODES,top10.nearest.of.$FLY_APP_NAME.internal,$FLY_APP_NAME.fly.dev:10000 \ No newline at end of file From 429abd261c66ff3629bf4d05f74ae330a6625638 Mon Sep 17 00:00:00 2001 From: Stefan Andres Charsley Date: Mon, 17 Jan 2022 14:06:17 +1300 Subject: [PATCH 5/5] fixes --- Dockerfile | 2 +- README.md | 4 ++-- fly.toml | 2 +- start_fly.sh | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 00891f0..5510abb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM cockroachdb/cockroach:v21.2.2 +FROM cockroachdb/cockroach:v21.2.4 RUN microdnf install bind-utils diff --git a/README.md b/README.md index 9a4c07c..89398e2 100644 --- a/README.md +++ b/README.md @@ -61,12 +61,12 @@ Deploying this app is relatively simple: ``` 12. Init the cluster: ```bash - > cockroach init --cluster-name= --host=.fly.dev:10000 --certs-dir= + > cockroach init --cluster-name= --host=.fly.dev --certs-dir= Cluster successfully initialized ``` 13. View CockroachDB status ```bash - > cockroach node status --host=.fly.dev:10000 --certs-dir= + > cockroach node status --host=.fly.dev --certs-dir= ``` ## Hook up Grafana diff --git a/fly.toml b/fly.toml index 4c3709a..7a81c38 100644 --- a/fly.toml +++ b/fly.toml @@ -40,7 +40,7 @@ kill_timeout = 120 [[services.ports]] handlers = [] - port = 10000 + port = 26257 [[services.tcp_checks]] grace_period = "60s" diff --git a/start_fly.sh b/start_fly.sh index 6e680be..d90f2d9 100755 --- a/start_fly.sh +++ b/start_fly.sh @@ -20,7 +20,7 @@ echo exec /cockroach/cockroach start \ --locality=region=$FLY_REGION \ --advertise-addr=$(hostname -s).vm.$FLY_APP_NAME.internal \ --http-addr 0.0.0.0 \ - --join=$JOIN_NODES,top10.nearest.of.$FLY_APP_NAME.internal,$FLY_APP_NAME.fly.dev:10000 + --join=$JOIN_NODES,top10.nearest.of.$FLY_APP_NAME.internal,$FLY_APP_NAME.fly.dev exec /cockroach/cockroach start \ --logtostderr \ --certs-dir=/cockroach/cockroach-certs \ @@ -28,4 +28,4 @@ exec /cockroach/cockroach start \ --locality=region=$FLY_REGION \ --advertise-addr=$(hostname -s).vm.$FLY_APP_NAME.internal \ --http-addr 0.0.0.0 \ - --join=$JOIN_NODES,top10.nearest.of.$FLY_APP_NAME.internal,$FLY_APP_NAME.fly.dev:10000 \ No newline at end of file + --join=$JOIN_NODES,top10.nearest.of.$FLY_APP_NAME.internal,$FLY_APP_NAME.fly.dev \ No newline at end of file