Jekyll2025-10-07T17:46:32+00:00https://cadu.dev/feed.xmlCoding with CoffeeMy code thoughts{"twitter"=>"duduribeiro", "picture"=>"/assets/images/picture.jpeg"}Running Neovim with Devcontainers2024-05-16T15:00:00+00:002024-05-16T15:00:00+00:00https://cadu.dev/running-neovim-on-devcontainers<p>In this post, I will show you how you can use Neovim with DevContainers to simplify the development environment setup. DevContainers is an open specificationthat that allows containers to be used as a complete development environment with all tools necessary for the development lifecycle. To read more about DevContainers, check my previous post <a href="https://cadu.dev/using-devcontainers-to-setup-your-dev-environment/" target="_blank">here</a> or the official documentation <a href="https://containers.dev/" target="_blank">here</a>.</p>
<p>One thing that most people don’t know is that DevContainers is not only for VSCode. It is a specification that can be used with any editor or IDE (although the integration with VSCode has the best support).</p>
<p>For example, the video below shows DevContainers being used with RubyMine:</p>
<video width="600" height="400" controls="">
<source src="/assets/videos/devcontainersrubymine.mp4" type="video/mp4" />
<source src="/assets/videos/devcontainersrubymine.webm" type="video/webm" />
Your browser does not support the video tag.
</video>
<p>Let’s see how we can use Neovim with DevContainers.</p>
<h2 id="the-example-project">The example project</h2>
<p>We need Docker installed on our machine to run DevContainers. If you don’t have Docker installed, you can install it by following the instructions <a href="https://docs.docker.com/get-docker/" target="_blank">here</a>.</p>
<p>We will create a new Ruby on Rails project for this example and use the new <a href="https://github.com/rails/rails-new" target="_blank">rails-new</a> tool to generate the project. This tool is a new way to generate Rails applications even when you don’t have Ruby installed on your machine, as it uses Docker to run the generator (useful for people who don’t want to install Ruby on their machines and rely only on Docker). It is still in the experimental phase, but it is already usable. See <a href="https://github.com/rails/rails-new?tab=readme-ov-file#installation" target="_blank">here</a> for installation instructions.</p>
<p>I’ve installed the <code class="highlighter-rouge">rails-new</code> tool on my machine using Cargo (the Rust package manager). If you don’t have Cargo installed, you can install it by following the instructions <a href="https://doc.rust-lang.org/cargo/getting-started/installation.html" target="_blank">here</a>.</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cargo <span class="nb">install</span> <span class="nt">--git</span> https://github.com/rails/rails-new
</code></pre></div></div>
<p>Now, let’s create a new Rails project using the <code class="highlighter-rouge">rails-new</code> tool:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>rails-new nvim-devcontainer-post <span class="nt">--</span> <span class="nt">--main</span> <span class="nt">-d</span> postgresql
</code></pre></div></div>
<p>This command will create a new Rails project named <code class="highlighter-rouge">nvim-devcontainer-post</code> with the <code class="highlighter-rouge">--main</code> flag, which will use Rails’ main branch instead of the regular releases version, because the Rails on the main branch already generates a project with DevContainers configured by default (This will be available on Rails 8). The <code class="highlighter-rouge">-d postgresql</code> flag will configure the project to use PostgreSQL as the database.</p>
<p>After running this command, you will have a new Rails project with DevContainers configured. You can check that the <code class="highlighter-rouge">.devcontainer</code> folder was created with the necessary files for DevContainers.</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>➜ nvim-devcontainer-post git:<span class="o">(</span>main<span class="o">)</span> ✗ <span class="nb">ls</span> .devcontainer
Dockerfile compose.yaml devcontainer.json
</code></pre></div></div>
<p>Our project is ready for us to start using Neovim with DevContainers. You can even open the project in VSCode and see that the DevContainers is working:</p>
<video width="600" height="400" controls="">
<source src="/assets/videos/rails-new-devcontainers-working-vscode.mp4" type="video/mp4" />
<source src="/assets/videos/rails-new-devcontainers-working-vscode.webm" type="video/webm" />
Your browser does not support the video tag.
</video>
<p>Let’s destroy these containers so we can install more tools:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>docker compose <span class="nt">-f</span> .devcontainer/compose.yaml down
</code></pre></div></div>
<h2 id="installing-neovim-in-the-devcontainer">Installing Neovim in the DevContainer</h2>
<p>The way DevContainers work is by running the editor or IDE server inside the container, this way the editor or IDE can access all the tools installed in the container like Ruby, the language server (LSP), linting and formatting tools, etc. This is how VSCode and RubyMine work with DevContainers, they have their server running inside the container and communicate with the editor running on the host machine via remote editing. This is why we need to install Neovim in the DevContainer to use it with DevContainers.</p>
<p>If you read my previous post about DevContainers, you know that we can install additional tools in the DevContainer by adding them to the <code class="highlighter-rouge">Dockerfile</code> or even using <a href="https://containers.dev/implementors/features/" target="_blank">DevContainer’s Features</a> to install them. Both ways are valid, but I prefer to install them via Features.</p>
<p>I’ve created a repository with Features to install Neovim and Tmux in the DevContainer. You can check the repository <a href="https://github.com/duduribeiro/devcontainer-features" target="_blank">here</a>.</p>
<p>So, let’s install Neovim in our DevContainer using the Features. First, we need to edit the <code class="highlighter-rouge">.devcontainer/devcontainer.json</code> file and add the following content to the <code class="highlighter-rouge">features</code> key:</p>
<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="w"> </span><span class="nl">"features"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"ghcr.io/devcontainers/features/github-cli:1"</span><span class="p">:</span><span class="w"> </span><span class="p">{},</span><span class="w">
</span><span class="nl">"ghcr.io/rails/devcontainer/features/activestorage"</span><span class="p">:</span><span class="w"> </span><span class="p">{},</span><span class="w">
</span><span class="nl">"ghcr.io/rails/devcontainer/features/postgres-client"</span><span class="p">:</span><span class="w"> </span><span class="p">{},</span><span class="w">
</span><span class="nl">"ghcr.io/duduribeiro/devcontainer-features/neovim:1"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"nightly"</span><span class="w"> </span><span class="p">},</span><span class="w">
</span><span class="p">}</span><span class="err">,</span><span class="w">
</span></code></pre></div></div>
<p>We’ve added the <code class="highlighter-rouge">neovim</code> Feature to the <code class="highlighter-rouge">features</code> key, the other three Features are the default Features that Rails added to the project when we created the project. I’ve used the <code class="highlighter-rouge">nightly</code> version of Neovim, because my Neovim configuration uses some features that are only available in the nightly version.</p>
<h2 id="starting-the-devcontainer">Starting the DevContainer</h2>
<p>How can we start the DevContainer without needing to open the project in VSCode? We can use the <a href="https://github.com/devcontainers/cli" target="_blank">devcontainers-cli</a> to start the DevContainer from the command line without needing to open the project in VSCode.</p>
<p>You can install the <code class="highlighter-rouge">devcontainers-cli</code> by running the following command: (check <a href="https://github.com/devcontainers/cli?tab=readme-ov-file#try-it-out" target="_blank">here</a> for more information on the installation process)</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>npm <span class="nb">install</span> <span class="nt">-g</span> @devcontainers/cli
</code></pre></div></div>
<p>The <code class="highlighter-rouge">devcontainers-cli</code> is a CLI tool that allows you to control DevContainers from the command line. It is still missing some features (like stopping the DevContainer), but you can already use it to start and execute commands in the DevContainer.</p>
<p>Let’s build and start our DevContainer using the <code class="highlighter-rouge">devcontainers-cli</code>:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>devcontainer build <span class="nt">--workspace-folder</span> <span class="nb">.</span>
....
devcontainer up <span class="nt">--workspace-folder</span> <span class="nb">.</span>
</code></pre></div></div>
<p>This command will build the DevContainer and start it. After running this command you will receive the message with the <code class="highlighter-rouge">outcome</code> status:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="o">[</span>+] Running 4/4
✔ Container nvim_devcontainer_post-redis-1 Started 0.0s
✔ Container nvim_devcontainer_post-postgres-1 Started 0.0s
✔ Container nvim_devcontainer_post-selenium-1 Started 0.0s
✔ Container nvim_devcontainer_post-rails-app-1 Started 0.0s
<span class="o">{</span><span class="s2">"outcome"</span>:<span class="s2">"success"</span>, ...<span class="o">}</span>
</code></pre></div></div>
<p>This means that the DevContainer was started successfully. Now we can execute commands in the DevContainer using the <code class="highlighter-rouge">devcontainer exec</code> command, like this:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>devcontainer <span class="nb">exec</span> <span class="nt">--workspace-folder</span> <span class="nb">.</span> <span class="nb">ls
</span>Dockerfile Gemfile Gemfile.lock README.md Rakefile app bin config config.ru db lib log public storage <span class="nb">test </span>tmp vendor
</code></pre></div></div>
<p>we see that the <code class="highlighter-rouge">ls</code> command was executed in the DevContainer and we received the output with the files in the root of the project.</p>
<p>Different from VSCode or RubyMine that have a client running on the host machine that communicates with the server running in the container, Neovim will run inside the container and we access it via the terminal. This may can change in the future if they implement a remote editing feature that allows us to run the server in the container and the client on the host machine, but for now, we need to run Neovim using the devcontainer-cli.</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>devcontainer <span class="nb">exec</span> <span class="nt">--workspace-folder</span> <span class="nb">.</span> nvim
</code></pre></div></div>
<p>Neovim is now running inside the DevContainer and we can use it to edit files in the project:</p>
<p><img src="/assets/images/nvim-running-on-devcontainer-1.png" alt="neovim running in the devcontainer" /></p>
<p>But this is not using any configuration or plugins because we are running Neovim in the DevContainer and we don’t have any configuration files or plugins installed there. You can install your Neovim configuration in the DevContainer manually via terminal but everytime that you need to rebuild the container you will need to install it again. A solution for this is to copy your Neovim configuration from your host machine to the DevContainer.</p>
<p>I have my <a href="https://github.com/duduribeiro/dotfiles" target="_blank">Neovim configurations</a> in my machine at ~/.config/nvim, so I can copy it to the DevContainer during the start process. Let’s see how we can do this.</p>
<p>Before, let’s stop our containers:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>docker compose <span class="nt">-f</span> .devcontainer/compose.yaml down
</code></pre></div></div>
<h2 id="copying-neovim-configuration-to-the-devcontainer">Copying Neovim configuration to the DevContainer</h2>
<p>To copy the Neovim configuration from the host machine to the DevContainer, we can specify mount points during the <code class="highlighter-rouge">devcontainer up</code> command. This is how I do:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>devcontainer up <span class="nt">--mount</span> <span class="s2">"type=bind,source=</span><span class="nv">$HOME</span><span class="s2">/.config/nvim,target=/home/vscode/.config/nvim"</span> <span class="nt">--workspace-folder</span> <span class="nb">.</span>
</code></pre></div></div>
<p>DevContainers has a way to specify mount points on the .devcontainer/devcontainer.json file (see <a href="https://containers.dev/implementors/json_reference/" target="_blank">the json reference</a> and look for mounts) but it didn’t work for me, so I use the <code class="highlighter-rouge">--mount</code> flag in the <code class="highlighter-rouge">devcontainer up</code> command.</p>
<p>This command will mount the <code class="highlighter-rouge">~/.config/nvim</code> folder from the host machine to the <code class="highlighter-rouge">/home/vscode/.config/nvim</code> folder in the DevContainer. Now we can run Neovim with our configuration:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>devcontainer <span class="nb">exec</span> <span class="nt">--workspace-folder</span> <span class="nb">.</span> nvim
</code></pre></div></div>
<p>And this is how Neovim is running with my configuration in the DevContainer, with all my plugins and settings and even running the LSP:</p>
<video width="600" height="400" controls="">
<source src="/assets/videos/nvim-running-devcontainer-with-plugins.mp4" type="video/mp4" />
<source src="/assets/videos/nvim-running-devcontainer-with-plugins.webm" type="video/webm" />
Your browser does not support the video tag.
</video>
<p>This is how I use Neovim with DevContainers and I hope this post helps you with this config too. DevContainers is a great tool to simplify the development environment setup and I think (and hope) that most editors and IDEs will support it in the future.</p>dudribeiroIn this post, I will show you how you can use Neovim with DevContainers to simplify the development environment setup. DevContainers is an open specificationthat that allows containers to be used as a complete development environment with all tools necessary for the development lifecycle. To read more about DevContainers, check my previous post here or the official documentation here.Using Devcontainers to set up your development environment2023-09-28T15:00:00+00:002023-09-28T15:00:00+00:00https://cadu.dev/using-devcontainers-to-setup-your-dev-environment<p>One common problem in software development is setting up the project’s development environment. Have you ever joined a project, opened the README.md, and found a README HELL, filled with endless instructions on how to configure the project? And halfway through the instructions, you encounter an error while running a command because you’re not on the same operating system version as the person who wrote the README, or because the documentation is outdated.</p>
<p>Quoting <a href="https://twitter.com/palkan_tula" target="_blank">Vladimir Dementyev</a> in his amazing talk <a href="https://speakerdeck.com/palkan/railsconf-2019-terraforming-legacy-rails-applications" target="_blank">Terraforming Legacy Rails applications:</a></p>
<blockquote>
<p>Developers should be able to run project with the least possible effort</p>
</blockquote>
<p>for example, cloning the code and running a few scripts for server setup and start.</p>
<p>GitHub published a <a href="https://github.blog/2015-06-30-scripts-to-rule-them-all/" target="_blank">blog post</a> in 2015 where they demonstrated how they did this at the time. They state:</p>
<blockquote>
<p>Having a bootstraping experience for projects reduces friction and encourages contribution.</p>
</blockquote>
<p><code class="highlighter-rouge">Reduces friction</code>: This is very interesting when we think about onboarding a new person to the project. Do you remember the past times when a newcomer would take days to get the project up and running on their computer?</p>
<p>And in this post, GitHub shows how they solved this in 2015: A set of scripts, with a standard naming convention across all projects, that handle dependency installation and updates, project setup, test execution, and environment configuration. They refer to this set of scripts as ‘Scripts to Rule Them All.’</p>
<table>
<thead>
<tr>
<th style="text-align: center"><img src="/assets/images/oneringtorulethemall.jpg" alt="oneringtorulethemall" /></th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: center"><em>https://www.youtube.com/watch?v=HgOha2D5kt8&themeRefresh=1</em></td>
</tr>
</tbody>
</table>
<p>This model greatly helped new hires at the company configure and start projects within half a day. In <a href="https://github.blog/2021-08-11-githubs-engineering-team-moved-codespaces/" target="_blank">another post</a>, they mention that <code class="highlighter-rouge">in the vast majority of cases, everything worked without issues</code> and that <code class="highlighter-rouge">when something didn't work, there was a Slack channel called #friction where others debugged and helped resolve system issues</code>. Event with nvironment setup scripts, issues persisted because the company scripts were based on macOS, while individuals might use different operating systems like Linux or even a more recent macOS version not yet supported by the scripts. These errors continued to create friction when starting a development environment for the project.</p>
<p>How can we further reduce friction? Enter <code class="highlighter-rouge">DevContainers</code>.</p>
<h2 id="what-are-devcontainers">What are DevContainers?</h2>
<p><code class="highlighter-rouge">Development Containers</code> (or <code class="highlighter-rouge">DevContainers</code>) is an <a href="https://containers.dev/" target="_blank">open specification</a> that allows containers to be used as a complete development environment, enabling us to run our applications, dependencies like databases and messaging services, and other tools necessary for the development lifecycle. DevContainers can be run locally or in a remote environment (including services like <a href="https://github.com/features/codespaces" target="_blank">GitHub Codespaces</a> and <a href="https://gitpod.io/" target="_blank">GitPod</a>).</p>
<p>In this text, I won’t enter into the basics of containers/docker. If you’d like to learn and know more, please visit <a href="https://www.docker.com/" target="_blank">https://www.docker.com/</a> and <a href="https://cloud.google.com/learn/what-are-containers" target="_blank">https://cloud.google.com/learn/what-are-containers</a>.</p>
<p>The <code class="highlighter-rouge">DevContainers</code> specification states that your project have a folder called <code class="highlighter-rouge">.devcontainer</code> with a <code class="highlighter-rouge">devcontainer.json</code> file. To read the complete specification, visit <a href="https://containers.dev/implementors/json_reference/" target="_blank">this link</a>. In summary, the file contains the image (or Dockerfile) to be used, the container’s forwarded ports, specific product customizations (e.g., installing extensions by default in VSCode), and more.</p>
<p>One of the inclusions in the specification is the <code class="highlighter-rouge">DevContainer Features</code>, which are independent and shareable units containing installation or configuration code for the container. These features are installed on top of the image used in the DevContainer. The idea behind features is to easily add more tools and libraries to the DevContainer. The following example demonstrates how to install the <code class="highlighter-rouge">GitHub CLI</code>, for instance:</p>
<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="err">//</span><span class="w"> </span><span class="err">.devcontainer/devcontainer.json</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"MyApp DevContainer"</span><span class="p">,</span><span class="w">
</span><span class="err">//...</span><span class="w">
</span><span class="nl">"features"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"ghcr.io/devcontainers/features/github-cli:1"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"latest"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div></div>
<p>A list of existing <code class="highlighter-rouge">Features</code> can be found <a href="https://containers.dev/features" target="_blank">here</a>.</p>
<h2 id="advantages-and-disadvantages-of-using-devcontainers">Advantages and disadvantages of using DevContainers</h2>
<p>One of the evident advantages we observe in using DevContainers is reducing friction in project setup. Having this reproducible development environment ensures that everyone on the team is using the same environment, making project setup easier. This will make new team members onboarding much faster and easier. It’s common that we don’t see problem with slow onboarding because we assume it will only happen once, which is not always true (maybe you got a brandly new computer?). Another advantage is that no matter which operating system you are using, the development environment will work, and you don’t need separate instructions in the docs (no more “if you are on Linux, do this” in your README).</p>
<p>But of course, this approach may have some disadvantages. Possible speed reduction (especially on macOS). We know that Docker on macOS runs on top of a virtual machine, which impacts performance a bit, as discussed in <a href="https://www.cncf.io/blog/2023/02/02/docker-on-macos-is-slow-and-how-to-fix-it/" target="_blank">this article</a>. There are some alternatives that promise to improve Docker’s speed on macOS, such as <a href="https://github.com/abiosoft/colima" target="_blank">Colima</a> and <a href="https://orbstack.dev">OrbStack</a>. My friend <a href="https://twitter.com/fvztdk" target="_blank">Felipe Vaz</a> is using Colima and said it is good. I am currently testing OrbStack based on a recommendation from <a href="https://twitter.com/robzolkos" target="_blank">Rob Zolkos</a>.
<img src="/assets/images/robzolkos-orbstack-post.png" alt="rob zolkos Twitter Post" /></p>
<p>Also, stuff that works well, such as integration tests with browsers (e.g., using Selenium), can be a trickier to set up and get working perfectly.</p>
<p>As with everything in software development, it’s a tradeoff, and you should consider the pros and cons to see if it’s worth it in your case. For me, the advantages outweigh the disadvantages, and it’s worth using. It may not be the case for you.</p>
<h2 id="production-containers-vs-devcontainers">Production Containers vs. DevContainers</h2>
<blockquote>
<p>If I already have containers and a Dockerfile for my production app running, why not use them instead of a separate container for development?</p>
</blockquote>
<p>When we talk about reproducible environments with DevContainers, this question often arises, and it’s a good question. One of the <a href="https://12factor.net/dev-prod-parity" target="_blank">12factors</a> suggests having parity between development and production, which leads us to try using the same production container image in development. However, note that this advice emphasizes making environments <code class="highlighter-rouge">as similar as POSSIBLE</code>, not <code class="highlighter-rouge">EXACTLY THE SAME</code>.”</p>
<blockquote>
<p>Keep development, staging, and production as similar AS POSSIBLE</p>
</blockquote>
<p>This is a subtle distinction but makes a difference when we deploy our development containers. One of the points that the “Dev/prod parity” factor addresses is:</p>
<blockquote>
<p><a href="https://12factor.net/backing-services" target="_blank">Backing services</a>, such as the app’s database, queueing system, or cache, is one area where dev/prod parity is important. Many languages offer libraries which simplify access to the backing service, including <em>adapters</em> to different types of services….</p>
</blockquote>
<blockquote>
<p>Developers sometimes find great appeal in using a lightweight backing service in their local environments, while a more serious and robust backing service will be used in production. For example, using SQLite locally and PostgreSQL in production; or local process memory for caching in development and Memcached in production.</p>
</blockquote>
<blockquote>
<p><strong>The twelve-factor developer resists the urge to use different backing services between development and production</strong></p>
</blockquote>
<p>And that’s the idea that <code class="highlighter-rouge">Dev/prod parity</code> brings. Try to make your development environment as similar as POSSIBLE to production. If you use PostgreSQL in production, don’t use SQLite as your development database because there are differences between them that can cause compatibility issues in your application, and you’ll only notice them in production. Note that the primary focus of <code class="highlighter-rouge">Dev/prod parity</code> is on using different backing services, not telling you to use the SAME IMAGE used in production for development.</p>
<p>Production containers have different requirements from development containers!</p>
<p>When we think about deploying our application in containers, we have concern such as:</p>
<ul>
<li>Attempting to minimize the size of the final container image as much as possible</li>
<li>Having as few dependencies as possible</li>
<li>Exposing the minimum number of open ports</li>
<li>Reducing the application’s memory consumption</li>
</ul>
<p>Furthermore, the images we use as a base for our production containers are based on very small and highly suitable images for a production environment (such as debian-slim or alpine), but they are not as suitable for a development environment. (You’ll want to run <code class="highlighter-rouge">fzf</code> in your DevContainer, but it doesn’t make sense to have it in your production image, for example.)</p>
<p>In the development environment, we want a complete system (such as ubuntu or debian) with various utilities and auxiliary tools to assist the daily work of project contributors (e.g., installing <code class="highlighter-rouge">fzf</code> for searching, <code class="highlighter-rouge">vim</code> for quick file editing, a more comprehensive shell with multiple auto-completions) and we can leave more ports open to facilitate application debugging.</p>
<p>On the <a href="https://containers.dev/overview#Development-vs-production" target="_blank">Overview page of DevContainers</a>, in the <code class="highlighter-rouge">Development vs production</code> section, you can find the following passage:</p>
<blockquote>
<p>While deployment and development containers may resemble one another, you may not want to include tools in a deployment image that you use during development.”</p>
</blockquote>
<table>
<thead>
<tr>
<th style="text-align: center"><img src="/assets/images/dev-container-stages.png" alt="different images for different stages of your dev lifecycle" /></th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: center"><em>https://containers.dev/overview#Development-vs-production</em></td>
</tr>
</tbody>
</table>
<p><em>In the image, we can see that a DevContainer for a development environment (inner loop) can include various things that are not necessary for production. In fact, we can consider that in the Outer loop (CI), this DevContainer can be used with even fewer items included.</em></p>
<p>Considering these points, it might make sense to have two container definitions, one for production and one for development. To achieve this, I like to have two <code class="highlighter-rouge">Dockerfile</code> definitions. One at the root of the project to define the production image and another inside <code class="highlighter-rouge">.devcontainer</code> for the development environment using DevContainers.</p>
<p>So, the project structure looks like this:</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>% tree -a | grep Dockerfile -C 1
├── .devcontainer
│ ├── Dockerfile
--
├── Dockerfile
</code></pre></div></div>
<h2 id="practical-example-a-ruby-on-rails-application">Practical Example: A Ruby on Rails Application</h2>
<p>For this practical example, I’ll be using a Ruby on Rails application. It’s also necessary to have prior knowledge of containers, Docker, and Docker Compose.</p>
<p><a href="https://github.com/duduribeiro/devcontainer-rails-demo" target="_blank">This GitHub repository</a> contains the source code used in this post and it’s broken down into <a href="https://github.com/duduribeiro/devcontainer-rails-demo/tags" target="_blank">tags</a> containing the progress. The tag <a href="https://github.com/duduribeiro/devcontainer-rails-demo/releases/tag/0-initial" target="_blank">0-initial</a> contains the base application used from here on.</p>
<p>This application was generated using Rails 7.1. Rails 7.1 <a href="https://edgeguides.rubyonrails.org/7_1_release_notes.html#generate-dockerfiles-for-new-rails-applications" target="_blank">introduced a feature</a> that generates a <code class="highlighter-rouge">Dockerfile</code> by default when you create a new application. However, this <code class="highlighter-rouge">Dockerfile</code> is optimized for production, as stated in the release note:</p>
<blockquote>
<p>It’s important to note that these files are not meant for development purposes.</p>
</blockquote>
<p>As we’ve seen earlier, the purpose of a <code class="highlighter-rouge">Dockerfile</code> for the development environment is different from one for production. So, let’s create our <code class="highlighter-rouge">Dockerfile</code> that will be used in our <code class="highlighter-rouge">DevContainer</code>.</p>
<h3 id="the-dockerfile-for-the-devcontainer">The Dockerfile for the DevContainer.</h3>
<p>Let’s begin by creating our Dockerfile that will be used in our DevContainer. Inside the .devcontainer folder, I will create my Dockerfile:</p>
<div class="language-dockerfile highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># .devcontainer/Dockerfile</span>
<span class="k">ARG</span><span class="s"> DEBIAN_FRONTEND=noninteractive</span>
<span class="k">ARG</span><span class="s"> VARIANT=bullseye</span>
<span class="k">FROM</span><span class="s"> mcr.microsoft.com/vscode/devcontainers/base:${VARIANT}</span>
<span class="k">RUN </span>apt-get update <span class="o">&&</span> <span class="se">\
</span> apt-get <span class="nt">-y</span> <span class="nb">install</span> <span class="nt">--no-install-recommends</span> <span class="se">\
</span> build-essential gnupg2 <span class="nb">tar </span>git zsh libssl-dev zlib1g-dev libyaml-dev curl libreadline-dev <span class="se">\
</span> postgresql-client libpq-dev <span class="se">\
</span> imagemagick libjpeg-dev libpng-dev libtiff-dev libwebp-dev libvips <span class="se">\
</span> tzdata <span class="se">\
</span> tmux <span class="se">\
</span> vim
<span class="c"># Install rbenv and ruby</span>
<span class="k">USER</span><span class="s"> vscode</span>
<span class="k">ARG</span><span class="s"> RUBY_VERSION="3.2.2"</span>
<span class="k">RUN </span>git clone https://github.com/rbenv/rbenv.git /home/vscode/.rbenv <span class="se">\
</span> <span class="o">&&</span> <span class="nb">echo</span> <span class="s1">'[ -f "/home/vscode/.rbenv/bin/rbenv" ] && eval "$(rbenv init - bash)" # rbenv'</span> <span class="o">>></span> /home/vscode/.zshrc <span class="se">\
</span> <span class="o">&&</span> <span class="nb">echo</span> <span class="s1">'[ -f "/home/vscode/.rbenv/bin/rbenv" ] && eval "$(rbenv init - bash)" # rbenv'</span> <span class="o">>></span> /home/vscode/.bashrc <span class="se">\
</span> <span class="o">&&</span> <span class="nb">echo</span> <span class="s1">'export PATH="/home/vscode/.rbenv/bin:$PATH"'</span> <span class="o">>></span> /home/vscode/.zshrc <span class="se">\
</span> <span class="o">&&</span> <span class="nb">echo</span> <span class="s1">'export PATH="/home/vscode/.rbenv/bin:$PATH"'</span> <span class="o">>></span> /home/vscode/.bashrc <span class="se">\
</span> <span class="o">&&</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /home/vscode/.rbenv/versions <span class="se">\
</span> <span class="o">&&</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /home/vscode/.rbenv/plugins <span class="se">\
</span> <span class="o">&&</span> git clone https://github.com/rbenv/ruby-build.git /home/vscode/.rbenv/plugins/ruby-build
<span class="k">ENV</span><span class="s"> PATH "/home/vscode/.rbenv/bin/:HOME/.rbenv/shims/:$PATH"</span>
<span class="k">RUN </span>rbenv <span class="nb">install</span> <span class="nv">$RUBY_VERSION</span> <span class="o">&&</span> <span class="se">\
</span> rbenv global <span class="nv">$RUBY_VERSION</span> <span class="o">&&</span> <span class="se">\
</span> rbenv versions
<span class="k">COPY</span><span class="s"> .devcontainer/welcome.txt /usr/local/etc/vscode-dev-containers/first-run-notice.txt</span>
</code></pre></div></div>
<p>I won’t go into much detail on how it works but will instead explain the reasons behind some decisions made. To understand more about how a <code class="highlighter-rouge">Dockerfile</code> works, the <a href="https://docs.docker.com/engine/reference/builder/" target="_blank">official documentation</a> is the best reference.</p>
<h4 id="the-base-image-used">The base image used.</h4>
<p>In the first instructions, we define which base image we will use:</p>
<div class="language-dockerfile highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># .devcontainer/Dockerfile</span>
<span class="k">ARG</span><span class="s"> VARIANT=bullseye</span>
<span class="k">FROM</span><span class="s"> mcr.microsoft.com/vscode/devcontainers/base:${VARIANT}</span>
</code></pre></div></div>
<p>The <a href="https://docs.docker.com/engine/reference/builder/#from" target="_blank">FROM instruction</a> specifies to Docker which image to use as the base for ours. And here, we’ve already made the first decision. Which one will we use?</p>
<p>We can use any base image for ours (including using debian directly). So, could we use the ruby:3 image directly? Yes.</p>
<div class="language-dockerfile highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">FROM</span><span class="s"> ruby:3</span>
</code></pre></div></div>
<p>is a valid <code class="highlighter-rouge">Dockerfile</code> to use as a DevContainer, and in fact, some open-source projects (e.g., <a href="https://github.com/forem/forem/blob/main/Containerfile.base" target="_blank">Forem</a>) use it. However, Microsoft’s <code class="highlighter-rouge">mcr.microsoft.com/vscode/devcontainers/</code> images are specifically prepared for use in DevContainers, adding various development tools. <a href="https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/common-debian.sh" target="_blank">Here</a>, for example, you can see one of the scripts executed in the <code class="highlighter-rouge">mcr.microsoft.com/vscode/devcontainers/</code> images.</p>
<p>For this reason, I prefer to use the <code class="highlighter-rouge">mcr.microsoft.com/vscode/devcontainers</code> images. It’s just a personal preference and doesn’t mean that using other images as DevContainers is wrong. You can use any Docker image as a base.</p>
<h4 id="and-why-use-mcrmicrosoftcomvscodedevcontainersbase-instead-of-mcrmicrosoftcomvscodedevcontainersruby">And why use <code class="highlighter-rouge">mcr.microsoft.com/vscode/devcontainers/base</code> instead of <code class="highlighter-rouge">mcr.microsoft.com/vscode/devcontainers/ruby</code>?</h4>
<p>This is another decision made based on preference. I recently used <code class="highlighter-rouge">mcr.microsoft.com/vscode/devcontainers/base</code> in my projects and manually installed Ruby due to a small “issue” (which might be specific to me 😀) I found in <code class="highlighter-rouge">mcr.microsoft.com/vscode/devcontainers/ruby</code>. The <code class="highlighter-rouge">mcr.microsoft.com/vscode/devcontainers/ruby</code> image installs two version managers: <a href="https://github.com/rbenv/rbenv" target="_blank">rbenv</a> and <a href="https://rvm.io/" target="_blank">rvm</a>, which can cause some issues. One issue I noticed is when your project has a <code class="highlighter-rouge">.ruby-version</code> file (as in <a href="https://github.com/duduribeiro/devcontainer-rails-demo/blob/main/.ruby-version" target="_blank">our example</a>, generated by Rails). The <code class="highlighter-rouge">.ruby-version</code> file tells the version managers which Ruby version to install. However, what I noticed is that when you don’t have this file, the <code class="highlighter-rouge">mcr.microsoft.com/vscode/devcontainers/ruby</code> image installs Ruby using <code class="highlighter-rouge">rbenv</code>, and when you do have this file in the project, it installs Ruby using <code class="highlighter-rouge">rvm</code>.</p>
<p>And what’s the problem with installing it using <code class="highlighter-rouge">rvm</code>? Technically, there’s no issue, but you may run into some cases like I did. I was using the VSCode extension for <code class="highlighter-rouge">ruby-lsp</code>, and the extension’s version manager detection was set to <code class="highlighter-rouge">auto</code> (https://github.com/Shopify/vscode-ruby-lsp#ruby-version-managers){:target=”_blank”}. The extension tried to detect the installed version using <code class="highlighter-rouge">rbenv</code>, but my DevContainer was using <code class="highlighter-rouge">rvm</code>. Check out these two issues, <a href="https://github.com/devcontainers/images/issues/572" target="_blank">https://github.com/devcontainers/images/issues/572</a> and <a href="https://github.com/microsoft/vscode-dev-containers/issues/704" target="_blank">https://github.com/microsoft/vscode-dev-containers/issues/704</a>, for more details.</p>
<p>Also, it’s not necessary to have a version manager in a container. When you need to use a different Ruby version, you can install it directly in the container, avoiding the installation of multiple versions together.</p>
<p>Because of this difference, I preferred to use the <code class="highlighter-rouge">base</code> image and manually install <code class="highlighter-rouge">Ruby</code> with the following instructions:</p>
<div class="language-dockerfile highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># Install rbenv and ruby</span>
<span class="k">USER</span><span class="s"> vscode</span>
<span class="k">ARG</span><span class="s"> RUBY_VERSION="3.2.2"</span>
<span class="k">RUN </span>git clone https://github.com/rbenv/rbenv.git /home/vscode/.rbenv <span class="se">\
</span> <span class="o">&&</span> <span class="nb">echo</span> <span class="s1">'[ -f "/home/vscode/.rbenv/bin/rbenv" ] && eval "$(rbenv init - bash)" # rbenv'</span> <span class="o">>></span> /home/vscode/.zshrc <span class="se">\
</span> <span class="o">&&</span> <span class="nb">echo</span> <span class="s1">'[ -f "/home/vscode/.rbenv/bin/rbenv" ] && eval "$(rbenv init - bash)" # rbenv'</span> <span class="o">>></span> /home/vscode/.bashrc <span class="se">\
</span> <span class="o">&&</span> <span class="nb">echo</span> <span class="s1">'export PATH="/home/vscode/.rbenv/bin:$PATH"'</span> <span class="o">>></span> /home/vscode/.zshrc <span class="se">\
</span> <span class="o">&&</span> <span class="nb">echo</span> <span class="s1">'export PATH="/home/vscode/.rbenv/bin:$PATH"'</span> <span class="o">>></span> /home/vscode/.bashrc <span class="se">\
</span> <span class="o">&&</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /home/vscode/.rbenv/versions <span class="se">\
</span> <span class="o">&&</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /home/vscode/.rbenv/plugins <span class="se">\
</span> <span class="o">&&</span> git clone https://github.com/rbenv/ruby-build.git /home/vscode/.rbenv/plugins/ruby-build
<span class="k">ENV</span><span class="s"> PATH "/home/vscode/.rbenv/bin/:/home/vscode/.rbenv/.rbenv/shims/:$PATH"</span>
<span class="k">RUN </span>rbenv <span class="nb">install</span> <span class="nv">$RUBY_VERSION</span> <span class="o">&&</span> <span class="se">\
</span> rbenv global <span class="nv">$RUBY_VERSION</span> <span class="o">&&</span> <span class="se">\
</span> rbenv versions
</code></pre></div></div>
<p>The last instruction in the <code class="highlighter-rouge">Dockerfile</code> simply copies the file <code class="highlighter-rouge">.devcontainer/welcome.txt</code> to the location <code class="highlighter-rouge">/usr/local/etc/vscode-dev-containers/first-run-notice.txt</code> in the container. This file sets up a message that will be displayed when we open the terminal in VSCode.</p>
<p><img src="/assets/images/vscode-welmcome-message.png" alt="vscode welcome message" /></p>
<p>Let’s create our <code class="highlighter-rouge">.devcontainer/welcome.txt</code> then.</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>👋 Welcome to "DemoApp"!
🛠️ Your environment is fully setup with all the required software.
</code></pre></div></div>
<p>Our Dockerfile is ready. We can build the image to see if everything is okay by running <code class="highlighter-rouge">docker build</code> in the root of the project:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>% docker build <span class="nt">-f</span> .devcontainer/Dockerfile <span class="nb">.</span>
<span class="o">[</span>+] Building 0.1s <span class="o">(</span>10/10<span class="o">)</span> FINISHED docker:orbstack
<span class="o">=></span> <span class="o">[</span>internal] load build definition from Dockerfile 0.0s
<span class="o">=></span> <span class="o">=></span> transferring dockerfile: 1.47kB 0.0s
<span class="o">=></span> <span class="o">[</span>internal] load .dockerignore 0.0s
<span class="o">=></span> <span class="o">=></span> transferring context: 766B 0.0s
<span class="o">=></span> <span class="o">[</span>internal] load metadata <span class="k">for </span>mcr.microsoft.com/vscode/devcontainers/base:bullseye 0.0s
<span class="o">=></span> <span class="o">[</span>internal] load build context 0.0s
<span class="o">=></span> <span class="o">=></span> transferring context: 265B 0.0s
<span class="o">=></span> <span class="o">[</span>1/5] FROM mcr.microsoft.com/vscode/devcontainers/base:bullseye 0.0s
<span class="o">=></span> CACHED <span class="o">[</span>2/5] RUN apt-get update <span class="o">&&</span> apt-get <span class="nt">-y</span> <span class="nb">install</span> <span class="nt">--no-install-recommends</span> build-essential gnupg2 <span class="nb">tar </span>git zsh libssl-dev zlib1g-dev libyaml-dev curl libreadline-dev postgresql-client libpq 0.0s
<span class="o">=></span> CACHED <span class="o">[</span>3/5] RUN git clone https://github.com/rbenv/rbenv.git /home/vscode/.rbenv <span class="o">&&</span> <span class="nb">echo</span> <span class="s1">'[ -f "/home/vscode/.rbenv/bin/rbenv" ] && eval "$(rbenv init - bash)" # rbenv'</span> <span class="o">>></span> /home/vscode/.zshrc & 0.0s
<span class="o">=></span> CACHED <span class="o">[</span>4/5] RUN rbenv <span class="nb">install </span>3.2.2 <span class="o">&&</span> rbenv global 3.2.2 <span class="o">&&</span> rbenv versions 0.0s
<span class="o">=></span> <span class="o">[</span>5/5] COPY .devcontainer/welcome.txt /usr/local/etc/vscode-dev-containers/first-run-notice.txt 0.0s
<span class="o">=></span> exporting to image 0.0s
<span class="o">=></span> <span class="o">=></span> exporting layers 0.0s
<span class="o">=></span> <span class="o">=></span> writing image sha256:1ca67988b183ade50ca4f4a76e24d7cf76de0f7e7a12b0ea1d516fc25a67b501
</code></pre></div></div>
<p>The output indicates that our image is okay, and now we can proceed with building our <code class="highlighter-rouge">devcontainer.json</code>.</p>
<p>The source code up to this point: <a href="https://github.com/duduribeiro/devcontainer-rails-demo/releases/tag/1-dockerfile" target="_blank">Link</a></p>
<h3 id="specifying-our-development-container-in-the-devcontainerjson">Specifying our development container in the <code class="highlighter-rouge">devcontainer.json</code>.</h3>
<p>As we saw at the beginning, the <code class="highlighter-rouge">.devcontainer/devcontainer.json</code> file contains the necessary configurations for our DevContainer so that <a href="https://containers.dev/supporting" target="_blank">tools and services that support the devcontainer specification</a> can start up and connect to the DevContainer. With this specification, we will be able to make VSCode set up our environment when it detects the project.</p>
<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="err">//</span><span class="w"> </span><span class="err">.devcontainer/devcontainer.json</span><span class="w">
</span><span class="err">//</span><span class="w"> </span><span class="err">For</span><span class="w"> </span><span class="err">format</span><span class="w"> </span><span class="err">details,</span><span class="w"> </span><span class="err">see</span><span class="w"> </span><span class="err">https://aka.ms/devcontainer.json.</span><span class="w"> </span><span class="err">For</span><span class="w"> </span><span class="err">config</span><span class="w"> </span><span class="err">options,</span><span class="w"> </span><span class="err">see</span><span class="w"> </span><span class="err">the</span><span class="w">
</span><span class="err">//</span><span class="w"> </span><span class="err">README</span><span class="w"> </span><span class="err">at:</span><span class="w"> </span><span class="err">https://github.com/devcontainers/templates/tree/main/src/ruby-rails-postgres</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"DemoApp DevContainer"</span><span class="p">,</span><span class="w">
</span><span class="nl">"build"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"dockerfile"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Dockerfile"</span><span class="p">,</span><span class="w">
</span><span class="nl">"context"</span><span class="p">:</span><span class="w"> </span><span class="s2">".."</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="nl">"workspaceFolder"</span><span class="p">:</span><span class="w"> </span><span class="s2">"/workspaces/${localWorkspaceFolderBasename}"</span><span class="p">,</span><span class="w">
</span><span class="nl">"remoteEnv"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"GIT_EDITOR"</span><span class="p">:</span><span class="w"> </span><span class="s2">"code --wait"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div></div>
<p>The complete specification and documentation for <code class="highlighter-rouge">devcontainer.json</code> can be found <a href="https://containers.dev/implementors/json_reference/" target="_blank">here</a>, but to summarize, here we define that our DevContainer is named “DemoApp DevContainer” and specify that it will use our Dockerfile created in the previous step. If we open our project with VSCode, we will receive a message indicating that it has detected a DevContainer specification and suggests opening the project inside the container:</p>
<p><img src="/assets/images/vscode-reopen-in-container.png" alt="vscode reopen in container option" /></p>
<p>In this popup, we can click on <code class="highlighter-rouge">Reopen in container</code>, or in the command palette, you can search for the command directly.</p>
<p><img src="/assets/images/vscode-command-reopen-in-container.png" alt="vscode reopen in container command" /></p>
<p>Demo time!</p>
<video width="600" height="400" controls="" src="/assets/videos/demotime.webm"></video>
<p>In the demo, we see that when we use the “Reopen in container” option, VSCode opens the project inside the container. Extensions run within the container and not on the local operating system. This allows extensions (e.g., LSP) to run their clients within the container itself. <a href="https://code.visualstudio.com/docs/devcontainers/containers" target="_blank">Read here</a> for more information on the DevContainers architecture. The image below illustrates this:</p>
<table>
<thead>
<tr>
<th style="text-align: center"><img src="/assets/images/architecture-containers.png" alt="DevContainers Architecture" /></th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: center"><em>https://code.visualstudio.com/docs/devcontainers/containers</em></td>
</tr>
</tbody>
</table>
<p>We also see that the tools are already installed in our container. We have <code class="highlighter-rouge">ruby</code> and even <code class="highlighter-rouge">vim</code> inside the container. And this is the difference from a production container. Here, we have everything we need for a complete development environment.</p>
<p>Source code up to this point: <a href="https://github.com/duduribeiro/devcontainer-rails-demo/releases/tag/2-basic-devcontainer" target="_blank">Link</a></p>
<h3 id="project-dependencies">Project Dependencies</h3>
<p>Inside our DevContainer, if we try to run the <code class="highlighter-rouge">bin/setup</code> command of our project (which installs dependencies and sets up the database), we will encounter some errors.</p>
<p>The first error we receive:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>bin/setup:8:in <span class="sb">`</span>system<span class="s1">': No such file or directory - bun (Errno::ENOENT)
from bin/setup:8:in `system!'</span>
from bin/setup:21:in <span class="sb">`</span>block <span class="k">in</span> <main><span class="s1">'
from /home/vscode/.rbenv/versions/3.2.2/lib/ruby/3.2.0/fileutils.rb:244:in `chdir'</span>
from /home/vscode/.rbenv/versions/3.2.2/lib/ruby/3.2.0/fileutils.rb:244:in <span class="sb">`</span><span class="nb">cd</span><span class="s1">'
from bin/setup:11:in `<main>'</span>
</code></pre></div></div>
<p><img src="/assets/images/devcontainer-setup-error.png" alt="devcontainer setup error" /></p>
<p>Our Rails project was generated using <a href="bun.sh">bun</a> as the JavaScript package manager and bundler. (Rails now supports Bun thanks to the great work of <a href="https://twitter.com/jmeller" target="_blank">Jason Meller</a> in this <a href="https://github.com/rails/rails/pull/49241" target="_blank">PR</a>). However, our DevContainer does not have <code class="highlighter-rouge">bun</code> installed. We can fix this in two ways:</p>
<ul>
<li>Modify our Dockerfile to install <code class="highlighter-rouge">bun</code></li>
<li>Use the <a href="https://containers.dev/features">DevContainer Features</a> <code class="highlighter-rouge">ghcr.io/shyim/devcontainers-features/bun</code></li>
</ul>
<p>We will proceed with the second option. It’s a simple option for installing tools when they are available. We modify our <code class="highlighter-rouge">devcontainer.json</code> to include the following instruction:</p>
<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="w"> </span><span class="nl">"features"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"ghcr.io/shyim/devcontainers-features/bun:0"</span><span class="p">:</span><span class="w"> </span><span class="p">{}</span><span class="w">
</span><span class="p">}</span><span class="err">,</span><span class="w">
</span></code></pre></div></div>
<p>Our <code class="highlighter-rouge">devcontainer.json</code> looks like this now:</p>
<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="err">//</span><span class="w"> </span><span class="err">For</span><span class="w"> </span><span class="err">format</span><span class="w"> </span><span class="err">details,</span><span class="w"> </span><span class="err">see</span><span class="w"> </span><span class="err">https://aka.ms/devcontainer.json.</span><span class="w"> </span><span class="err">For</span><span class="w"> </span><span class="err">config</span><span class="w"> </span><span class="err">options,</span><span class="w"> </span><span class="err">see</span><span class="w"> </span><span class="err">the</span><span class="w">
</span><span class="err">//</span><span class="w"> </span><span class="err">README</span><span class="w"> </span><span class="err">at:</span><span class="w"> </span><span class="err">https://github.com/devcontainers/templates/tree/main/src/ruby-rails-postgres</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"DemoApp DevContainer"</span><span class="p">,</span><span class="w">
</span><span class="nl">"build"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"dockerfile"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Dockerfile"</span><span class="p">,</span><span class="w">
</span><span class="nl">"context"</span><span class="p">:</span><span class="w"> </span><span class="s2">".."</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="nl">"features"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"ghcr.io/shyim/devcontainers-features/bun:0"</span><span class="p">:</span><span class="w"> </span><span class="p">{}</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="nl">"workspaceFolder"</span><span class="p">:</span><span class="w"> </span><span class="s2">"/workspace"</span><span class="p">,</span><span class="w">
</span><span class="nl">"remoteEnv"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"GIT_EDITOR"</span><span class="p">:</span><span class="w"> </span><span class="s2">"code --wait"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div></div>
<p>VSCode notices that we have modified the specification of our DevContainer and suggests rebuilding it:
<img src="/assets/images/rebuild-container-option.png" alt="rebuild container option" /></p>
<p>After finishing the DevContainer build, if we run <code class="highlighter-rouge">bun -v</code>, we will see that it is now installed:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>vscode ➜ /workspace <span class="o">(</span>main<span class="o">)</span> <span class="nv">$ </span>bun <span class="nt">-v</span>
1.0.3
</code></pre></div></div>
<p>Running <code class="highlighter-rouge">bin/setup</code> again, and now the failure occurs when preparing the database.</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>PG::ConnectionBad: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket <span class="s2">"/var/run/postgresql/.s.PGSQL.5432"</span>?
</code></pre></div></div>
<p><img src="/assets/images/devcontainer-pg-error.png" alt="postgres error on devcontainer" /></p>
<p>Our project is configured to use PostgreSQL, and this error occurs because we don’t have it running in our container. Let’s run our database using <a href="https://containers.dev/guide/dockerfile#docker-compose" target="_blank">Docker Compose</a>, which allows us to define a development environment with multiple containers. Instead of adding PostgreSQL to our Dockerfile, we’ll add an additional container to our environment via Compose.</p>
<p>Let’s create our <code class="highlighter-rouge">.devcontainer/docker-compose.yml</code> file. Refer to the <a href="https://docs.docker.com/compose/">documentation</a> for more information on Docker Compose specification.</p>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3'</span>
<span class="na">services</span><span class="pi">:</span>
<span class="na">app</span><span class="pi">:</span>
<span class="na">build</span><span class="pi">:</span>
<span class="na">context</span><span class="pi">:</span> <span class="s">..</span>
<span class="na">dockerfile</span><span class="pi">:</span> <span class="s">.devcontainer/Dockerfile</span>
<span class="na">volumes</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">..:/workspace:cached</span>
<span class="pi">-</span> <span class="s">$HOME/.ssh/:/home/vscode/.ssh/</span>
<span class="na">depends_on</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">postgres</span>
<span class="na">environment</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">DATABASE_URL=postgres://postgres:postgres@postgres:5432</span>
<span class="c1"># Overrides default command so things don't shut down after the process ends.</span>
<span class="na">command</span><span class="pi">:</span> <span class="s">sleep infinity</span>
<span class="c1"># Runs app on the same network as the database container, allows "forwardPorts" in devcontainer.json function.</span>
<span class="na">network_mode</span><span class="pi">:</span> <span class="s">service:postgres</span>
<span class="na">postgres</span><span class="pi">:</span>
<span class="na">image</span><span class="pi">:</span> <span class="s">postgres:15-alpine</span>
<span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span>
<span class="na">volumes</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">postgres-data:/var/lib/postgresql/data</span>
<span class="na">environment</span><span class="pi">:</span>
<span class="na">POSTGRES_USER</span><span class="pi">:</span> <span class="s">postgres</span>
<span class="na">POSTGRES_DB</span><span class="pi">:</span> <span class="s">postgres</span>
<span class="na">POSTGRES_PASSWORD</span><span class="pi">:</span> <span class="s">postgres</span>
<span class="na">healthcheck</span><span class="pi">:</span>
<span class="na">test</span><span class="pi">:</span> <span class="s">pg_isready -U postgres -h 127.0.0.1</span>
<span class="na">interval</span><span class="pi">:</span> <span class="s">5s</span>
<span class="na">volumes</span><span class="pi">:</span>
<span class="na">postgres-data</span><span class="pi">:</span>
</code></pre></div></div>
<p>In summary, in our Compose file, we define two services: the <code class="highlighter-rouge">app</code>, which will be our <code class="highlighter-rouge">devcontainer</code> and is built based on our Dockerfile, and the <code class="highlighter-rouge">postgres</code>, which will use the official <code class="highlighter-rouge">postgres</code> image. We add an environment variable <code class="highlighter-rouge">DATABASE_URL</code> with the value <code class="highlighter-rouge">postgres://postgres:postgres@postgres:5432</code> to inform our project about this database endpoint. In our <code class="highlighter-rouge">devcontainer</code>, we override the default command with <code class="highlighter-rouge">command: sleep infinity</code> to prevent the container from exiting when the main process finishes.</p>
<p>We also modify the <code class="highlighter-rouge">.devcontainer/devcontainer.json</code> file to use Docker Compose instead of just our Dockerfile. We remove the <code class="highlighter-rouge">build</code> directive and add the <code class="highlighter-rouge">dockerComposeFile</code> and <code class="highlighter-rouge">service</code> sections. Here’s the resulting file:</p>
<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="err">//</span><span class="w"> </span><span class="err">.devcontainer/devcontainer.json</span><span class="w">
</span><span class="err">//</span><span class="w"> </span><span class="err">For</span><span class="w"> </span><span class="err">format</span><span class="w"> </span><span class="err">details,</span><span class="w"> </span><span class="err">see</span><span class="w"> </span><span class="err">https://aka.ms/devcontainer.json.</span><span class="w"> </span><span class="err">For</span><span class="w"> </span><span class="err">config</span><span class="w"> </span><span class="err">options,</span><span class="w"> </span><span class="err">see</span><span class="w"> </span><span class="err">the</span><span class="w">
</span><span class="err">//</span><span class="w"> </span><span class="err">README</span><span class="w"> </span><span class="err">at:</span><span class="w"> </span><span class="err">https://github.com/devcontainers/templates/tree/main/src/ruby-rails-postgres</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"DemoApp DevContainer"</span><span class="p">,</span><span class="w">
</span><span class="nl">"dockerComposeFile"</span><span class="p">:</span><span class="w"> </span><span class="s2">"docker-compose.yml"</span><span class="p">,</span><span class="w">
</span><span class="nl">"service"</span><span class="p">:</span><span class="w"> </span><span class="s2">"app"</span><span class="p">,</span><span class="w">
</span><span class="nl">"features"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"ghcr.io/shyim/devcontainers-features/bun:0"</span><span class="p">:</span><span class="w"> </span><span class="p">{}</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="nl">"workspaceFolder"</span><span class="p">:</span><span class="w"> </span><span class="s2">"/workspace"</span><span class="p">,</span><span class="w">
</span><span class="nl">"remoteEnv"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"GIT_EDITOR"</span><span class="p">:</span><span class="w"> </span><span class="s2">"code --wait"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div></div>
<p>After rebuilding the DevContainer and accessing it, we run <code class="highlighter-rouge">bin/setup</code> again, and now the database is created, and our setup is completed successfully.</p>
<p><img src="/assets/images/devcontainer-setup-finished.png" alt="devcontainer setup finished" /></p>
<p>Project code up to this point: <a href="https://github.com/duduribeiro/devcontainer-rails-demo/releases/tag/4-use-compose" target="_blank">link</a></p>
<h3 id="running-the-project">Running the project</h3>
<p>With the project set up, we can start the project with the command <code class="highlighter-rouge">bin/dev</code>.</p>
<p><img src="/assets/images/running-the-project.png" alt="running the project" /></p>
<p>The application will start inside the container, and VSCode will give us the option to open the browser. When we access at http://localhost:3000 it show the page with success:</p>
<p><img src="/assets/images/devcontainer-rails-page.png" alt="page opened with success" /></p>
<p>Everything is set up, and our project is running, achieving our goal. We have a development environment that anyone who clones the project can run in just a few minutes.</p>
<h2 id="some-improvements-to-our-devcontainer">Some improvements to our DevContainer</h2>
<p>Let’s add a few more things to our DevContainer to improve our experience.</p>
<p>The first change we’ll make is to add an <code class="highlighter-rouge">onCreateCommand</code>. This directive tells the DevContainer what command to run when it’s created. Cloud DevContainer services (like GitHub Codespaces) also use this command for caching and prebuilding the container to reduce setup time. In our <code class="highlighter-rouge">onCreateCommand</code> script, we’ll update system gems (like Bundler) and run <code class="highlighter-rouge">bin/setup</code>. This way, every time a DevContainer is created, we won’t need to run <code class="highlighter-rouge">bin/setup</code> and can directly start the server when we initiate the container.</p>
<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="err">//</span><span class="w"> </span><span class="err">.devcontainer/devcontainer.json</span><span class="w">
</span><span class="nl">"onCreateCommand"</span><span class="p">:</span><span class="w"> </span><span class="s2">".devcontainer/onCreateCommand.sh"</span><span class="w">
</span></code></pre></div></div>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">#!/usr/bin/env bash</span>
<span class="c"># .devcontainer/onCreateCommand.sh</span>
<span class="nb">echo</span> <span class="s2">"Updating RubyGems..."</span>
gem update <span class="nt">--system</span> <span class="nt">-N</span>
<span class="nb">echo</span> <span class="s2">"Setup.."</span>
bin/setup
<span class="nb">echo</span> <span class="s2">"Seeding database..."</span>
bin/rails db:seed
<span class="nb">echo</span> <span class="s2">"Done!"</span>
</code></pre></div></div>
<p>Another improvement we can make is to install extensions and add VSCode settings by default. This way, everyone who starts a DevContainer will have the project’s standard extensions installed. In the example below, we have some extensions like <code class="highlighter-rouge">ruby-lsp</code> and <code class="highlighter-rouge">sqltools</code> for connecting to the database. We also adjust the <code class="highlighter-rouge">sqltools</code> settings to include the database connection information.</p>
<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="err">//</span><span class="w"> </span><span class="err">.devcontainer/devcontainer.json</span><span class="w">
</span><span class="nl">"customizations"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"vscode"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="err">//</span><span class="w"> </span><span class="err">Set</span><span class="w"> </span><span class="err">*default*</span><span class="w"> </span><span class="err">container</span><span class="w"> </span><span class="err">specific</span><span class="w"> </span><span class="err">settings.json</span><span class="w"> </span><span class="err">values</span><span class="w"> </span><span class="err">on</span><span class="w"> </span><span class="err">container</span><span class="w"> </span><span class="err">create.</span><span class="w">
</span><span class="nl">"settings"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"sqltools.connections"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Development Database"</span><span class="p">,</span><span class="w">
</span><span class="nl">"driver"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PostgreSQL"</span><span class="p">,</span><span class="w">
</span><span class="nl">"previewLimit"</span><span class="p">:</span><span class="w"> </span><span class="mi">50</span><span class="p">,</span><span class="w">
</span><span class="nl">"server"</span><span class="p">:</span><span class="w"> </span><span class="s2">"postgres"</span><span class="p">,</span><span class="w">
</span><span class="nl">"port"</span><span class="p">:</span><span class="w"> </span><span class="mi">5432</span><span class="p">,</span><span class="w">
</span><span class="nl">"database"</span><span class="p">:</span><span class="w"> </span><span class="s2">"devcontainer_rails_demo_development"</span><span class="p">,</span><span class="w">
</span><span class="nl">"username"</span><span class="p">:</span><span class="w"> </span><span class="s2">"postgres"</span><span class="p">,</span><span class="w">
</span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"postgres"</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Test Database"</span><span class="p">,</span><span class="w">
</span><span class="nl">"driver"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PostgreSQL"</span><span class="p">,</span><span class="w">
</span><span class="nl">"previewLimit"</span><span class="p">:</span><span class="w"> </span><span class="mi">50</span><span class="p">,</span><span class="w">
</span><span class="nl">"server"</span><span class="p">:</span><span class="w"> </span><span class="s2">"postgres"</span><span class="p">,</span><span class="w">
</span><span class="nl">"port"</span><span class="p">:</span><span class="w"> </span><span class="mi">5432</span><span class="p">,</span><span class="w">
</span><span class="nl">"database"</span><span class="p">:</span><span class="w"> </span><span class="s2">"devcontainer_rails_demo_test"</span><span class="p">,</span><span class="w">
</span><span class="nl">"username"</span><span class="p">:</span><span class="w"> </span><span class="s2">"postgres"</span><span class="p">,</span><span class="w">
</span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"postgres"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">],</span><span class="w">
</span><span class="nl">"editor.formatOnSave"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="nl">"extensions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
</span><span class="s2">"Shopify.ruby-lsp"</span><span class="p">,</span><span class="w">
</span><span class="s2">"manuelpuyol.erb-linter"</span><span class="p">,</span><span class="w">
</span><span class="s2">"GitHub.github-vscode-theme"</span><span class="p">,</span><span class="w">
</span><span class="s2">"eamodio.gitlens"</span><span class="p">,</span><span class="w">
</span><span class="s2">"aki77.rails-db-schema"</span><span class="p">,</span><span class="w">
</span><span class="s2">"bung87.rails"</span><span class="p">,</span><span class="w">
</span><span class="s2">"mtxr.sqltools-driver-pg"</span><span class="p">,</span><span class="w">
</span><span class="s2">"mtxr.sqltools"</span><span class="p">,</span><span class="w">
</span><span class="s2">"testdouble.vscode-standard-ruby"</span><span class="w">
</span><span class="p">],</span><span class="w">
</span><span class="nl">"rubyLsp.enableExperimentalFeatures"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="err">,</span><span class="w">
</span></code></pre></div></div>
<p>We can also fix the ports that are accessible from the container. When we start the server, VSCode identifies that port 3000 is open and performs an auto-forward. However, we can pre-establish this in the <code class="highlighter-rouge">devcontainer.json</code> and even open the database port:</p>
<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">.devcontainer/devcontainer.json</span><span class="w">
</span><span class="err">//</span><span class="w"> </span><span class="err">Use</span><span class="w"> </span><span class="err">'forwardPorts'</span><span class="w"> </span><span class="err">to</span><span class="w"> </span><span class="err">make</span><span class="w"> </span><span class="err">a</span><span class="w"> </span><span class="err">list</span><span class="w"> </span><span class="err">of</span><span class="w"> </span><span class="err">ports</span><span class="w"> </span><span class="err">inside</span><span class="w"> </span><span class="err">the</span><span class="w"> </span><span class="err">container</span><span class="w"> </span><span class="err">available</span><span class="w"> </span><span class="err">locally.</span><span class="w">
</span><span class="nl">"forwardPorts"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
</span><span class="mi">3000</span><span class="p">,</span><span class="w">
</span><span class="mi">5432</span><span class="p">,</span><span class="w">
</span><span class="p">]</span><span class="err">,</span><span class="w">
</span><span class="nl">"portsAttributes"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"3000"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"label"</span><span class="p">:</span><span class="w"> </span><span class="s2">"web"</span><span class="p">,</span><span class="w">
</span><span class="nl">"onAutoForward"</span><span class="p">:</span><span class="w"> </span><span class="s2">"notify"</span><span class="p">,</span><span class="w">
</span><span class="nl">"requireLocalPort"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="nl">"5432"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"label"</span><span class="p">:</span><span class="w"> </span><span class="s2">"postgres"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div></div>
<p>With these final improvements, our DevContainer is now ready for use. The final version up and running:</p>
<video width="600" height="400" controls="" src="/assets/videos/finalversion.webm"></video>
<p>And with that, we’ve achieved the goal: using containers to reduce friction in setting up your development environment. The final source code of the project is available at <a href="https://github.com/duduribeiro/devcontainer-rails-demo/" target="_blank">https://github.com/duduribeiro/devcontainer-rails-demo/</a>. You can clone it and set up the environment in just a few minutes to try it out for yourself.</p>
<hr />
<p>Bonus:</p>
<p>Now that you have your development environment setup with DevContainers, you can also easily use services like <a href="https://github.com/features/codespaces" target="_blank">GitHub Codespaces</a></p>
<video width="600" height="400" controls="" src="/assets/videos/codespacesdemo.webm"></video>
<p>Even this blog post was <a href="https://github.com/duduribeiro/blog/commit/a0740c12fb9f95ce6a9aecea2e087911658e9384" target="_blank">written inside a DevContainer</a>. I needed to install Ruby 2.6.8 and some dependencies failed to intall on my machine. So I decided to run this on a DevContainer to have a easy way to run the project every time I want to write a new post.</p>
<hr />
<p>References:</p>
<ul>
<li>https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers</li>
<li>https://speakerdeck.com/palkan/railsconf-2019-terraforming-legacy-rails-applications</li>
<li>https://github.blog/2015-06-30-scripts-to-rule-them-all/</li>
<li>https://github.blog/2021-08-11-githubs-engineering-team-moved-codespaces/</li>
<li>https://containers.dev/</li>
<li>https://code.visualstudio.com/docs/devcontainers/containers</li>
<li>https://12factor.net/dev-prod-parity</li>
<li>https://github.com/forem/forem/tree/main/.devcontainer</li>
<li>https://github.com/robzolkos/rails-devcontainer/</li>
<li>https://github.com/microsoft/vscode-dev-containers/issues/704</li>
</ul>
<p><br />
<br /></p>
<p>Thanks ☕️</p>dudribeiroOne common problem in software development is setting up the project’s development environment. Have you ever joined a project, opened the README.md, and found a README HELL, filled with endless instructions on how to configure the project? And halfway through the instructions, you encounter an error while running a command because you’re not on the same operating system version as the person who wrote the README, or because the documentation is outdated.Creating a Docker image with a preloaded database2021-01-29T15:00:00+00:002021-01-29T15:00:00+00:00https://cadu.dev/creating-a-docker-image-with-database-preloaded<p>Imagine that we have the following Postgresql database dump:</p>
<figure class="highlight"><pre><code class="language-sql" data-lang="sql"><span class="c1">--</span>
<span class="c1">-- PostgreSQL database dump</span>
<span class="c1">--</span>
<span class="c1">-- Dumped from database version 11.5</span>
<span class="c1">-- Dumped by pg_dump version 11.3</span>
<span class="k">SET</span> <span class="n">statement_timeout</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
<span class="k">SET</span> <span class="n">lock_timeout</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
<span class="k">SET</span> <span class="n">idle_in_transaction_session_timeout</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
<span class="k">SET</span> <span class="n">client_encoding</span> <span class="o">=</span> <span class="s1">'UTF8'</span><span class="p">;</span>
<span class="k">SET</span> <span class="n">standard_conforming_strings</span> <span class="o">=</span> <span class="k">on</span><span class="p">;</span>
<span class="k">SELECT</span> <span class="n">pg_catalog</span><span class="p">.</span><span class="n">set_config</span><span class="p">(</span><span class="s1">'search_path'</span><span class="p">,</span> <span class="s1">''</span><span class="p">,</span> <span class="k">false</span><span class="p">);</span>
<span class="k">SET</span> <span class="n">check_function_bodies</span> <span class="o">=</span> <span class="k">false</span><span class="p">;</span>
<span class="k">SET</span> <span class="n">xmloption</span> <span class="o">=</span> <span class="n">content</span><span class="p">;</span>
<span class="k">SET</span> <span class="n">client_min_messages</span> <span class="o">=</span> <span class="n">warning</span><span class="p">;</span>
<span class="k">SET</span> <span class="n">row_security</span> <span class="o">=</span> <span class="k">off</span><span class="p">;</span>
<span class="c1">--</span>
<span class="c1">-- Name: my_db; Type: DATABASE; Schema: -; Owner: postgres</span>
<span class="c1">--</span>
<span class="k">CREATE</span> <span class="k">DATABASE</span> <span class="n">my_db</span> <span class="k">WITH</span> <span class="k">TEMPLATE</span> <span class="o">=</span> <span class="n">template0</span> <span class="k">ENCODING</span> <span class="o">=</span> <span class="s1">'UTF8'</span> <span class="n">LC_COLLATE</span> <span class="o">=</span> <span class="s1">'en_US.utf8'</span> <span class="n">LC_CTYPE</span> <span class="o">=</span> <span class="s1">'en_US.utf8'</span><span class="p">;</span>
<span class="k">ALTER</span> <span class="k">DATABASE</span> <span class="n">my_db</span> <span class="k">OWNER</span> <span class="k">TO</span> <span class="n">postgres</span><span class="p">;</span>
<span class="err">\</span><span class="k">connect</span> <span class="n">my_db</span>
<span class="k">SET</span> <span class="n">statement_timeout</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
<span class="k">SET</span> <span class="n">lock_timeout</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
<span class="k">SET</span> <span class="n">idle_in_transaction_session_timeout</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
<span class="k">SET</span> <span class="n">client_encoding</span> <span class="o">=</span> <span class="s1">'UTF8'</span><span class="p">;</span>
<span class="k">SET</span> <span class="n">standard_conforming_strings</span> <span class="o">=</span> <span class="k">on</span><span class="p">;</span>
<span class="k">SELECT</span> <span class="n">pg_catalog</span><span class="p">.</span><span class="n">set_config</span><span class="p">(</span><span class="s1">'search_path'</span><span class="p">,</span> <span class="s1">''</span><span class="p">,</span> <span class="k">false</span><span class="p">);</span>
<span class="k">SET</span> <span class="n">check_function_bodies</span> <span class="o">=</span> <span class="k">false</span><span class="p">;</span>
<span class="k">SET</span> <span class="n">xmloption</span> <span class="o">=</span> <span class="n">content</span><span class="p">;</span>
<span class="k">SET</span> <span class="n">client_min_messages</span> <span class="o">=</span> <span class="n">warning</span><span class="p">;</span>
<span class="k">SET</span> <span class="n">row_security</span> <span class="o">=</span> <span class="k">off</span><span class="p">;</span>
<span class="k">SET</span> <span class="n">default_tablespace</span> <span class="o">=</span> <span class="s1">''</span><span class="p">;</span>
<span class="k">SET</span> <span class="n">default_with_oids</span> <span class="o">=</span> <span class="k">false</span><span class="p">;</span>
<span class="c1">--</span>
<span class="c1">-- Name: clients; Type: TABLE; Schema: public; Owner: postgres</span>
<span class="c1">--</span>
<span class="k">CREATE</span> <span class="k">TABLE</span> <span class="k">public</span><span class="p">.</span><span class="n">clients</span> <span class="p">(</span>
<span class="n">id</span> <span class="nb">integer</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span>
<span class="n">name</span> <span class="nb">character</span> <span class="nb">varying</span><span class="p">(</span><span class="mi">150</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span>
<span class="p">);</span>
<span class="k">ALTER</span> <span class="k">TABLE</span> <span class="k">public</span><span class="p">.</span><span class="n">clients</span> <span class="k">OWNER</span> <span class="k">TO</span> <span class="n">postgres</span><span class="p">;</span>
<span class="c1">--</span>
<span class="c1">-- Name: clients_id_seq; Type: SEQUENCE; Schema: public; Owner: postgres</span>
<span class="c1">--</span>
<span class="k">CREATE</span> <span class="n">SEQUENCE</span> <span class="k">public</span><span class="p">.</span><span class="n">clients_id_seq</span>
<span class="k">AS</span> <span class="nb">integer</span>
<span class="k">START</span> <span class="k">WITH</span> <span class="mi">1</span>
<span class="k">INCREMENT</span> <span class="k">BY</span> <span class="mi">1</span>
<span class="k">NO</span> <span class="k">MINVALUE</span>
<span class="k">NO</span> <span class="k">MAXVALUE</span>
<span class="k">CACHE</span> <span class="mi">1</span><span class="p">;</span>
<span class="k">ALTER</span> <span class="k">TABLE</span> <span class="k">public</span><span class="p">.</span><span class="n">clients_id_seq</span> <span class="k">OWNER</span> <span class="k">TO</span> <span class="n">postgres</span><span class="p">;</span>
<span class="c1">--</span>
<span class="c1">-- Name: clients_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: postgres</span>
<span class="c1">--</span>
<span class="k">ALTER</span> <span class="n">SEQUENCE</span> <span class="k">public</span><span class="p">.</span><span class="n">clients_id_seq</span> <span class="n">OWNED</span> <span class="k">BY</span> <span class="k">public</span><span class="p">.</span><span class="n">clients</span><span class="p">.</span><span class="n">id</span><span class="p">;</span>
<span class="c1">--</span>
<span class="c1">-- Name: clients id; Type: DEFAULT; Schema: public; Owner: postgres</span>
<span class="c1">--</span>
<span class="k">ALTER</span> <span class="k">TABLE</span> <span class="k">ONLY</span> <span class="k">public</span><span class="p">.</span><span class="n">clients</span> <span class="k">ALTER</span> <span class="k">COLUMN</span> <span class="n">id</span> <span class="k">SET</span> <span class="k">DEFAULT</span> <span class="n">nextval</span><span class="p">(</span><span class="s1">'public.clients_id_seq'</span><span class="p">::</span><span class="n">regclass</span><span class="p">);</span>
<span class="c1">--</span>
<span class="c1">-- Data for Name: clients; Type: TABLE DATA; Schema: public; Owner: postgres</span>
<span class="c1">--</span>
<span class="k">COPY</span> <span class="k">public</span><span class="p">.</span><span class="n">clients</span> <span class="p">(</span><span class="n">id</span><span class="p">,</span> <span class="n">name</span><span class="p">)</span> <span class="k">FROM</span> <span class="k">stdin</span><span class="p">;</span>
<span class="mi">1</span> <span class="n">Client</span> <span class="mi">1</span>
<span class="mi">2</span> <span class="n">Client</span> <span class="mi">2</span>
<span class="err">\</span><span class="p">.</span>
<span class="c1">--</span>
<span class="c1">-- Name: clients_id_seq; Type: SEQUENCE SET; Schema: public; Owner: postgres</span>
<span class="c1">--</span>
<span class="k">SELECT</span> <span class="n">pg_catalog</span><span class="p">.</span><span class="n">setval</span><span class="p">(</span><span class="s1">'public.clients_id_seq'</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="k">true</span><span class="p">);</span>
<span class="c1">--</span>
<span class="c1">-- Name: clients clients_pkey; Type: CONSTRAINT; Schema: public; Owner: postgres</span>
<span class="c1">--</span>
<span class="k">ALTER</span> <span class="k">TABLE</span> <span class="k">ONLY</span> <span class="k">public</span><span class="p">.</span><span class="n">clients</span>
<span class="k">ADD</span> <span class="k">CONSTRAINT</span> <span class="n">clients_pkey</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="p">(</span><span class="n">id</span><span class="p">);</span>
<span class="c1">--</span>
<span class="c1">-- PostgreSQL database dump complete</span>
<span class="c1">--</span></code></pre></figure>
<p>It is a simple database with a <code class="highlighter-rouge">Clients</code> table and 2 records.</p>
<p>If we want to start a Postgresql Docker container with this dump loaded to share with our team, we can add this SQL file into the <em>/docker-entrypoint-initdb.d/</em> folder inside the container, like <a href="https://hub.docker.com/_/postgres">explained into the Postgresql Image docs from DockerHub</a>.</p>
<blockquote>
<p>Initialization scripts
If you would like to do additional initialization in an image derived from this one, add one or more *.sql, *.sql.gz, or *.sh scripts under /docker-entrypoint-initdb.d (creating the directory if necessary). After the entrypoint calls initdb to create the default postgres user and database, it will run any *.sql files, run any executable *.sh scripts, and source any non-executable *.sh scripts found in that directory to do further initialization before starting the service.</p>
</blockquote>
<p>The following Dockerfile uses <em>postgres:11-alpine</em> as base image and copies <em>test_dump.sql</em> file to the entrypoint folder.</p>
<figure class="highlight"><pre><code class="language-docker" data-lang="docker"><span class="k">FROM</span><span class="s"> postgres:11-alpine</span>
<span class="k">COPY</span><span class="s"> test_dump.sql /docker-entrypoint-initdb.d/</span></code></pre></figure>
<p>If we build this image</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>docker image build <span class="nb">.</span> <span class="nt">-t</span> preloaded_db:latest</code></pre></figure>
<p>and start a container with the generated image</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>docker container run <span class="nt">-d</span> <span class="nt">--rm</span> <span class="nt">-p</span> 5432:5432 <span class="nt">-e</span> <span class="nv">POSTGRES_PASSWORD</span><span class="o">=</span>postgres <span class="nt">-e</span> <span class="nv">POSTGRES_USER</span><span class="o">=</span>postgres <span class="nt">--name</span> test_preloaded_db preloaded_db:latest</code></pre></figure>
<p>we can see in our database that the database was created. (password is <code class="highlighter-rouge">postgres</code>)</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>psql <span class="nt">-h</span> localhost <span class="nt">-U</span> postgres
<span class="nv">postgres</span><span class="o">=</span><span class="c"># \c my_db</span>
psql <span class="o">(</span>11.3, server 11.5<span class="o">)</span>
You are now connected to database “my_db” as user “postgres”.
<span class="nv">my_db</span><span class="o">=</span><span class="c"># SELECT * FROM clients;</span>
<span class="nb">id</span> | name
— — + — — — — —
1 | Client 1
2 | Client 2
<span class="o">(</span>2 rows<span class="o">)</span></code></pre></figure>
<p>Awesome. Now we have a docker image that has our database loaded. But if we check the log of this container</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>docker container logs test_preloaded_db</code></pre></figure>
<p>we can see CREATE DATABASE and CREATE TABLE commands.</p>
<figure class="highlight"><pre><code class="language-sql" data-lang="sql"><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="k">local</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">docker</span><span class="o">-</span><span class="n">entrypoint</span><span class="p">.</span><span class="n">sh</span><span class="p">:</span> <span class="n">running</span> <span class="o">/</span><span class="n">docker</span><span class="o">-</span><span class="n">entrypoint</span><span class="o">-</span><span class="n">initdb</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">test_dump</span><span class="p">.</span><span class="k">sql</span>
<span class="k">SET</span>
<span class="k">SET</span>
<span class="k">SET</span>
<span class="k">SET</span>
<span class="k">SET</span>
<span class="n">set_config</span>
<span class="c1">------------</span>
<span class="p">(</span><span class="mi">1</span> <span class="k">row</span><span class="p">)</span>
<span class="k">SET</span>
<span class="k">SET</span>
<span class="k">SET</span>
<span class="k">SET</span>
<span class="k">CREATE</span> <span class="k">DATABASE</span>
<span class="k">ALTER</span> <span class="k">DATABASE</span>
<span class="p">...</span></code></pre></figure>
<p>This tell us that the dump is being processed every time we create the container. If we destroy this container and create a new one, the dump will be processed again. This works fine but if we have a big database with a big dump file, the startup process of the container will be slow because it can take some time to process the whole dump. We can fix it by keeping the database preloaded in the image.</p>
<p>Before we moving on, let’s destroy the container we created</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>docker container <span class="nb">rm</span> <span class="nt">-f</span> test_preloaded_db</code></pre></figure>
<div class="breaker"></div>
<h2 id="preloading-the-database-in-the-image">Preloading the database in the image</h2>
<p>To preload the database in the image, we need to tell our Dockerfile to execute the same <code class="highlighter-rouge">entrypoint</code> of the original PostgreSQL image so it can execute the dump in the build step. Let’s use <a href="https://docs.docker.com/develop/develop-images/multistage-build">Multi-Stage build</a> to divide our build in two steps. The first one will execute the <code class="highlighter-rouge">entrypoint</code> with the dump file and the second one will copy the data folder to the resulting image.</p>
<figure class="highlight"><pre><code class="language-docker" data-lang="docker"><span class="c"># dump build stage</span>
<span class="k">FROM</span><span class="s"> postgres:11-alpine as dumper</span>
<span class="k">COPY</span><span class="s"> test_dump.sql /docker-entrypoint-initdb.d/</span>
<span class="k">RUN </span><span class="o">[</span><span class="s2">"sed"</span>, <span class="s2">"-i"</span>, <span class="s2">"s/exec </span><span class="se">\"</span><span class="nv">$@</span><span class="se">\"</span><span class="s2">/echo </span><span class="se">\"</span><span class="s2">skipping...</span><span class="se">\"</span><span class="s2">/"</span>, <span class="s2">"/usr/local/bin/docker-entrypoint.sh"</span><span class="o">]</span>
<span class="k">ENV</span><span class="s"> POSTGRES_USER=postgres</span>
<span class="k">ENV</span><span class="s"> POSTGRES_PASSWORD=postgres</span>
<span class="k">ENV</span><span class="s"> PGDATA=/data</span>
<span class="k">RUN </span><span class="o">[</span><span class="s2">"/usr/local/bin/docker-entrypoint.sh"</span>, <span class="s2">"postgres"</span><span class="o">]</span>
<span class="c"># final build stage</span>
<span class="k">FROM</span><span class="s"> postgres:11-alpine</span>
<span class="k">COPY</span><span class="s"> --from=dumper /data $PGDATA</span></code></pre></figure>
<p>In the first step, we have the following instructions:</p>
<ul>
<li><strong>FROM postgres:11-alpine as dumper</strong> We define the base image our step will use. <code class="highlighter-rouge">postgres</code> with the <code class="highlighter-rouge">11-alpine</code> tag in this case.</li>
<li><strong>COPY test_dump.sql /docker-entrypoint-initdb.d/</strong> Copy the <code class="highlighter-rouge">test_dump.sql</code> file to the <code class="highlighter-rouge">/docker-entrypoint-initdb.d/</code> folder.</li>
<li><strong>RUN [“sed”, “-i”, “s/exec "$@"/echo "skipping…"/”, “/usr/local/bin/docker-entrypoint.sh”]</strong> We need to execute this <code class="highlighter-rouge">sed</code> command in order to remove the <code class="highlighter-rouge">exec "$@"</code> content that exists in the <code class="highlighter-rouge">docker-entrypoint.sh</code> file so it will not start the PostgreSQL daemon (we don’t need it on this step).</li>
<li><strong>ENV POSTGRES_USER=postgres; ENV POSTGRES_PASSWORD=postgres; ENV PGDATA=/data</strong> Sets environment variables to define <code class="highlighter-rouge">user</code> and <code class="highlighter-rouge">password</code> and tell PostgreSQL to use <code class="highlighter-rouge">/data</code> as data folder, so we can copy it in the next step</li>
<li><strong>RUN [“/usr/local/bin/docker-entrypoint.sh”, “postgres”]</strong> Execute the entrypoint itself. It will execute the dump and load the data into <code class="highlighter-rouge">/data</code> folder. Since we executed the <code class="highlighter-rouge">sed</code> command to remove the <code class="highlighter-rouge">$@</code> content it will not run the PostgreSQL daemon</li>
</ul>
<p>The second step contains only this instruction:</p>
<ul>
<li><strong>COPY — from=dumper /data $PGDATA</strong> This will copy all files from <code class="highlighter-rouge">/data</code> folder from the <code class="highlighter-rouge">dumper</code> step into the $PGDATA from this current step, making our data preloaded when we start the container (without needing to run the dump every time we create a new container).</li>
</ul>
<p>If we build this Dockerfile</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>docker image build <span class="nb">.</span> <span class="nt">-t</span> preloaded_db:latest</code></pre></figure>
<p>We can see in the output the dump being processed and after everything is finished, the image is built.</p>
<p>and we can start the container with this new image</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>docker container run <span class="nt">-d</span> <span class="nt">--rm</span> <span class="nt">-p</span> 5432:5432 <span class="nt">-e</span> <span class="nv">POSTGRES_PASSWORD</span><span class="o">=</span>postgres <span class="nt">-e</span> <span class="nv">POSTGRES_USER</span><span class="o">=</span>postgres <span class="nt">--name</span> test_preloaded_db preloaded_db:latest</code></pre></figure>
<p>and our database is loaded</p>
<figure class="highlight"><pre><code class="language-sql" data-lang="sql"><span class="err">$</span> <span class="n">psql</span> <span class="o">-</span><span class="n">h</span> <span class="n">localhost</span> <span class="o">-</span><span class="n">U</span> <span class="n">postgres</span>
<span class="n">psql</span> <span class="p">(</span><span class="mi">11</span><span class="p">.</span><span class="mi">3</span><span class="p">,</span> <span class="n">server</span> <span class="mi">11</span><span class="p">.</span><span class="mi">5</span><span class="p">)</span>
<span class="k">Type</span> <span class="err">“</span><span class="n">help</span><span class="err">”</span> <span class="k">for</span> <span class="n">help</span><span class="p">.</span>
<span class="n">postgres</span><span class="o">=#</span> <span class="err">\</span><span class="k">c</span> <span class="n">my_db</span>
<span class="n">psql</span> <span class="p">(</span><span class="mi">11</span><span class="p">.</span><span class="mi">3</span><span class="p">,</span> <span class="n">server</span> <span class="mi">11</span><span class="p">.</span><span class="mi">5</span><span class="p">)</span>
<span class="n">You</span> <span class="k">are</span> <span class="n">now</span> <span class="n">connected</span> <span class="k">to</span> <span class="k">database</span> <span class="err">“</span><span class="n">my_db</span><span class="err">”</span> <span class="k">as</span> <span class="k">user</span> <span class="err">“</span><span class="n">postgres</span><span class="err">”</span><span class="p">.</span>
<span class="n">my_db</span><span class="o">=#</span> <span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">clients</span><span class="p">;</span>
<span class="n">id</span> <span class="o">|</span> <span class="n">name</span>
<span class="err">—</span> <span class="err">—</span> <span class="o">+</span> <span class="err">—</span> <span class="err">—</span> <span class="err">—</span> <span class="err">—</span> <span class="err">—</span>
<span class="mi">1</span> <span class="o">|</span> <span class="n">Client</span> <span class="mi">1</span>
<span class="mi">2</span> <span class="o">|</span> <span class="n">Client</span> <span class="mi">2</span>
<span class="p">(</span><span class="mi">2</span> <span class="k">rows</span><span class="p">)</span></code></pre></figure>
<p>But if we check the logs now, the dump is not being processed every time we create the container</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>docker container logs test_preloaded_db
2019–09–16 01:42:22.458 UTC <span class="o">[</span>1] LOG: listening on IPv4 address “0.0.0.0”, port 5432
2019–09–16 01:42:22.458 UTC <span class="o">[</span>1] LOG: listening on IPv6 address “::”, port 5432
2019–09–16 01:42:22.460 UTC <span class="o">[</span>1] LOG: listening on Unix socket “/var/run/postgresql/.s.PGSQL.5432”
2019–09–16 01:42:22.470 UTC <span class="o">[</span>18] LOG: database system was shut down at 2019–09–16 01:41:02 UTC
2019–09–16 01:42:22.473 UTC <span class="o">[</span>1] LOG: database system is ready to accept connections</code></pre></figure>
<p>We can see that only the PostgreSQL startup is being done. No dump is being executed because it was executed in the <code class="highlighter-rouge">build</code> image step.</p>
<div class="breaker"></div>
<h2 id="creating-a-makefile-to-make-the-process-easier">Creating a Makefile to make the process easier</h2>
<p>I like to create a Makefile to make easier the process of making a database dump and creating an image. This Makefile will contain commands to create the dump the database, create an image and tag it by date allowing me to have daily dumps on my registry to download.</p>
<figure class="highlight"><pre><code class="language-makefile" data-lang="makefile"><span class="nl">default</span><span class="o">:</span> <span class="nf">all</span>
<span class="nl">.PHONY</span><span class="o">:</span> <span class="nf">default all fetch_dump</span>
<span class="nv">date</span> <span class="o">:=</span> <span class="sb">`</span><span class="nb">date</span> <span class="s1">'+%Y-%m-%d'</span><span class="sb">`</span>
<span class="nv">TARGET_IMAGE</span> <span class="o">?=</span> my_app
<span class="nl">all</span><span class="o">:</span> <span class="nf">check_vars fetch_dump generate_image push_to_registry clean finished</span>
<span class="nl">check_vars</span><span class="o">:</span>
<span class="p">@</span><span class="nb">test</span> <span class="nt">-n</span> <span class="s2">"</span><span class="nv">$(DB_ENDPOINT)</span><span class="s2">"</span> <span class="o">||</span> <span class="o">(</span><span class="nb">echo</span> <span class="s2">"You need to set DB_ENDPOINT environment variable"</span> <span class="o">></span>&2 <span class="o">&&</span> <span class="nb">exit </span>1<span class="o">)</span>
<span class="p">@</span><span class="nb">test</span> <span class="nt">-n</span> <span class="s2">"</span><span class="nv">$(DB_NAME)</span><span class="s2">"</span> <span class="o">||</span> <span class="o">(</span><span class="nb">echo</span> <span class="s2">"You need to set DB_NAME environment variable"</span> <span class="o">></span>&2 <span class="o">&&</span> <span class="nb">exit </span>1<span class="o">)</span>
<span class="p">@</span><span class="nb">test</span> <span class="nt">-n</span> <span class="s2">"</span><span class="nv">$(DESTINATION_REPOSITORY)</span><span class="s2">"</span> <span class="o">||</span> <span class="o">(</span><span class="nb">echo</span> <span class="s2">"You need to set DESTINATION_REPOSITORY environment variable"</span> <span class="o">></span>&2 <span class="o">&&</span> <span class="nb">exit </span>1<span class="o">)</span>
<span class="nl">fetch_dump</span><span class="o">:</span> <span class="nf">DB_USER ?= postgres</span>
<span class="nl">fetch_dump</span><span class="o">:</span>
<span class="p">@</span><span class="nb">echo</span> <span class="s2">""</span>
<span class="p">@</span><span class="nb">echo</span> <span class="s2">"====== Fetching remote dump ======"</span>
<span class="p">@</span><span class="nv">PGPASSWORD</span><span class="o">=</span><span class="s2">"</span><span class="nv">$(DB_PASSWORD)</span><span class="s2">"</span> pg_dump <span class="nt">-h</span> <span class="nv">$(DB_ENDPOINT)</span> <span class="nt">-d</span> <span class="nv">$(DB_NAME)</span> <span class="nt">-U</span> <span class="nv">$(DB_USER)</span> <span class="o">></span> dump.sql
<span class="nl">generate_image</span><span class="o">:</span>
<span class="nl">generate_image</span><span class="o">:</span>
<span class="p">@</span>docker build <span class="nb">.</span> <span class="nt">-t</span> <span class="nv">$(TARGET_IMAGE)</span>:latest <span class="nt">-t</span> <span class="nv">$(DESTINATION_REPOSITORY)</span>/<span class="nv">$(TARGET_IMAGE)</span>:latest <span class="nt">-t</span> <span class="nv">$(DESTINATION_REPOSITORY)</span>/<span class="nv">$(TARGET_IMAGE)</span>:<span class="nv">$(date)</span>
<span class="nl">push_to_registry</span><span class="o">:</span>
<span class="p">@</span><span class="nb">echo</span> <span class="s2">""</span>
<span class="p">@</span><span class="nb">echo</span> <span class="s2">"====== Pushing image to repository ======"</span>
<span class="p">@</span>docker push <span class="nv">$(DESTINATION_REPOSITORY)</span>/<span class="nv">$(TARGET_IMAGE)</span>
<span class="nl">clean</span><span class="o">:</span>
<span class="p">@</span><span class="nb">echo</span> <span class="s2">""</span>
<span class="p">@</span><span class="nb">echo</span> <span class="s2">"====== Cleaning used files ======"</span>
<span class="p">@</span><span class="nb">rm</span> <span class="nt">-f</span> dump.sql
<span class="nl">finished</span><span class="o">:</span>
<span class="p">@</span><span class="nb">echo</span> <span class="s2">""</span>
<span class="p">@</span><span class="nb">echo</span> <span class="s2">"Finished with success. Pushed image to </span><span class="nv">$(DESTINATION_REPOSITORY)</span><span class="s2">/</span><span class="nv">$(TARGET_IMAGE)</span><span class="s2">"</span></code></pre></figure>
<p>And I can execute the following command to generate my image with a new dump</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>make <span class="nv">DB_ENDPOINT</span><span class="o">=</span>127.0.0.1 <span class="nv">DB_USER</span><span class="o">=</span>postgres <span class="nv">DB_PASSWORD</span><span class="o">=</span>postgres <span class="nv">DB_NAME</span><span class="o">=</span>my_db <span class="nv">TARGET_IMAGE</span><span class="o">=</span>myapp-data <span class="nv">DESTINATION_REPOSITORY</span><span class="o">=</span>gcr.io/my_project</code></pre></figure>
<p>This command usually is integrated in a Cron job in some server to be executed daily. With this I can have on my image registry dumps from each day.</p>
<p>Another interesting thing to do is to add some SQL script to obfuscate users data. <a href="https://blog.taadeem.net/english/2018/10/29/Introducing-PostgreSQL-Anonymizer">This article can be helpful if you want to achive this</a></p>
<p><img src="/assets/images/thats_all.png" alt="image tooltip here" /></p>
<p>Thanks ☕️</p>dudribeiroImagine that we have the following Postgresql database dump: -- -- PostgreSQL database dump --Reduce your Docker images (an example with Ruby)2019-02-26T15:00:00+00:002019-02-26T15:00:00+00:00https://cadu.dev/reduce-your-docker-images-an-example-with-ruby<p>A big problem that we face when deploying Docker into production is the image size. Large images take longer to download, consume much of your cloud network traffic quota, cost more money to be stored on the repository and don’t bring any good value.</p>
<p>In most situations, when we create a Docker image, we add steps and dependencies that sometimes we don’t need in the final image that will run in production.</p>
<p>I will use the following application as an example:
<a href="https://github.com/opensanca/opensanca_jobs">https://github.com/opensanca/opensanca_jobs</a></p>
<p>This is the Dockerfile that generates our image</p>
<figure class="highlight"><pre><code class="language-docker" data-lang="docker"><span class="k">FROM</span><span class="s"> ruby:2.5.0-alpine</span>
<span class="k">LABEL</span><span class="s"> maintainer="contato@opensanca.com.br"</span>
<span class="k">ARG</span><span class="s"> rails_env="development"</span>
<span class="k">ARG</span><span class="s"> build_without=""</span>
<span class="k">ENV</span><span class="s"> SECRET_KEY_BASE=dumb</span>
<span class="k">RUN </span>apk update <span class="se">\
</span><span class="o">&&</span> apk add <span class="se">\
</span>openssl <span class="se">\
</span><span class="nb">tar</span> <span class="se">\
</span>build-base <span class="se">\
</span>tzdata <span class="se">\
</span>postgresql-dev <span class="se">\
</span>postgresql-client <span class="se">\
</span>nodejs <span class="se">\
</span><span class="o">&&</span> wget https://yarnpkg.com/latest.tar.gz <span class="se">\
</span><span class="o">&&</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /opt/yarn <span class="se">\
</span><span class="o">&&</span> <span class="nb">tar</span> <span class="nt">-xf</span> latest.tar.gz <span class="nt">-C</span> /opt/yarn <span class="nt">--strip</span> 1 <span class="se">\
</span><span class="o">&&</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /var/app
<span class="k">ENV</span><span class="s"> PATH="$PATH:/opt/yarn/bin" BUNDLE_PATH="/gems" BUNDLE_JOBS=2 RAILS_ENV=${rails_env} BUNDLE_WITHOUT=${bundle_without}</span>
<span class="k">COPY</span><span class="s"> . /var/app</span>
<span class="k">WORKDIR</span><span class="s"> /var/app</span>
<span class="k">RUN </span>bundle <span class="nb">install</span> <span class="o">&&</span> yarn <span class="o">&&</span> bundle <span class="nb">exec </span>rake assets:precompile
<span class="k">CMD</span><span class="s"> rails s -b 0.0.0.0</span></code></pre></figure>
<p>And the command used to build it:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">docker build <span class="nt">-t</span> openjobs:latest <span class="nt">--build-arg</span> <span class="nv">build_without</span><span class="o">=</span><span class="s2">"development test"</span> <span class="nt">--build-arg</span> <span class="nv">rails_env</span><span class="o">=</span><span class="s2">"production"</span> .</code></pre></figure>
<p><img src="https://miro.medium.com/proxy/1*RujRaeSrBXgUJHVNWjQMIg.png" alt="first_image" /></p>
<p>This build generated an image with almost 1GB!!! 😱.</p>
<p>This image has some unnecessary stuff, like node but yarn (we only need them to precompile the assets but not to execute the application itself).</p>
<div class="breaker"></div>
<h2 id="multi-stage-build">Multi-Stage build</h2>
<p>Docker introduced the concept of <a href="https://docs.docker.com/develop/develop-images/multistage-build/">Multi-Stage build</a> in version 17.05. This build technic allows us to split our Dockerfile into several statements <code class="highlighter-rouge">FROM</code>. Each statement can use a different base image and you can copy artifacts from one stage to another, without bringing stuff that you don’t want in the final image. Our final image will only contain the build wrote in the last stage.</p>
<p>Now we have a Dockerfile divided into two stages. Pre-build and Final-Build.</p>
<figure class="highlight"><pre><code class="language-docker" data-lang="docker"><span class="c"># pre-build stage</span>
<span class="k">FROM</span><span class="s"> ruby:2.5.0-alpine AS pre-builder</span>
<span class="k">ARG</span><span class="s"> rails_env="development"</span>
<span class="k">ARG</span><span class="s"> build_without=""</span>
<span class="k">ENV</span><span class="s"> SECRET_KEY_BASE=dumb</span>
<span class="k">RUN </span>apk add <span class="nt">--update</span> <span class="nt">--no-cache</span> <span class="se">\
</span>openssl <span class="se">\
</span><span class="nb">tar</span> <span class="se">\
</span>build-base <span class="se">\
</span>tzdata <span class="se">\
</span>postgresql-dev <span class="se">\
</span>postgresql-client <span class="se">\
</span>nodejs <span class="se">\
</span><span class="o">&&</span> wget https://yarnpkg.com/latest.tar.gz <span class="se">\
</span><span class="o">&&</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /opt/yarn <span class="se">\
</span><span class="o">&&</span> <span class="nb">tar</span> <span class="nt">-xf</span> latest.tar.gz <span class="nt">-C</span> /opt/yarn <span class="nt">--strip</span> 1 <span class="se">\
</span><span class="o">&&</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /var/app
<span class="k">ENV</span><span class="s"> PATH="$PATH:/opt/yarn/bin" BUNDLE_PATH="/gems" BUNDLE_JOBS=2 RAILS_ENV=${rails_env} BUNDLE_WITHOUT=${bundle_without}</span>
<span class="k">COPY</span><span class="s"> . /var/app</span>
<span class="k">WORKDIR</span><span class="s"> /var/app</span>
<span class="k">RUN </span>bundle <span class="nb">install</span> <span class="o">&&</span> yarn <span class="o">&&</span> bundle <span class="nb">exec </span>rake assets:precompile
<span class="c"># final build stage</span>
<span class="k">FROM</span><span class="s"> ruby:2.5.0-alpine</span>
<span class="k">LABEL</span><span class="s"> maintainer="contato@opensanca.com.br"</span>
<span class="k">RUN </span>apk add <span class="nt">--update</span> <span class="nt">--no-cache</span> <span class="se">\
</span>openssl <span class="se">\
</span>tzdata <span class="se">\
</span>postgresql-dev <span class="se">\
</span>postgresql-client
<span class="k">COPY</span><span class="s"> --from=pre-builder /gems/ /gems/</span>
<span class="k">COPY</span><span class="s"> --from=pre-builder /var/app /var/app</span>
<span class="k">ENV</span><span class="s"> RAILS_LOG_TO_STDOUT true</span>
<span class="k">WORKDIR</span><span class="s"> /var/app</span>
<span class="k">EXPOSE</span><span class="s"> 3000</span>
<span class="k">CMD</span><span class="s"> rails s -b 0.0.0.0</span></code></pre></figure>
<p>In the pre-build stage we install node and yarn, all dependencies and precompile the assets. In the final stage, we use an alpine image (which is very small) with ruby, we install only the necessary dependencies to run the application and we then copy the libraries and assets generated in the build-stage with the following command:</p>
<figure class="highlight"><pre><code class="language-docker" data-lang="docker"><span class="k">COPY</span><span class="s"> --from=pre-builder /gems/ /gems/</span>
<span class="k">COPY</span><span class="s"> --from=pre-builder /var/app /var/app</span></code></pre></figure>
<p>Doing the build with this Dockerfile, we have now a 562MB image.</p>
<p><img src="https://miro.medium.com/proxy/1*G7h0VTW1JD9tKZ7DHnqM9w.png" alt="image_2" /></p>
<p>We have already reduced almost half the image size, but can we reduce it further?? 🤔</p>
<p>Yes. We can do some actions to reduce more this image.</p>
<div class="breaker"></div>
<h2 id="removing-unnecessary-files">Removing unnecessary files</h2>
<p>We can delete files that are not necessary from the image, like cache and temporary files used by the installed libraries. We can add a .dockerignore file, telling the build what not to send to the image.</p>
<figure class="highlight"><pre><code class="language-docker" data-lang="docker"><span class="c"># build stage</span>
<span class="k">FROM</span><span class="s"> ruby:2.5.0-alpine AS pre-builder</span>
<span class="k">ARG</span><span class="s"> rails_env="development"</span>
<span class="k">ARG</span><span class="s"> build_without=""</span>
<span class="k">ENV</span><span class="s"> SECRET_KEY_BASE=dumb</span>
<span class="k">RUN </span>apk add <span class="nt">--update</span> <span class="nt">--no-cache</span> <span class="se">\
</span>openssl <span class="se">\
</span><span class="nb">tar</span> <span class="se">\
</span>build-base <span class="se">\
</span>tzdata <span class="se">\
</span>postgresql-dev <span class="se">\
</span>postgresql-client <span class="se">\
</span>nodejs <span class="se">\
</span><span class="o">&&</span> wget https://yarnpkg.com/latest.tar.gz <span class="se">\
</span><span class="o">&&</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /opt/yarn <span class="se">\
</span><span class="o">&&</span> <span class="nb">tar</span> <span class="nt">-xf</span> latest.tar.gz <span class="nt">-C</span> /opt/yarn <span class="nt">--strip</span> 1 <span class="se">\
</span><span class="o">&&</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /var/app
<span class="k">ENV</span><span class="s"> PATH="$PATH:/opt/yarn/bin" BUNDLE_PATH="/gems" BUNDLE_JOBS=4 RAILS_ENV=${rails_env} BUNDLE_WITHOUT=${bundle_without}</span>
<span class="k">COPY</span><span class="s"> . /var/app</span>
<span class="k">WORKDIR</span><span class="s"> /var/app</span>
<span class="k">RUN </span>bundle <span class="nb">install</span> <span class="o">&&</span> yarn <span class="o">&&</span> bundle <span class="nb">exec </span>rake assets:precompile <span class="se">\
</span><span class="o">&&</span> <span class="nb">rm</span> <span class="nt">-rf</span> /gems/cache/<span class="k">*</span>.gem <span class="se">\
</span><span class="o">&&</span> find /gems/gems/ <span class="nt">-name</span> <span class="s2">"*.c"</span> <span class="nt">-delete</span> <span class="se">\
</span><span class="o">&&</span> find /gems/gems/ <span class="nt">-name</span> <span class="s2">"*.o"</span> <span class="nt">-delete</span>
<span class="c"># final stage</span>
<span class="k">FROM</span><span class="s"> ruby:2.5.0-alpine</span>
<span class="k">LABEL</span><span class="s"> maintainer="contato@opensanca.com.br"</span>
<span class="k">RUN </span>apk add <span class="nt">--update</span> <span class="nt">--no-cache</span> <span class="se">\
</span>openssl <span class="se">\
</span>tzdata <span class="se">\
</span>postgresql-dev <span class="se">\
</span>postgresql-client
<span class="k">COPY</span><span class="s"> --from=pre-builder /gems/ /gems/</span>
<span class="k">COPY</span><span class="s"> --from=pre-builder /var/app /var/app</span>
<span class="k">ENV</span><span class="s"> RAILS_LOG_TO_STDOUT true</span>
<span class="k">WORKDIR</span><span class="s"> /var/app</span>
<span class="k">EXPOSE</span><span class="s"> 3000</span>
<span class="k">CMD</span><span class="s"> rails s -b 0.0.0.0</span></code></pre></figure>
<p>In this new Dockerfile, we added this part that removes caches and temporary C files used to build the libraries:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="o">&&</span> <span class="nb">rm</span> <span class="nt">-rf</span> /gems/cache/<span class="k">*</span>.gem <span class="se">\</span>
<span class="o">&&</span> find /gems/gems/ <span class="nt">-name</span> <span class="s2">"*.c"</span> <span class="nt">-delete</span> <span class="se">\</span>
<span class="o">&&</span> find /gems/gems/ <span class="nt">-name</span> <span class="s2">"*.o"</span> <span class="nt">-delete</span></code></pre></figure>
<p>We also included our .dockerignore to tell the build process the files that we don’t want in the image:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">.env<span class="k">*</span>
.git
.gitignore
.codeclimate.yml
.dockerignore
.gitlab-ci.yml
.hound.yml
.travis.yml
LICENSE.md
README.md
docker-compose.<span class="k">*</span>
Dockerfile
log/<span class="k">*</span>
node_modules/<span class="k">*</span>
public/assets/<span class="k">*</span>
storage/<span class="k">*</span>
public/packs/<span class="k">*</span>
public/packs-test/<span class="k">*</span>
tmp/<span class="k">*</span></code></pre></figure>
<p>With these two steps, now our image has 272MB.</p>
<p><img src="https://miro.medium.com/proxy/1*eZJTGWQQHJTdqKyvfyvFjw.png" alt="image_3" /></p>
<p>We can reduce it even more. For production, we don’t need test folders, npm raw folder (they are already included on the asset pipeline), no precompiled assets and caches.</p>
<p>To remove this files, we can include a strategy of passing an argument to build (we will call it: <code class="highlighter-rouge">to_remove</code>)</p>
<figure class="highlight"><pre><code class="language-docker" data-lang="docker">...
<span class="k">ARG</span><span class="s"> to_remove</span>
...
<span class="k">RUN </span>bundle <span class="nb">install</span> <span class="o">&&</span> yarn <span class="o">&&</span> bundle <span class="nb">exec </span>rake assets:precompile <span class="se">\
</span><span class="o">&&</span> <span class="nb">rm</span> <span class="nt">-rf</span> /usr/local/bundle/cache/<span class="k">*</span>.gem <span class="se">\
</span> <span class="o">&&</span> find /usr/local/bundle/gems/ <span class="nt">-name</span> <span class="s2">"*.c"</span> <span class="nt">-delete</span> <span class="se">\
</span> <span class="o">&&</span> find /usr/local/bundle/gems/ <span class="nt">-name</span> <span class="s2">"*.o"</span> <span class="nt">-delete</span> <span class="se">\
</span> <span class="o">&&</span> <span class="nb">rm</span> <span class="nt">-rf</span> <span class="nv">$to_remove</span> <span class="c"># Here we remove all files that we passed as an argument to the build.</span>
...</code></pre></figure>
<p>In this argument, we will pass all the files that we don’t want in production:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">docker build <span class="nt">-t</span> openjobs:reduced <span class="nt">--build-arg</span> <span class="nv">build_without</span><span class="o">=</span><span class="s2">"development test"</span> <span class="nt">--build-arg</span> <span class="nv">rails_env</span><span class="o">=</span><span class="s2">"production"</span> <span class="nb">.</span> <span class="nt">--build-arg</span> <span class="nv">to_remove</span><span class="o">=</span><span class="s2">"spec node_modules app/assets vendor/assets lib/assets tmp/cache"</span></code></pre></figure>
<p>Notice the <code class="highlighter-rouge">— build-arg to_remove=”spec node_modules app/assets vendor/assets lib/assets tmp/cache”</code>. These are the folders that we want to remove from our build process. We don’t need them to run in production.</p>
<p>Removing these files, now we have an image with 164MB, almost 6 times smaller than the original one.</p>
<p><img src="https://miro.medium.com/proxy/1*dOtqxq0ssllOzV6v_iVjmw.png" alt="image_4" /></p>
<p><img src="https://miro.medium.com/proxy/1*Lt65Wab0jeBX6OSkgUFcAQ.gif" alt="reduced" /></p>
<p>If you still don’t believe me and want to see it, this is the PR that generates this reduction: <a href="https://github.com/opensanca/opensanca_jobs/pull/164">https://github.com/opensanca/opensanca_jobs/pull/164</a></p>
<p><img src="https://miro.medium.com/proxy/1*eqsPaN0ft0DkhHczXD5vJA.png" alt="thats_all" /></p>
<p>Cheers 🍻</p>
<p><small>Thanks to Felipe Pelizaro Gentil</small></p>dudribeiroA big problem that we face when deploying Docker into production is the image size. Large images take longer to download, consume much of your cloud network traffic quota, cost more money to be stored on the repository and don’t bring any good value.Easy deploy your Docker applications to AWS using ECS and Fargate2018-01-31T15:00:00+00:002018-01-31T15:00:00+00:00https://cadu.dev/easy-deploy-your-docker-applications-to-aws-using-ecs-and-fargate<p>In this post, I will try to demonstrate how you can deploy your Docker application into AWS using ECS and Fargate.</p>
<p>As an example, I will deploy <a href="http://openjobs.me/">this app</a> to ECS. The source can be found <a href="https://github.com/opensanca/opensanca_jobs/">here</a>.</p>
<p>I will use <a href="https://www.terraform.io/">Terraform</a> to spin the infrastructure so I can easily track everything that I create as a code. If you want to learn the basics of Terraform, please read my <a href="https://thecode.pub/creating-your-cloud-servers-with-terraform-bfa01a499bad">post about it</a>.</p>
<div class="breaker"></div>
<h2 id="ecs">ECS</h2>
<p>What is ECS?</p>
<p>The Elastic Container Service (ECS) is an AWS Service that handles the Docker containers orchestration in your EC2 cluster. It is an alternative for Kubernetes, Docker Swarm, and others.</p>
<h3 id="ecs-terminology">ECS Terminology</h3>
<p>To start understanding what ECS is, we need to understand its terms and definitions that differs from the Docker world.</p>
<ul>
<li><code class="highlighter-rouge">Cluster</code>: It is a group of EC2 instances hosting containers.</li>
<li><code class="highlighter-rouge">Task definition</code>: It is the specification of how ECS should run your app. Here you define which image to use, port mapping, memory, environments variables, etc.</li>
<li><code class="highlighter-rouge">Service</code>: Services launches and maintains tasks running inside the cluster. A Service will auto-recover any stopped tasks keeping the number of tasks running as you specified.</li>
</ul>
<div class="breaker"></div>
<h2 id="fargate">Fargate</h2>
<p>Fargate is a technology that allows running containers in ECS without needing to manage the EC2 servers for cluster. You only deploy your Docker applications and set the scaling rules for it. Fargate is an execution method from ECS.</p>
<p><code class="highlighter-rouge">Show me the code</code></p>
<p>The full example is on <a href="https://github.com/duduribeiro/terraform_ecs_fargate_example">Github</a>.</p>
<div class="breaker"></div>
<h2 id="the-project-structure">The project structure</h2>
<p>Our Terraform project is composed of the following structure:</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>├── modules
│ └── code_pipeline
│ └── ecs
│ └── networking
│ └── rds
├── pipeline.tf
├── production.tf
├── production_key.pub
├── terraform.tfvars
└── variables.tf
</code></pre></div></div>
<ul>
<li><code class="highlighter-rouge">Modules</code> is where we will store the code that handles the creation of a group of resources. It can be reused by all environments (Production, Staging, QA, etc.) without needing to duplicate a lot of code.</li>
<li><code class="highlighter-rouge">production.tf</code> is the file that defines the environment itself. It calls the modules passing variables to it.</li>
<li><code class="highlighter-rouge">pipeline.tf</code> Since the pipeline can be a global resource without needing to isolate per environment. This file will handle the creation of this pipeline using the <code class="highlighter-rouge">code_pipeline</code> module.</li>
</ul>
<div class="breaker"></div>
<h2 id="first-part-the-networking">First part, the networking</h2>
<p>The branch with this part can be found <a href="https://github.com/duduribeiro/terraform_ecs_fargate_example/tree/01_networking">here</a>.</p>
<p>The first thing that we need to create is the VPC with 2 subnets (1 public and 1 private) in each Availability Zone. Each Availability Zone is a geographically isolated region. Keeping our resources in more than one zone is the first thing to achieve high availability. If one physical zone fails for some reason, your application can answer from the others.</p>
<p><img src="https://miro.medium.com/max/1400/1*Cvu1YNJdfezuVfU8kAPgNA.png" alt="our_networking" /></p>
<p>Keeping the cluster on the private subnet protects your infrastructure from external access. The private subnet is allowed only to be accessed from resources inside the public network (In our case, will be the Load Balancer only).</p>
<p>This is the code to create this structure (it is practically the same from my introduction post of Terraform):</p>
<figure class="highlight"><pre><code class="language-terraform" data-lang="terraform"><span class="cm">/*====
The VPC
======*/</span>
<span class="k">resource</span> <span class="s2">"aws_vpc"</span> <span class="s2">"vpc"</span> <span class="p">{</span>
<span class="nx">cidr_block</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">vpc_cidr</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">enable_dns_hostnames</span> <span class="p">=</span> <span class="kc">true</span>
<span class="nx">enable_dns_support</span> <span class="p">=</span> <span class="kc">true</span>
<span class="nx">tags</span> <span class="p">{</span>
<span class="nx">Name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-vpc"</span>
<span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="cm">/*====
Subnets
======*/</span>
<span class="cm">/* Internet gateway for the public subnet */</span>
<span class="k">resource</span> <span class="s2">"aws_internet_gateway"</span> <span class="s2">"ig"</span> <span class="p">{</span>
<span class="nx">vpc_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">tags</span> <span class="p">{</span>
<span class="nx">Name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-igw"</span>
<span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="cm">/* Elastic IP for NAT */</span>
<span class="k">resource</span> <span class="s2">"aws_eip"</span> <span class="s2">"nat_eip"</span> <span class="p">{</span>
<span class="nx">vpc</span> <span class="p">=</span> <span class="kc">true</span>
<span class="nx">depends_on</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"aws_internet_gateway.ig"</span><span class="p">]</span>
<span class="p">}</span>
<span class="cm">/* NAT */</span>
<span class="k">resource</span> <span class="s2">"aws_nat_gateway"</span> <span class="s2">"nat"</span> <span class="p">{</span>
<span class="nx">allocation_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_eip</span><span class="p">.</span><span class="nx">nat_eip</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">subnet_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">element</span><span class="p">(</span><span class="nx">aws_subnet</span><span class="p">.</span><span class="nx">public_subnet</span><span class="p">.</span><span class="o">*</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">depends_on</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"aws_internet_gateway.ig"</span><span class="p">]</span>
<span class="nx">tags</span> <span class="p">{</span>
<span class="nx">Name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-</span><span class="k">${</span><span class="nx">element</span><span class="p">(</span><span class="kd">var</span><span class="p">.</span><span class="nx">availability_zones</span><span class="p">,</span> <span class="nx">count</span><span class="p">.</span><span class="nx">index</span><span class="p">)</span><span class="k">}</span><span class="s2">-nat"</span>
<span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="cm">/* Public subnet */</span>
<span class="k">resource</span> <span class="s2">"aws_subnet"</span> <span class="s2">"public_subnet"</span> <span class="p">{</span>
<span class="nx">vpc_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">count</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">length</span><span class="p">(</span><span class="kd">var</span><span class="p">.</span><span class="nx">public_subnets_cidr</span><span class="p">)</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">cidr_block</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">element</span><span class="p">(</span><span class="kd">var</span><span class="p">.</span><span class="nx">public_subnets_cidr</span><span class="p">,</span> <span class="nx">count</span><span class="p">.</span><span class="nx">index</span><span class="p">)</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">availability_zone</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">element</span><span class="p">(</span><span class="kd">var</span><span class="p">.</span><span class="nx">availability_zones</span><span class="p">,</span> <span class="nx">count</span><span class="p">.</span><span class="nx">index</span><span class="p">)</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">map_public_ip_on_launch</span> <span class="p">=</span> <span class="kc">true</span>
<span class="nx">tags</span> <span class="p">{</span>
<span class="nx">Name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-</span><span class="k">${</span><span class="nx">element</span><span class="p">(</span><span class="kd">var</span><span class="p">.</span><span class="nx">availability_zones</span><span class="p">,</span> <span class="nx">count</span><span class="p">.</span><span class="nx">index</span><span class="p">)</span><span class="k">}</span><span class="s2">-public-subnet"</span>
<span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="cm">/* Private subnet */</span>
<span class="k">resource</span> <span class="s2">"aws_subnet"</span> <span class="s2">"private_subnet"</span> <span class="p">{</span>
<span class="nx">vpc_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">count</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">length</span><span class="p">(</span><span class="kd">var</span><span class="p">.</span><span class="nx">private_subnets_cidr</span><span class="p">)</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">cidr_block</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">element</span><span class="p">(</span><span class="kd">var</span><span class="p">.</span><span class="nx">private_subnets_cidr</span><span class="p">,</span> <span class="nx">count</span><span class="p">.</span><span class="nx">index</span><span class="p">)</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">availability_zone</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">element</span><span class="p">(</span><span class="kd">var</span><span class="p">.</span><span class="nx">availability_zones</span><span class="p">,</span> <span class="nx">count</span><span class="p">.</span><span class="nx">index</span><span class="p">)</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">map_public_ip_on_launch</span> <span class="p">=</span> <span class="kc">false</span>
<span class="nx">tags</span> <span class="p">{</span>
<span class="nx">Name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-</span><span class="k">${</span><span class="nx">element</span><span class="p">(</span><span class="kd">var</span><span class="p">.</span><span class="nx">availability_zones</span><span class="p">,</span> <span class="nx">count</span><span class="p">.</span><span class="nx">index</span><span class="p">)</span><span class="k">}</span><span class="s2">-private-subnet"</span>
<span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="cm">/* Routing table for private subnet */</span>
<span class="k">resource</span> <span class="s2">"aws_route_table"</span> <span class="s2">"private"</span> <span class="p">{</span>
<span class="nx">vpc_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">tags</span> <span class="p">{</span>
<span class="nx">Name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-private-route-table"</span>
<span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="cm">/* Routing table for public subnet */</span>
<span class="k">resource</span> <span class="s2">"aws_route_table"</span> <span class="s2">"public"</span> <span class="p">{</span>
<span class="nx">vpc_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">tags</span> <span class="p">{</span>
<span class="nx">Name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-public-route-table"</span>
<span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">resource</span> <span class="s2">"aws_route"</span> <span class="s2">"public_internet_gateway"</span> <span class="p">{</span>
<span class="nx">route_table_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_route_table</span><span class="p">.</span><span class="nx">public</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">destination_cidr_block</span> <span class="p">=</span> <span class="s2">"0.0.0.0/0"</span>
<span class="nx">gateway_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_internet_gateway</span><span class="p">.</span><span class="nx">ig</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="k">resource</span> <span class="s2">"aws_route"</span> <span class="s2">"private_nat_gateway"</span> <span class="p">{</span>
<span class="nx">route_table_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_route_table</span><span class="p">.</span><span class="nx">private</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">destination_cidr_block</span> <span class="p">=</span> <span class="s2">"0.0.0.0/0"</span>
<span class="nx">nat_gateway_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_nat_gateway</span><span class="p">.</span><span class="nx">nat</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="cm">/* Route table associations */</span>
<span class="k">resource</span> <span class="s2">"aws_route_table_association"</span> <span class="s2">"public"</span> <span class="p">{</span>
<span class="nx">count</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">length</span><span class="p">(</span><span class="kd">var</span><span class="p">.</span><span class="nx">public_subnets_cidr</span><span class="p">)</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">subnet_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">element</span><span class="p">(</span><span class="nx">aws_subnet</span><span class="p">.</span><span class="nx">public_subnet</span><span class="p">.</span><span class="o">*</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="nx">count</span><span class="p">.</span><span class="nx">index</span><span class="p">)</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">route_table_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_route_table</span><span class="p">.</span><span class="nx">public</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="k">resource</span> <span class="s2">"aws_route_table_association"</span> <span class="s2">"private"</span> <span class="p">{</span>
<span class="nx">count</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">length</span><span class="p">(</span><span class="kd">var</span><span class="p">.</span><span class="nx">private_subnets_cidr</span><span class="p">)</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">subnet_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">element</span><span class="p">(</span><span class="nx">aws_subnet</span><span class="p">.</span><span class="nx">private_subnet</span><span class="p">.</span><span class="o">*</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="nx">count</span><span class="p">.</span><span class="nx">index</span><span class="p">)</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">route_table_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_route_table</span><span class="p">.</span><span class="nx">private</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="cm">/*====
VPC's Default Security Group
======*/</span>
<span class="k">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"default"</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-default-sg"</span>
<span class="nx">description</span> <span class="p">=</span> <span class="s2">"Default security group to allow inbound/outbound from the VPC"</span>
<span class="nx">vpc_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">depends_on</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"aws_vpc.vpc"</span><span class="p">]</span>
<span class="nx">ingress</span> <span class="p">{</span>
<span class="nx">from_port</span> <span class="p">=</span> <span class="s2">"0"</span>
<span class="nx">to_port</span> <span class="p">=</span> <span class="s2">"0"</span>
<span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"-1"</span>
<span class="nx">self</span> <span class="p">=</span> <span class="kc">true</span>
<span class="p">}</span>
<span class="nx">egress</span> <span class="p">{</span>
<span class="nx">from_port</span> <span class="p">=</span> <span class="s2">"0"</span>
<span class="nx">to_port</span> <span class="p">=</span> <span class="s2">"0"</span>
<span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"-1"</span>
<span class="nx">self</span> <span class="p">=</span> <span class="s2">"true"</span>
<span class="p">}</span>
<span class="nx">tags</span> <span class="p">{</span>
<span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="p">}</span></code></pre></figure>
<p>The above code creates the VPC, 4 subnets (2 public and 2 private) in each Availability zone. It also creates a NAT to allow the private network access the internet.</p>
<div class="breaker"></div>
<h2 id="the-database">The Database</h2>
<p>The branch with this part can be found <a href="https://github.com/duduribeiro/terraform_ecs_fargate_example/tree/02_database">here</a>.</p>
<p>We will create a RDS database. It will be located on the private subnet. Allowing only the public subnet to access it.</p>
<figure class="highlight"><pre><code class="language-terraform" data-lang="terraform"><span class="cm">/*====
RDS
======*/</span>
<span class="cm">/* subnet used by rds */</span>
<span class="k">resource</span> <span class="s2">"aws_db_subnet_group"</span> <span class="s2">"rds_subnet_group"</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-rds-subnet-group"</span>
<span class="nx">description</span> <span class="p">=</span> <span class="s2">"RDS subnet group"</span>
<span class="nx">subnet_ids</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">subnet_ids</span><span class="k">}</span><span class="s2">"</span><span class="p">]</span>
<span class="nx">tags</span> <span class="p">{</span>
<span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="cm">/* Security Group for resources that want to access the Database */</span>
<span class="k">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"db_access_sg"</span> <span class="p">{</span>
<span class="nx">vpc_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">vpc_id</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-db-access-sg"</span>
<span class="nx">description</span> <span class="p">=</span> <span class="s2">"Allow access to RDS"</span>
<span class="nx">tags</span> <span class="p">{</span>
<span class="nx">Name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-db-access-sg"</span>
<span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"rds_sg"</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-rds-sg"</span>
<span class="nx">description</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2"> Security Group"</span>
<span class="nx">vpc_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">vpc_id</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">tags</span> <span class="p">{</span>
<span class="nx">Name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-rds-sg"</span>
<span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="c1">// allows traffic from the SG itself</span>
<span class="nx">ingress</span> <span class="p">{</span>
<span class="nx">from_port</span> <span class="p">=</span> <span class="mi">0</span>
<span class="nx">to_port</span> <span class="p">=</span> <span class="mi">0</span>
<span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"-1"</span>
<span class="nx">self</span> <span class="p">=</span> <span class="kc">true</span>
<span class="p">}</span>
<span class="c1">//allow traffic for TCP 5432</span>
<span class="nx">ingress</span> <span class="p">{</span>
<span class="nx">from_port</span> <span class="p">=</span> <span class="mi">5432</span>
<span class="nx">to_port</span> <span class="p">=</span> <span class="mi">5432</span>
<span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span>
<span class="nx">security_groups</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"</span><span class="k">${</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">db_access_sg</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span><span class="p">]</span>
<span class="p">}</span>
<span class="c1">// outbound internet access</span>
<span class="nx">egress</span> <span class="p">{</span>
<span class="nx">from_port</span> <span class="p">=</span> <span class="mi">0</span>
<span class="nx">to_port</span> <span class="p">=</span> <span class="mi">0</span>
<span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"-1"</span>
<span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">resource</span> <span class="s2">"aws_db_instance"</span> <span class="s2">"rds"</span> <span class="p">{</span>
<span class="nx">identifier</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-database"</span>
<span class="nx">allocated_storage</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">allocated_storage</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">engine</span> <span class="p">=</span> <span class="s2">"postgres"</span>
<span class="nx">engine_version</span> <span class="p">=</span> <span class="s2">"9.6.6"</span>
<span class="nx">instance_class</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">instance_class</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">multi_az</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">multi_az</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">database_name</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">username</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">database_username</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">password</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">database_password</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">db_subnet_group_name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_db_subnet_group</span><span class="p">.</span><span class="nx">rds_subnet_group</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">vpc_security_group_ids</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"</span><span class="k">${</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">rds_sg</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span><span class="p">]</span>
<span class="nx">skip_final_snapshot</span> <span class="p">=</span> <span class="kc">true</span>
<span class="nx">snapshot_identifier</span> <span class="p">=</span> <span class="s2">"rds-</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-snapshot"</span>
<span class="nx">tags</span> <span class="p">{</span>
<span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="p">}</span></code></pre></figure>
<p>With this code, we create the RDS resource with values received from the variables. We also create the security group that should be used by resources that want to connect to the database (in our case, the ECS cluster).</p>
<p>Ok. Now we have the database. Let’s finally create our ECS to deploy our app \o.</p>
<div class="breaker"></div>
<h2 id="take-three-the-ecs">Take Three: The ECS</h2>
<p>The branch with this part can be found <a href="https://github.com/duduribeiro/terraform_ecs_fargate_example/tree/03_ecs">here</a>.</p>
<p>We are approaching the final steps. Now, it is the part that we define the ECS resources needed for our app.</p>
<h3 id="the-ecr-repository">The ECR repository</h3>
<p>The first thing is to create the repository to store our built images.</p>
<figure class="highlight"><pre><code class="language-terraform" data-lang="terraform"><span class="cm">/*====
ECR repository to store our Docker images
======*/</span>
<span class="k">resource</span> <span class="s2">"aws_ecr_repository"</span> <span class="s2">"openjobs_app"</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">repository_name</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span></code></pre></figure>
<h3 id="the-ecr-cluster">The ECR cluster</h3>
<p>Next, we need our ECS cluster. Even using Fargate (that doesn’t need any EC2), we need to define a cluster for the application.</p>
<figure class="highlight"><pre><code class="language-terraform" data-lang="terraform"><span class="cm">/*====
ECS cluster
======*/</span>
<span class="k">resource</span> <span class="s2">"aws_ecs_cluster"</span> <span class="s2">"cluster"</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-ecs-cluster"</span>
<span class="p">}</span></code></pre></figure>
<h3 id="the-tasks-definitions">The tasks definitions</h3>
<p>Now, we will define 2 task definitions.</p>
<ul>
<li>Web: Contains the definition of the web app itself.</li>
<li>Db Migrate: This task will only run the command to migrate our database and will die. Since it is a single run task, we don’t need a service for it.</li>
</ul>
<figure class="highlight"><pre><code class="language-terraform" data-lang="terraform"><span class="cm">/*====
ECS task definitions
======*/</span>
<span class="cm">/* the task definition for the web service */</span>
<span class="k">data</span> <span class="s2">"template_file"</span> <span class="s2">"web_task"</span> <span class="p">{</span>
<span class="nx">template</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">file</span><span class="p">(</span><span class="s2">"</span><span class="k">${</span><span class="nx">path</span><span class="p">.</span><span class="k">module}</span><span class="s2">/tasks/web_task_definition.json"</span><span class="p">)</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">vars</span> <span class="p">{</span>
<span class="nx">image</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_ecr_repository</span><span class="p">.</span><span class="nx">openjobs_app</span><span class="p">.</span><span class="nx">repository_url</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">secret_key_base</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">secret_key_base</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">database_url</span> <span class="p">=</span> <span class="s2">"postgresql://</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">database_username</span><span class="k">}</span><span class="s2">:</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">database_password</span><span class="k">}</span><span class="s2">@</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">database_endpoint</span><span class="k">}</span><span class="s2">:5432/</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">database_name</span><span class="k">}</span><span class="s2">?encoding=utf8&pool=40"</span>
<span class="nx">log_group</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_cloudwatch_log_group</span><span class="p">.</span><span class="nx">openjobs</span><span class="p">.</span><span class="nx">name</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">resource</span> <span class="s2">"aws_ecs_task_definition"</span> <span class="s2">"web"</span> <span class="p">{</span>
<span class="nx">family</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">_web"</span>
<span class="nx">container_definitions</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${data</span><span class="p">.</span><span class="nx">template_file</span><span class="p">.</span><span class="nx">web_task</span><span class="p">.</span><span class="nx">rendered</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">requires_compatibilities</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"FARGATE"</span><span class="p">]</span>
<span class="nx">network_mode</span> <span class="p">=</span> <span class="s2">"awsvpc"</span>
<span class="nx">cpu</span> <span class="p">=</span> <span class="s2">"256"</span>
<span class="nx">memory</span> <span class="p">=</span> <span class="s2">"512"</span>
<span class="nx">execution_role_arn</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">ecs_execution_role</span><span class="p">.</span><span class="nx">arn</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">task_role_arn</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">ecs_execution_role</span><span class="p">.</span><span class="nx">arn</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="cm">/* the task definition for the db migration */</span>
<span class="k">data</span> <span class="s2">"template_file"</span> <span class="s2">"db_migrate_task"</span> <span class="p">{</span>
<span class="nx">template</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">file</span><span class="p">(</span><span class="s2">"</span><span class="k">${</span><span class="nx">path</span><span class="p">.</span><span class="k">module}</span><span class="s2">/tasks/db_migrate_task_definition.json"</span><span class="p">)</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">vars</span> <span class="p">{</span>
<span class="nx">image</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_ecr_repository</span><span class="p">.</span><span class="nx">openjobs_app</span><span class="p">.</span><span class="nx">repository_url</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">secret_key_base</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">secret_key_base</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">database_url</span> <span class="p">=</span> <span class="s2">"postgresql://</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">database_username</span><span class="k">}</span><span class="s2">:</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">database_password</span><span class="k">}</span><span class="s2">@</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">database_endpoint</span><span class="k">}</span><span class="s2">:5432/</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">database_name</span><span class="k">}</span><span class="s2">?encoding=utf8&pool=40"</span>
<span class="nx">log_group</span> <span class="p">=</span> <span class="s2">"openjobs"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">resource</span> <span class="s2">"aws_ecs_task_definition"</span> <span class="s2">"db_migrate"</span> <span class="p">{</span>
<span class="nx">family</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">_db_migrate"</span>
<span class="nx">container_definitions</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${data</span><span class="p">.</span><span class="nx">template_file</span><span class="p">.</span><span class="nx">db_migrate_task</span><span class="p">.</span><span class="nx">rendered</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">requires_compatibilities</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"FARGATE"</span><span class="p">]</span>
<span class="nx">network_mode</span> <span class="p">=</span> <span class="s2">"awsvpc"</span>
<span class="nx">cpu</span> <span class="p">=</span> <span class="s2">"256"</span>
<span class="nx">memory</span> <span class="p">=</span> <span class="s2">"512"</span>
<span class="nx">execution_role_arn</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">ecs_execution_role</span><span class="p">.</span><span class="nx">arn</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">task_role_arn</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">ecs_execution_role</span><span class="p">.</span><span class="nx">arn</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span></code></pre></figure>
<p>The tasks definitions are configured in a JSON file and rendered as a template in Terraform.</p>
<p>This is the task definition of the web app:</p>
<figure class="highlight"><pre><code class="language-json" data-lang="json"><span class="p">[</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"web"</span><span class="p">,</span><span class="w">
</span><span class="nl">"image"</span><span class="p">:</span><span class="w"> </span><span class="s2">"${image}"</span><span class="p">,</span><span class="w">
</span><span class="nl">"portMappings"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"containerPort"</span><span class="p">:</span><span class="w"> </span><span class="mi">80</span><span class="p">,</span><span class="w">
</span><span class="nl">"hostPort"</span><span class="p">:</span><span class="w"> </span><span class="mi">80</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">],</span><span class="w">
</span><span class="nl">"memory"</span><span class="p">:</span><span class="w"> </span><span class="mi">300</span><span class="p">,</span><span class="w">
</span><span class="nl">"networkMode"</span><span class="p">:</span><span class="w"> </span><span class="s2">"awsvpc"</span><span class="p">,</span><span class="w">
</span><span class="nl">"logConfiguration"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"logDriver"</span><span class="p">:</span><span class="w"> </span><span class="s2">"awslogs"</span><span class="p">,</span><span class="w">
</span><span class="nl">"options"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"awslogs-group"</span><span class="p">:</span><span class="w"> </span><span class="s2">"${log_group}"</span><span class="p">,</span><span class="w">
</span><span class="nl">"awslogs-region"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-east-1"</span><span class="p">,</span><span class="w">
</span><span class="nl">"awslogs-stream-prefix"</span><span class="p">:</span><span class="w"> </span><span class="s2">"web"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="nl">"environment"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"RAILS_ENV"</span><span class="p">,</span><span class="w">
</span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"production"</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"DATABASE_URL"</span><span class="p">,</span><span class="w">
</span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"${database_url}"</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"SECRET_KEY_BASE"</span><span class="p">,</span><span class="w">
</span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"${secret_key_base}"</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PORT"</span><span class="p">,</span><span class="w">
</span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"80"</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"RAILS_LOG_TO_STDOUT"</span><span class="p">,</span><span class="w">
</span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"true"</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"RAILS_SERVE_STATIC_FILES"</span><span class="p">,</span><span class="w">
</span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"true"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">]</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">]</span></code></pre></figure>
<p>In the file above, we are defining the task to ECS. We pass the created ECR image repository as variable to it. We also configure other variables so ECS can start our Rails app.</p>
<p>The definition of the DB migration task is almost the same. We only change the command that will be executed.</p>
<h3 id="the-load-balancers">The load balancers</h3>
<p>Before creating the Services, we need to create the load balancers. They will be on the public subnet and will forward the requests to the ECS service.</p>
<figure class="highlight"><pre><code class="language-terraform" data-lang="terraform"><span class="k">resource</span> <span class="s2">"aws_alb_target_group"</span> <span class="s2">"alb_target_group"</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-alb-target-group-</span><span class="k">${</span><span class="nx">random_id</span><span class="p">.</span><span class="nx">target_group_sufix</span><span class="p">.</span><span class="nx">hex</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">port</span> <span class="p">=</span> <span class="mi">80</span>
<span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"HTTP"</span>
<span class="nx">vpc_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">vpc_id</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">target_type</span> <span class="p">=</span> <span class="s2">"ip"</span>
<span class="nx">lifecycle</span> <span class="p">{</span>
<span class="nx">create_before_destroy</span> <span class="p">=</span> <span class="kc">true</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="cm">/* security group for ALB */</span>
<span class="k">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"web_inbound_sg"</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-web-inbound-sg"</span>
<span class="nx">description</span> <span class="p">=</span> <span class="s2">"Allow HTTP from Anywhere into ALB"</span>
<span class="nx">vpc_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">vpc_id</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">ingress</span> <span class="p">{</span>
<span class="nx">from_port</span> <span class="p">=</span> <span class="mi">80</span>
<span class="nx">to_port</span> <span class="p">=</span> <span class="mi">80</span>
<span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span>
<span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span>
<span class="p">}</span>
<span class="nx">ingress</span> <span class="p">{</span>
<span class="nx">from_port</span> <span class="p">=</span> <span class="mi">8</span>
<span class="nx">to_port</span> <span class="p">=</span> <span class="mi">0</span>
<span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"icmp"</span>
<span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span>
<span class="p">}</span>
<span class="nx">egress</span> <span class="p">{</span>
<span class="nx">from_port</span> <span class="p">=</span> <span class="mi">0</span>
<span class="nx">to_port</span> <span class="p">=</span> <span class="mi">0</span>
<span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"-1"</span>
<span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span>
<span class="p">}</span>
<span class="nx">tags</span> <span class="p">{</span>
<span class="nx">Name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-web-inbound-sg"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">resource</span> <span class="s2">"aws_alb"</span> <span class="s2">"alb_openjobs"</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-alb-openjobs"</span>
<span class="nx">subnets</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">public_subnet_ids</span><span class="k">}</span><span class="s2">"</span><span class="p">]</span>
<span class="nx">security_groups</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">security_groups_ids</span><span class="k">}</span><span class="s2">"</span><span class="p">,</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">web_inbound_sg</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span><span class="p">]</span>
<span class="nx">tags</span> <span class="p">{</span>
<span class="nx">Name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-alb-openjobs"</span>
<span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">resource</span> <span class="s2">"aws_alb_listener"</span> <span class="s2">"openjobs"</span> <span class="p">{</span>
<span class="nx">load_balancer_arn</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_alb</span><span class="p">.</span><span class="nx">alb_openjobs</span><span class="p">.</span><span class="nx">arn</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">port</span> <span class="p">=</span> <span class="s2">"80"</span>
<span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"HTTP"</span>
<span class="nx">depends_on</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"aws_alb_target_group.alb_target_group"</span><span class="p">]</span>
<span class="nx">default_action</span> <span class="p">{</span>
<span class="nx">target_group_arn</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_alb_target_group</span><span class="p">.</span><span class="nx">alb_target_group</span><span class="p">.</span><span class="nx">arn</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">type</span> <span class="p">=</span> <span class="s2">"forward"</span>
<span class="p">}</span>
<span class="p">}</span></code></pre></figure>
<p>In the file above we define that our target group will use HTTP on port 80. We also create a security group to allow access into the port 80 from the internet. After, we create the Application Load Balancer and the listener. To use Fargate, you should use an Application Load Balancer instead an Elastic Load Balancer.</p>
<h3 id="finally-the-ecs-service">Finally, the ECS service</h3>
<p>Now we will create the service. To use Fargate, we need to specify the <code class="highlighter-rouge">lauch_type</code> as <code class="highlighter-rouge">Fargate</code>.</p>
<figure class="highlight"><pre><code class="language-terraform" data-lang="terraform"><span class="cm">/*====
ECS service
======*/</span>
<span class="cm">/* Security Group for ECS */</span>
<span class="k">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"ecs_service"</span> <span class="p">{</span>
<span class="nx">vpc_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">vpc_id</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-ecs-service-sg"</span>
<span class="nx">description</span> <span class="p">=</span> <span class="s2">"Allow egress from container"</span>
<span class="nx">egress</span> <span class="p">{</span>
<span class="nx">from_port</span> <span class="p">=</span> <span class="mi">0</span>
<span class="nx">to_port</span> <span class="p">=</span> <span class="mi">0</span>
<span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"-1"</span>
<span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span>
<span class="p">}</span>
<span class="nx">ingress</span> <span class="p">{</span>
<span class="nx">from_port</span> <span class="p">=</span> <span class="mi">8</span>
<span class="nx">to_port</span> <span class="p">=</span> <span class="mi">0</span>
<span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"icmp"</span>
<span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span>
<span class="p">}</span>
<span class="nx">tags</span> <span class="p">{</span>
<span class="nx">Name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-ecs-service-sg"</span>
<span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="cm">/* Simply specify the family to find the latest ACTIVE revision in that family */</span>
<span class="k">data</span> <span class="s2">"aws_ecs_task_definition"</span> <span class="s2">"web"</span> <span class="p">{</span>
<span class="nx">task_definition</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_ecs_task_definition</span><span class="p">.</span><span class="nx">web</span><span class="p">.</span><span class="nx">family</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="k">resource</span> <span class="s2">"aws_ecs_service"</span> <span class="s2">"web"</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">-web"</span>
<span class="nx">task_definition</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_ecs_task_definition</span><span class="p">.</span><span class="nx">web</span><span class="p">.</span><span class="nx">family</span><span class="k">}</span><span class="s2">:</span><span class="k">${</span><span class="nx">max</span><span class="p">(</span><span class="s2">"</span><span class="k">${</span><span class="nx">aws_ecs_task_definition</span><span class="p">.</span><span class="nx">web</span><span class="p">.</span><span class="nx">revision</span><span class="k">}</span><span class="s2">"</span><span class="p">,</span> <span class="s2">"</span><span class="k">${data</span><span class="p">.</span><span class="nx">aws_ecs_task_definition</span><span class="p">.</span><span class="nx">web</span><span class="p">.</span><span class="nx">revision</span><span class="k">}</span><span class="s2">"</span><span class="p">)</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">desired_count</span> <span class="p">=</span> <span class="mi">2</span>
<span class="nx">launch_type</span> <span class="p">=</span> <span class="s2">"FARGATE"</span>
<span class="nx">cluster</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_ecs_cluster</span><span class="p">.</span><span class="nx">cluster</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">depends_on</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"aws_iam_role_policy.ecs_service_role_policy"</span><span class="p">]</span>
<span class="nx">network_configuration</span> <span class="p">{</span>
<span class="nx">security_groups</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">security_groups_ids</span><span class="k">}</span><span class="s2">"</span><span class="p">,</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">ecs_service</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span><span class="p">]</span>
<span class="nx">subnets</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">subnets_ids</span><span class="k">}</span><span class="s2">"</span><span class="p">]</span>
<span class="p">}</span>
<span class="nx">load_balancer</span> <span class="p">{</span>
<span class="nx">target_group_arn</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_alb_target_group</span><span class="p">.</span><span class="nx">alb_target_group</span><span class="p">.</span><span class="nx">arn</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">container_name</span> <span class="p">=</span> <span class="s2">"web"</span>
<span class="nx">container_port</span> <span class="p">=</span> <span class="s2">"80"</span>
<span class="p">}</span>
<span class="nx">depends_on</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"aws_alb_target_group.alb_target_group"</span><span class="p">]</span>
<span class="p">}</span></code></pre></figure>
<h3 id="auto-scaling">Auto-scaling</h3>
<p>Fargate allows us to auto-scale our app easily. We only need to create the metrics in CloudWatch and trigger to scale it up or down.</p>
<figure class="highlight"><pre><code class="language-terraform" data-lang="terraform"><span class="k">resource</span> <span class="s2">"aws_appautoscaling_target"</span> <span class="s2">"target"</span> <span class="p">{</span>
<span class="nx">service_namespace</span> <span class="p">=</span> <span class="s2">"ecs"</span>
<span class="nx">resource_id</span> <span class="p">=</span> <span class="s2">"service/</span><span class="k">${</span><span class="nx">aws_ecs_cluster</span><span class="p">.</span><span class="nx">cluster</span><span class="p">.</span><span class="nx">name</span><span class="k">}</span><span class="s2">/</span><span class="k">${</span><span class="nx">aws_ecs_service</span><span class="p">.</span><span class="nx">web</span><span class="p">.</span><span class="nx">name</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">scalable_dimension</span> <span class="p">=</span> <span class="s2">"ecs:service:DesiredCount"</span>
<span class="nx">role_arn</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">ecs_autoscale_role</span><span class="p">.</span><span class="nx">arn</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">min_capacity</span> <span class="p">=</span> <span class="mi">1</span>
<span class="nx">max_capacity</span> <span class="p">=</span> <span class="mi">4</span>
<span class="p">}</span>
<span class="k">resource</span> <span class="s2">"aws_appautoscaling_policy"</span> <span class="s2">"up"</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">_scale_up"</span>
<span class="nx">service_namespace</span> <span class="p">=</span> <span class="s2">"ecs"</span>
<span class="nx">resource_id</span> <span class="p">=</span> <span class="s2">"service/</span><span class="k">${</span><span class="nx">aws_ecs_cluster</span><span class="p">.</span><span class="nx">cluster</span><span class="p">.</span><span class="nx">name</span><span class="k">}</span><span class="s2">/</span><span class="k">${</span><span class="nx">aws_ecs_service</span><span class="p">.</span><span class="nx">web</span><span class="p">.</span><span class="nx">name</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">scalable_dimension</span> <span class="p">=</span> <span class="s2">"ecs:service:DesiredCount"</span>
<span class="nx">step_scaling_policy_configuration</span> <span class="p">{</span>
<span class="nx">adjustment_type</span> <span class="p">=</span> <span class="s2">"ChangeInCapacity"</span>
<span class="nx">cooldown</span> <span class="p">=</span> <span class="mi">60</span>
<span class="nx">metric_aggregation_type</span> <span class="p">=</span> <span class="s2">"Maximum"</span>
<span class="nx">step_adjustment</span> <span class="p">{</span>
<span class="nx">metric_interval_lower_bound</span> <span class="p">=</span> <span class="mi">0</span>
<span class="nx">scaling_adjustment</span> <span class="p">=</span> <span class="mi">1</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="nx">depends_on</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"aws_appautoscaling_target.target"</span><span class="p">]</span>
<span class="p">}</span>
<span class="k">resource</span> <span class="s2">"aws_appautoscaling_policy"</span> <span class="s2">"down"</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">_scale_down"</span>
<span class="nx">service_namespace</span> <span class="p">=</span> <span class="s2">"ecs"</span>
<span class="nx">resource_id</span> <span class="p">=</span> <span class="s2">"service/</span><span class="k">${</span><span class="nx">aws_ecs_cluster</span><span class="p">.</span><span class="nx">cluster</span><span class="p">.</span><span class="nx">name</span><span class="k">}</span><span class="s2">/</span><span class="k">${</span><span class="nx">aws_ecs_service</span><span class="p">.</span><span class="nx">web</span><span class="p">.</span><span class="nx">name</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">scalable_dimension</span> <span class="p">=</span> <span class="s2">"ecs:service:DesiredCount"</span>
<span class="nx">step_scaling_policy_configuration</span> <span class="p">{</span>
<span class="nx">adjustment_type</span> <span class="p">=</span> <span class="s2">"ChangeInCapacity"</span>
<span class="nx">cooldown</span> <span class="p">=</span> <span class="mi">60</span>
<span class="nx">metric_aggregation_type</span> <span class="p">=</span> <span class="s2">"Maximum"</span>
<span class="nx">step_adjustment</span> <span class="p">{</span>
<span class="nx">metric_interval_lower_bound</span> <span class="p">=</span> <span class="mi">0</span>
<span class="nx">scaling_adjustment</span> <span class="p">=</span> <span class="err">-</span><span class="mi">1</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="nx">depends_on</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"aws_appautoscaling_target.target"</span><span class="p">]</span>
<span class="p">}</span>
<span class="cm">/* metric used for auto scale */</span>
<span class="k">resource</span> <span class="s2">"aws_cloudwatch_metric_alarm"</span> <span class="s2">"service_cpu_high"</span> <span class="p">{</span>
<span class="nx">alarm_name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">environment</span><span class="k">}</span><span class="s2">_openjobs_web_cpu_utilization_high"</span>
<span class="nx">comparison_operator</span> <span class="p">=</span> <span class="s2">"GreaterThanOrEqualToThreshold"</span>
<span class="nx">evaluation_periods</span> <span class="p">=</span> <span class="s2">"2"</span>
<span class="nx">metric_name</span> <span class="p">=</span> <span class="s2">"CPUUtilization"</span>
<span class="nx">namespace</span> <span class="p">=</span> <span class="s2">"AWS/ECS"</span>
<span class="nx">period</span> <span class="p">=</span> <span class="s2">"60"</span>
<span class="nx">statistic</span> <span class="p">=</span> <span class="s2">"Maximum"</span>
<span class="nx">threshold</span> <span class="p">=</span> <span class="s2">"85"</span>
<span class="nx">dimensions</span> <span class="p">{</span>
<span class="nx">ClusterName</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_ecs_cluster</span><span class="p">.</span><span class="nx">cluster</span><span class="p">.</span><span class="nx">name</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">ServiceName</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_ecs_service</span><span class="p">.</span><span class="nx">web</span><span class="p">.</span><span class="nx">name</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="nx">alarm_actions</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"</span><span class="k">${</span><span class="nx">aws_appautoscaling_policy</span><span class="p">.</span><span class="nx">up</span><span class="p">.</span><span class="nx">arn</span><span class="k">}</span><span class="s2">"</span><span class="p">]</span>
<span class="nx">ok_actions</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"</span><span class="k">${</span><span class="nx">aws_appautoscaling_policy</span><span class="p">.</span><span class="nx">down</span><span class="p">.</span><span class="nx">arn</span><span class="k">}</span><span class="s2">"</span><span class="p">]</span>
<span class="p">}</span></code></pre></figure>
<p>We create 2 auto scaling policies. One to scale up and other to scale down the desired count of running tasks from our ECS service.</p>
<p>After, we create a CloudWatch metric based on the CPU. If the CPU usage is greater than 85% from 2 periods, we trigger the <code class="highlighter-rouge">alarm_action</code> that calls the scale-up policy. If it returns to the Ok state, it will trigger the scale-down policy.</p>
<div class="breaker"></div>
<h2 id="the-pipeline-to-deploy-our-app">The Pipeline to deploy our app</h2>
<p>Our infrastructure to run our Docker app is ready. But it is still boring to deploy it to ECS. We need to manually push our image to the repository and update the task definition with the new image and update the new task definition. We can run it through Terraform, but it could be better if we have a way to push our code to Github in the master branch and it deploys automatically for us.</p>
<p>Entering, <a href="https://aws.amazon.com/codepipeline">CodePipeline</a> and <a href="https://aws.amazon.com/codebuild/">CodeBuild</a>.</p>
<p>CodePipeline is a Continuous Integration and Continuous Delivery service hosted by AWS.</p>
<p>CodeBuild is a managed build service that can execute tests and generate packages for us (in our case, a Docker image).</p>
<p>With it, we can create pipelines to delivery our code to ECS. The flow will be:</p>
<ul>
<li>You push the code to master’s branch</li>
<li>CodePipeline gets the code in the Source stage and calls the Build stage (CodeBuild).</li>
<li>Build stage process our Dockerfile building and pushing the Image to ECR and triggers the Deploy stage</li>
<li>Deploy stage updates our ECS with the new image</li>
</ul>
<p>Let’s define our Pipeline with Terraform:</p>
<figure class="highlight"><pre><code class="language-terraform" data-lang="terraform"><span class="cm">/*
/* CodeBuild
*/</span>
<span class="k">data</span> <span class="s2">"template_file"</span> <span class="s2">"buildspec"</span> <span class="p">{</span>
<span class="nx">template</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">file</span><span class="p">(</span><span class="s2">"</span><span class="k">${</span><span class="nx">path</span><span class="p">.</span><span class="k">module}</span><span class="s2">/buildspec.yml"</span><span class="p">)</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">vars</span> <span class="p">{</span>
<span class="nx">repository_url</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">repository_url</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">region</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">region</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">cluster_name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">ecs_cluster_name</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">subnet_id</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">run_task_subnet_id</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">security_group_ids</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">join</span><span class="p">(</span><span class="s2">","</span><span class="p">,</span> <span class="kd">var</span><span class="p">.</span><span class="nx">run_task_security_group_ids</span><span class="p">)</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">resource</span> <span class="s2">"aws_codebuild_project"</span> <span class="s2">"openjobs_build"</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"openjobs-codebuild"</span>
<span class="nx">build_timeout</span> <span class="p">=</span> <span class="s2">"10"</span>
<span class="nx">service_role</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">codebuild_role</span><span class="p">.</span><span class="nx">arn</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">artifacts</span> <span class="p">{</span>
<span class="nx">type</span> <span class="p">=</span> <span class="s2">"CODEPIPELINE"</span>
<span class="p">}</span>
<span class="nx">environment</span> <span class="p">{</span>
<span class="nx">compute_type</span> <span class="p">=</span> <span class="s2">"BUILD_GENERAL1_SMALL"</span>
<span class="c1">// https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html</span>
<span class="nx">image</span> <span class="p">=</span> <span class="s2">"aws/codebuild/docker:1.12.1"</span>
<span class="nx">type</span> <span class="p">=</span> <span class="s2">"LINUX_CONTAINER"</span>
<span class="nx">privileged_mode</span> <span class="p">=</span> <span class="kc">true</span>
<span class="p">}</span>
<span class="nx">source</span> <span class="p">{</span>
<span class="nx">type</span> <span class="p">=</span> <span class="s2">"CODEPIPELINE"</span>
<span class="nx">buildspec</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${data</span><span class="p">.</span><span class="nx">template_file</span><span class="p">.</span><span class="nx">buildspec</span><span class="p">.</span><span class="nx">rendered</span><span class="k">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="cm">/* CodePipeline */</span>
<span class="k">resource</span> <span class="s2">"aws_codepipeline"</span> <span class="s2">"pipeline"</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"openjobs-pipeline"</span>
<span class="nx">role_arn</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">codepipeline_role</span><span class="p">.</span><span class="nx">arn</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">artifact_store</span> <span class="p">{</span>
<span class="nx">location</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">source</span><span class="p">.</span><span class="nx">bucket</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">type</span> <span class="p">=</span> <span class="s2">"S3"</span>
<span class="p">}</span>
<span class="nx">stage</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"Source"</span>
<span class="nx">action</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"Source"</span>
<span class="nx">category</span> <span class="p">=</span> <span class="s2">"Source"</span>
<span class="nx">owner</span> <span class="p">=</span> <span class="s2">"ThirdParty"</span>
<span class="k">provider</span> <span class="p">=</span> <span class="s2">"GitHub"</span>
<span class="nx">version</span> <span class="p">=</span> <span class="s2">"1"</span>
<span class="nx">output_artifacts</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"source"</span><span class="p">]</span>
<span class="nx">configuration</span> <span class="p">{</span>
<span class="nx">Owner</span> <span class="p">=</span> <span class="s2">"duduribeiro"</span>
<span class="nx">Repo</span> <span class="p">=</span> <span class="s2">"openjobs_experiment"</span>
<span class="nx">Branch</span> <span class="p">=</span> <span class="s2">"master"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="nx">stage</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"Build"</span>
<span class="nx">action</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"Build"</span>
<span class="nx">category</span> <span class="p">=</span> <span class="s2">"Build"</span>
<span class="nx">owner</span> <span class="p">=</span> <span class="s2">"AWS"</span>
<span class="k">provider</span> <span class="p">=</span> <span class="s2">"CodeBuild"</span>
<span class="nx">version</span> <span class="p">=</span> <span class="s2">"1"</span>
<span class="nx">input_artifacts</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"source"</span><span class="p">]</span>
<span class="nx">output_artifacts</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"imagedefinitions"</span><span class="p">]</span>
<span class="nx">configuration</span> <span class="p">{</span>
<span class="nx">ProjectName</span> <span class="p">=</span> <span class="s2">"openjobs-codebuild"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="nx">stage</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"Production"</span>
<span class="nx">action</span> <span class="p">{</span>
<span class="nx">name</span> <span class="p">=</span> <span class="s2">"Deploy"</span>
<span class="nx">category</span> <span class="p">=</span> <span class="s2">"Deploy"</span>
<span class="nx">owner</span> <span class="p">=</span> <span class="s2">"AWS"</span>
<span class="k">provider</span> <span class="p">=</span> <span class="s2">"ECS"</span>
<span class="nx">input_artifacts</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"imagedefinitions"</span><span class="p">]</span>
<span class="nx">version</span> <span class="p">=</span> <span class="s2">"1"</span>
<span class="nx">configuration</span> <span class="p">{</span>
<span class="nx">ClusterName</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">ecs_cluster_name</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">ServiceName</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">ecs_service_name</span><span class="k">}</span><span class="s2">"</span>
<span class="nx">FileName</span> <span class="p">=</span> <span class="s2">"imagedefinitions.json"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span></code></pre></figure>
<p>In the above code, we create a CodeBuild project, using the following buildspec (build specifications file):</p>
<figure class="highlight"><pre><code class="language-yaml" data-lang="yaml"><span class="na">version</span><span class="pi">:</span> <span class="m">0.2</span>
<span class="na">phases</span><span class="pi">:</span>
<span class="na">pre_build</span><span class="pi">:</span>
<span class="na">commands</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">pip install awscli --upgrade --user</span>
<span class="pi">-</span> <span class="s">echo `aws --version`</span>
<span class="pi">-</span> <span class="s">echo Logging in to Amazon ECR...</span>
<span class="pi">-</span> <span class="s">$(aws ecr get-login --region ${region} --no-include-email)</span>
<span class="pi">-</span> <span class="s">REPOSITORY_URI=${repository_url}</span>
<span class="pi">-</span> <span class="s">IMAGE_TAG=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)</span>
<span class="pi">-</span> <span class="s">echo Entered the pre_build phase...</span>
<span class="na">build</span><span class="pi">:</span>
<span class="na">commands</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">echo Build started on `date`</span>
<span class="pi">-</span> <span class="s">echo Building the Docker image...</span>
<span class="pi">-</span> <span class="s">docker build --build-arg build_without="development test" --build-arg rails_env="production" -t $REPOSITORY_URI:latest .</span>
<span class="pi">-</span> <span class="s">docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG</span>
<span class="na">post_build</span><span class="pi">:</span>
<span class="na">commands</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">echo Build completed on `date`</span>
<span class="pi">-</span> <span class="s">echo Pushing the Docker images...</span>
<span class="pi">-</span> <span class="s">docker push $REPOSITORY_URI:latest</span>
<span class="pi">-</span> <span class="s">docker push $REPOSITORY_URI:$IMAGE_TAG</span>
<span class="pi">-</span> <span class="s">echo Writing image definitions file...</span>
<span class="pi">-</span> <span class="s">printf '[{"name":"web","imageUri":"%s"}]' $REPOSITORY_URI:$IMAGE_TAG > imagedefinitions.json</span>
<span class="pi">-</span> <span class="s">echo upgrading db-migrate task definitions</span>
<span class="pi">-</span> <span class="s">aws ecs run-task --launch-type FARGATE --cluster ${cluster_name} --task-definition production_db_migrate --network-configuration "awsvpcConfiguration={subnets=[${subnet_id}],securityGroups=[${security_group_ids}]}"</span>
<span class="na">artifacts</span><span class="pi">:</span>
<span class="na">files</span><span class="pi">:</span> <span class="s">imagedefinitions.json</span></code></pre></figure>
<p>We defined some phases in the above file.</p>
<ul>
<li><code class="highlighter-rouge">pre_build</code>: Upgrade aws-cli, set some environment variables: REPOSITORY_URL with the ECR repository and IMAGE_TAG with the CodeBuild source version. The ECR repository is passed as a variable by Terraform.</li>
<li><code class="highlighter-rouge">build</code>: Build the Dockerfile from the repository tagging it as LATEST in the repository URL.</li>
<li><code class="highlighter-rouge">post_build</code>: Push the image to the repository. Creates a file named <code class="highlighter-rouge">imagedefinitions.json</code> with the following content:
‘[{“name”:”web”,”imageUri”:REPOSITORY_URL”}]’
This file is used by CodePipeline to upgrade your ECS cluster in the Deployment stage.</li>
<li><code class="highlighter-rouge">artifacts</code>: Get the file created in the last phase and uses as the artifact.</li>
</ul>
<p>After, we create a CodePipeline resource with 3 stages:</p>
<ul>
<li><code class="highlighter-rouge">Source</code>: Gets the repository from Github (change it by your repository information) and pass it to the next stage.</li>
<li><code class="highlighter-rouge">Build</code>: Calls the CodeBuild project that we created in the step before.</li>
<li><code class="highlighter-rouge">Production</code>: Gets the artifact from Build stage (imagedefinitions.json) and deploy to ECS.</li>
</ul>
<p>Let’s see they working together?</p>
<div class="breaker"></div>
<h2 id="running-all-together">Running all together</h2>
<p>The code with the full example is <a href="https://github.com/duduribeiro/terraform_ecs_fargate_example">here</a>.</p>
<p>Clone it. Also, since we use Github as the CodePipeline source provider, you need to generate a token to access the repositories. <a href="https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/">Read here</a> to generate yours.</p>
<p>After generating your token, export it as an environment variable.</p>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">export </span><span class="nv">GITHUB_TOKEN</span><span class="o">=</span>YOUR_TOKEN</code></pre></figure>
<p>Now, we need to import the modules and the provider library.</p>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>terraform init</code></pre></figure>
<p><img src="https://miro.medium.com/max/1400/1*6HQQkkurojqHSIw3ywQTSw.png" alt="terraform_init" /></p>
<p>Now, let the magic begin!</p>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>terraform apply</code></pre></figure>
<p>it will display that Terraform will create some resources, and if you want to continue</p>
<p><img src="https://miro.medium.com/max/1400/1*N_Ce_3nRV-hk4QFgd-J3sw.png" alt="plan" /></p>
<p>Type <code class="highlighter-rouge">yes</code>.</p>
<p><img src="https://miro.medium.com/max/520/1*lZ7NXzq0NMQmObgMoyoJIg.gif" alt="wait" /></p>
<p>Seriously, get a coffee until it finishes.</p>
<p><img src="https://miro.medium.com/max/1400/1*hl4G1GBfzMSBuBJ2axn0LQ.png" alt="coffee" /></p>
<p><img src="https://miro.medium.com/max/1400/1*-w-oLVLxuyebsaUStamQHg.png" alt="apply_complete" /></p>
<p>AWESOME!. Our infrastructure is ready!!. If you enter in your CodePipeline at AWS Dashboard, you can see that it also triggered the first build:</p>
<p><img src="https://miro.medium.com/max/1400/1*XfmkQU8ae8v9Pbp6iaJQIA.png" alt="pipeline" /></p>
<p>Wait until all the Stages are green.</p>
<p><img src="https://miro.medium.com/max/912/1*ZdNh3pr5qIdU-vMwlQfi4Q.png" alt="green" /></p>
<p>Get your Load Balancer DNS and check the deployed application:</p>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>terraform output alb_dns_name</code></pre></figure>
<p><img src="https://miro.medium.com/max/1400/1*WW07XGYH37It1xq5tUnGrQ.png" alt="dns" /></p>
<p><img src="https://miro.medium.com/max/2000/1*wJmKvO2Pd36jtJMZePd-3Q.png" alt="website" /></p>
<p>Finally, the app is running. Almost magic!</p>
<p><img src="https://miro.medium.com/max/550/1*mPUc2fU1VPbW6gjbw1DjeQ.gif" alt="magic" /></p>
<p><img src="https://miro.medium.com/max/1400/1*dsHpznpcd482MHT1fvyc3Q.png" alt="thats_all" /></p>
<p>Cheers,
🍻</p>dudribeiroIn this post, I will try to demonstrate how you can deploy your Docker application into AWS using ECS and Fargate.Evaluate your ruby code directly from VIM2017-08-07T15:00:00+00:002017-08-07T15:00:00+00:00https://cadu.dev/evaluate-your-ruby-code-directly-from-vim<p>When I am writing code, usually I want to evaluate some piece of code. I used to do the following actions:</p>
<ul>
<li>Copy and paste my code to IRB (or run my ruby script file directly from the terminal).</li>
<li>When using <code class="highlighter-rouge">tmux</code>, send my code directly from vim to tmux with the vim-tmux-runner plugin.</li>
</ul>
<p>The first option needs an extra work of copying and pasting content. I prefer the second option, but sometimes I forgot to attach the VTR pane and get errors.</p>
<p>Now I’m using <a href="https://github.com/JoshCheek/seeing_is_believing">https://github.com/JoshCheek/seeing_is_believing</a> along with <a href="https://github.com/t9md/vim-ruby-xmpfilter">https://github.com/t9md/vim-ruby-xmpfilter</a> plugin</p>
<p>I set my <code class="highlighter-rouge">.vimrc</code> with the following content (I use Plug to manage my dependencies):</p>
<figure class="highlight"><pre><code class="language-viml" data-lang="viml">Plug <span class="s1">'t9md/vim-ruby-xmpfilter'</span>
<span class="c">" Enable seeing-is-believing mappings only for Ruby</span>
<span class="k">let</span> <span class="nv">g:xmpfilter_cmd</span> <span class="p">=</span> <span class="s2">"seeing_is_believing"</span>
autocmd <span class="nb">FileType</span> <span class="k">ruby</span> nmap <span class="p"><</span>buffer<span class="p">></span> <span class="p"><</span>F4<span class="p">></span> <span class="p"><</span>Plug<span class="p">>(</span>seeing_is_believing<span class="p">-</span>mark<span class="p">)</span>
autocmd <span class="nb">FileType</span> <span class="k">ruby</span> xmap <span class="p"><</span>buffer<span class="p">></span> <span class="p"><</span>F4<span class="p">></span> <span class="p"><</span>Plug<span class="p">>(</span>seeing_is_believing<span class="p">-</span>mark<span class="p">)</span>
autocmd <span class="nb">FileType</span> <span class="k">ruby</span> imap <span class="p"><</span>buffer<span class="p">></span> <span class="p"><</span>F4<span class="p">></span> <span class="p"><</span>Plug<span class="p">>(</span>seeing_is_believing<span class="p">-</span>mark<span class="p">)</span>
autocmd <span class="nb">FileType</span> <span class="k">ruby</span> nmap <span class="p"><</span>buffer<span class="p">></span> <span class="p"><</span>F6<span class="p">></span> <span class="p"><</span>Plug<span class="p">>(</span>seeing_is_believing<span class="p">-</span>clean<span class="p">)</span>
autocmd <span class="nb">FileType</span> <span class="k">ruby</span> xmap <span class="p"><</span>buffer<span class="p">></span> <span class="p"><</span>F6<span class="p">></span> <span class="p"><</span>Plug<span class="p">>(</span>seeing_is_believing<span class="p">-</span>clean<span class="p">)</span>
autocmd <span class="nb">FileType</span> <span class="k">ruby</span> imap <span class="p"><</span>buffer<span class="p">></span> <span class="p"><</span>F6<span class="p">></span> <span class="p"><</span>Plug<span class="p">>(</span>seeing_is_believing<span class="p">-</span>clean<span class="p">)</span>
autocmd <span class="nb">FileType</span> <span class="k">ruby</span> nmap <span class="p"><</span>buffer<span class="p">></span> <span class="p"><</span>F5<span class="p">></span> <span class="p"><</span>Plug<span class="p">>(</span>seeing_is_believing<span class="p">-</span>run<span class="p">)</span>
autocmd <span class="nb">FileType</span> <span class="k">ruby</span> xmap <span class="p"><</span>buffer<span class="p">></span> <span class="p"><</span>F5<span class="p">></span> <span class="p"><</span>Plug<span class="p">>(</span>seeing_is_believing<span class="p">-</span>run<span class="p">)</span>
autocmd <span class="nb">FileType</span> <span class="k">ruby</span> imap <span class="p"><</span>buffer<span class="p">></span> <span class="p"><</span>F5<span class="p">></span> <span class="p"><</span>Plug<span class="p">>(</span>seeing_is_believing<span class="p">-</span>run<span class="p">)</span></code></pre></figure>
<p>Now I can visual select my code, use <code class="highlighter-rouge">F4</code> to <code class="highlighter-rouge">mark</code> and that line will be evaluated, press <code class="highlighter-rouge">F5</code> and get the result of that code. After, I can clean all marks with <code class="highlighter-rouge">F6</code>.</p>
<p><img src="https://miro.medium.com/max/1400/1*7gjSHyVfzMhsoa038YicQg.gif" alt="running" /></p>
<p>Cheers,
🍻</p>dudribeiroWhen I am writing code, usually I want to evaluate some piece of code. I used to do the following actions: Copy and paste my code to IRB (or run my ruby script file directly from the terminal). When using tmux, send my code directly from vim to tmux with the vim-tmux-runner plugin.Creating review apps per pull requests2017-07-04T15:00:00+00:002017-07-04T15:00:00+00:00https://cadu.dev/creating-review-apps-per-pull-requests<p>In this post I will show a simple example about how to create apps for each pull request (or, creating your own Gitlab/Heroku Review App).</p>
<p>Let’s imagine the following scenario of a development team:</p>
<ul>
<li>Developer creates a new feature branch.</li>
<li>Developer pushes the branch</li>
<li>Developer opens a pull request so other developers can check his code and test the feature</li>
<li>CI runs the tests and makes the branch green if it passes</li>
</ul>
<p>Now the developer should send the feature to someone else to test it. The feature should not be merged into master so it can be tested. They should be tested isolated because one feature can interfere with another and master should only have deployable code. With this in mind, we will create an environment for each pull request using Docker.</p>
<p>I will use Jenkins as CI because I want to use an open source tool to demonstrate this, but you can use any CI tool that you prefer.</p>
<p>This post will assume that you already have Jenkins installed. I will use this opensource Rails application as an example. Fork this repo into your account and clone it in your computer.</p>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash">git clone https://github.com/yourgithubusername/opensanca_jobs.git</code></pre></figure>
<p>You can get the full code repo that I used on <a href="https://github.com/duduribeiro/openjobs_jenkins_test">https://github.com/duduribeiro/openjobs_jenkins_test</a></p>
<div class="breaker"></div>
<h2 id="configuring-docker">Configuring Docker</h2>
<p>The first step that we need is to configuring our app with docker.</p>
<p>A Dockerfile is a file that has instructions to build an image that contains our application. You can learn more about
Docker in their <a href="https://docs.docker.com/">documentation</a>.</p>
<p>Create a file named Dockerfile in the app folder:</p>
<figure class="highlight"><pre><code class="language-docker" data-lang="docker"><span class="k">FROM</span><span class="s"> ruby:2.4.1</span>
<span class="k">MAINTAINER</span><span class="s"> mail@carlosribeiro.me</span>
<span class="k">RUN </span>curl <span class="nt">-sS</span> http://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - <span class="se">\
</span><span class="o">&&</span> curl <span class="nt">-sL</span> http://deb.nodesource.com/setup_6.x | bash - <span class="se">\
</span><span class="o">&&</span> <span class="nb">echo</span> <span class="s2">"deb http://dl.yarnpkg.com/debian/ stable main"</span> | <span class="nb">tee</span> /etc/apt/sources.list.d/yarn.list <span class="se">\
</span><span class="o">&&</span> apt-get update <span class="se">\
</span><span class="o">&&</span> apt-get <span class="nb">install</span> <span class="nt">-y</span> <span class="se">\
</span> build-essential <span class="se">\
</span> imagemagick <span class="se">\
</span> nodejs <span class="se">\
</span> yarn
<span class="k">RUN </span><span class="nb">mkdir</span> <span class="nt">-p</span> /var/app
<span class="k">COPY</span><span class="s"> . /var/app</span>
<span class="k">WORKDIR</span><span class="s"> /var/app</span>
<span class="k">RUN </span>bundle <span class="nb">install</span> <span class="o">&&</span> yarn
<span class="k">RUN </span>bundle <span class="nb">exec </span>rake assets:precompile
<span class="k">CMD</span><span class="s"> rails s -b 0.0.0.0</span></code></pre></figure>
<p>This is our instructions to build an image. The first command <code class="highlighter-rouge">FROM</code> specifies to docker that we will use the image <a href="https://hub.docker.com/r/_/ruby/">ruby:2.4.1</a> as our base image.</p>
<p>After, the first RUN command installs all dependencies the app needs: <code class="highlighter-rouge">yarn</code>, <code class="highlighter-rouge">imagemagick</code> and <code class="highlighter-rouge">node</code> (to precompile the assets. A fancy solution is to use a different container only with node and sprockets to precompile the assets). The second <code class="highlighter-rouge">RUN</code> command, creates a folder <code class="highlighter-rouge">/var/app</code> that will be responsible to store the application. The <code class="highlighter-rouge">COPY</code> command moves the current folder to the container in the <code class="highlighter-rouge">/var/app</code> folder. The next <code class="highlighter-rouge">RUN</code> command installs all dependencies from Rails and yarn. The <code class="highlighter-rouge">CMD</code> specify the command that the container should execute when it runs the image. You can learn more about Dockerfile <a href="https://docs.docker.com/engine/reference/builder/">here</a>.</p>
<p>With this file we can build our image.</p>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"> docker build <span class="nt">-t</span> myimage .</code></pre></figure>
<p>With this command, we are building our Dockerfile and generating an image with the tag <code class="highlighter-rouge">myimage</code>.</p>
<p>Running <code class="highlighter-rouge">docker image ls</code> we can check our image.</p>
<p><img src="https://miro.medium.com/max/1040/1*q2LJXXVz4fAXwOD2wp2jjA.png" alt="image_ls" /></p>
<p>Now we can start our application:</p>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"> docker run <span class="nt">-d</span> <span class="nt">-p</span> 3000:3000 myimage</code></pre></figure>
<p>The <code class="highlighter-rouge">-d</code> option tells to docker that this container will run in background and <code class="highlighter-rouge">-p 3000:3000</code> will connect the local port 3000 with the exposed 3000 port from the container.</p>
<p>We can navigate now to <a href="http://localhost:3000">http://localhost:3000</a>.</p>
<p><img src="https://miro.medium.com/max/1400/1*fT58lZr0Pz8zUfEnn43y1Q.png" alt="accessing" /></p>
<p>And we receive this error. This is because our app requires a database connection. We need to run a new container with the database and link both containers so they can communicate with each other. Each container should have only one purpose, so, you should not run more than 1 service in a single container (ie: a container with the application and the database).</p>
<p>Instead of manually run each container, we will use <a href="https://docs.docker.com/compose/">docker compose</a>, a tool to help us to run multi containers applications.</p>
<p>Use <code class="highlighter-rouge">docker ps</code> and <code class="highlighter-rouge">docker kill</code> to destroy your application container.</p>
<p><img src="https://miro.medium.com/max/828/1*M2HI_2fGRmo8knwM9VGQgQ.png" alt="gettheid" /></p>
<p><img src="https://miro.medium.com/max/748/1*3GpKXZWWfJIR5Qa603m_0w.png" alt="killcontainer" /></p>
<p>Create a <code class="highlighter-rouge">docker-compose.yml</code> file:</p>
<figure class="highlight"><pre><code class="language-yaml" data-lang="yaml"><span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3'</span>
<span class="na">services</span><span class="pi">:</span>
<span class="na">db</span><span class="pi">:</span>
<span class="na">image</span><span class="pi">:</span> <span class="s">postgres</span>
<span class="na">volumes</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">/tmp/postgres_data:/var/lib/postgresql/data</span>
<span class="na">redis</span><span class="pi">:</span>
<span class="na">image</span><span class="pi">:</span> <span class="s">redis</span>
<span class="na">web</span><span class="pi">:</span>
<span class="na">build</span><span class="pi">:</span> <span class="s">.</span>
<span class="na">command</span><span class="pi">:</span> <span class="s">bundle exec rails s -p 3000 -b '0.0.0.0'</span>
<span class="na">volumes</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">.:/myapp</span>
<span class="na">ports</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s2">"</span><span class="s">3000:3000"</span>
<span class="na">depends_on</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">db</span>
<span class="pi">-</span> <span class="s">redis</span>
<span class="na">links</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">db</span>
<span class="pi">-</span> <span class="s">redis</span>
<span class="na">environment</span><span class="pi">:</span>
<span class="na">DATABASE_URL</span><span class="pi">:</span> <span class="s">postgres://postgres:@db/</span>
<span class="na">REDIS_URL</span><span class="pi">:</span> <span class="s">redis://redis:6379</span></code></pre></figure>
<p>In this file, we are creating 2 services. One for the database using the postgres image, and another one with our web application using our Dockerfile image.</p>
<p>In the <code class="highlighter-rouge">environment</code> item on <code class="highlighter-rouge">web</code> service, I’m setting the <code class="highlighter-rouge">DATABASE_URL</code> environment variable. If this environment variable is set, rails will use it replacing the loaded configurations from <code class="highlighter-rouge">config/database.yml</code>. Read more about this <a href="http://edgeguides.rubyonrails.org/configuring.html#configuring-a-database">here</a>. DATABASE_URL follows this pattern for postgres:
<code class="highlighter-rouge">postgres://user:password@host/database_name</code>. Since our database user does not have password, we leave empty after the <code class="highlighter-rouge">:</code>. We don’t fill the <code class="highlighter-rouge">database_name</code> because we want the configured one in <code class="highlighter-rouge">config/database.yml</code> (one database name per environment).</p>
<p>Create the databases and run the migrations:</p>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash">docker-compose run <span class="nt">--rm</span> web rake db:create db:migrate</code></pre></figure>
<p>In this command, we will run a container with the <code class="highlighter-rouge">web</code> service and execute the command <code class="highlighter-rouge">rake db:create db:migrate</code>. The <code class="highlighter-rouge">--rm</code> option is to remove the container after the execution.</p>
<p>Run the tests:</p>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash">docker-compose run <span class="nt">--rm</span> <span class="nt">-e</span> <span class="nv">RAILS_ENV</span><span class="o">=</span><span class="nb">test </span>web rake db:drop db:create db:migrate
docker-compose run <span class="nt">--rm</span> web rspec</code></pre></figure>
<p><img src="https://miro.medium.com/max/1400/1*qzMCx1X0ZNlKkKNYSsN3MA.png" alt="success" /></p>
<p>Now we can start the application:</p>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash">docker-compose up</code></pre></figure>
<p>Access <a href="http://localhost:3000">http://localhost:3000</a> again and now our app is working.</p>
<p><img src="https://miro.medium.com/max/1400/1*RlLvjbA3ZZL6CR5U2hBKeQ.png" alt="working" /></p>
<div class="breaker"></div>
<h2 id="configuring-our-pipeline">Configuring our pipeline</h2>
<p>We will use Jenkins pipeline as code to configure our pipeline. Read more about it <a href="https://jenkins.io/solutions/pipeline/">here</a>. We need to have <a href="https://www.docker.com/">docker</a>, <a href="https://stedolan.github.io/jq/">jq</a> and Jenkins installed on CI server.</p>
<p>We will use the following Jenkins plugins: <a href="https://wiki.jenkins-ci.org/display/JENKINS/Blue+Ocean+Plugin">Blue Ocean</a>, <a href="https://wiki.jenkins-ci.org/display/JENKINS/BlueOcean+Pipeline+Editor+Plugin">Blue Ocean Pipeline Editor</a>, <a href="https://wiki.jenkins-ci.org/display/JENKINS/Blue+Ocean+Plugin">GitHub Pipeline for Blue Ocean</a></p>
<p>Create a file named <code class="highlighter-rouge">Jenkinsfile</code> in the project root with the following content:</p>
<figure class="highlight"><pre><code class="language-groovy" data-lang="groovy"><span class="n">pipeline</span> <span class="o">{</span>
<span class="n">agent</span> <span class="n">any</span>
<span class="n">stages</span> <span class="o">{</span>
<span class="n">stage</span><span class="o">(</span><span class="s1">'Build'</span><span class="o">)</span> <span class="o">{</span>
<span class="n">steps</span> <span class="o">{</span>
<span class="n">sh</span> <span class="s1">'docker build -t openjobs:latest .'</span>
<span class="n">sh</span> <span class="s1">'docker-compose build'</span>
<span class="n">sh</span> <span class="s1">'docker-compose run web bundle install'</span>
<span class="n">sh</span> <span class="s1">'docker-compose run web yarn'</span>
<span class="n">sh</span> <span class="s1">'docker-compose run -e RAILS_ENV=test --rm web bundle exec rake db:drop db:create db:migrate'</span>
<span class="o">}</span>
<span class="o">}</span>
<span class="n">stage</span><span class="o">(</span><span class="s1">'Tests'</span><span class="o">)</span> <span class="o">{</span>
<span class="n">steps</span> <span class="o">{</span>
<span class="n">parallel</span><span class="o">(</span>
<span class="s2">"Unit Tests"</span><span class="o">:</span> <span class="o">{</span>
<span class="n">sh</span> <span class="s1">'docker-compose run --name unit --rm web rspec --exclude-pattern "**/features/*_spec.rb"'</span>
<span class="o">},</span>
<span class="s2">"Feature tests"</span><span class="o">:</span> <span class="o">{</span>
<span class="n">sh</span> <span class="s1">'docker-compose run --name feature --rm web rspec spec/features/'</span>
<span class="o">}</span>
<span class="o">)</span>
<span class="o">}</span>
<span class="o">}</span>
<span class="n">stage</span><span class="o">(</span><span class="s1">'Deploy to Staging'</span><span class="o">)</span> <span class="o">{</span>
<span class="n">when</span> <span class="o">{</span>
<span class="n">expression</span> <span class="o">{</span> <span class="n">env</span><span class="o">.</span><span class="na">BRANCH_NAME</span> <span class="o">==</span> <span class="s1">'master'</span> <span class="o">}</span>
<span class="o">}</span>
<span class="n">steps</span> <span class="o">{</span>
<span class="n">echo</span> <span class="s1">'todo: deploy to staging'</span>
<span class="o">}</span>
<span class="o">}</span>
<span class="n">stage</span><span class="o">(</span><span class="s1">'Create feature environment'</span><span class="o">)</span> <span class="o">{</span>
<span class="n">when</span> <span class="o">{</span>
<span class="n">expression</span> <span class="o">{</span> <span class="n">env</span><span class="o">.</span><span class="na">BRANCH_NAME</span> <span class="o">!=</span> <span class="s1">'master'</span> <span class="o">}</span>
<span class="o">}</span>
<span class="n">steps</span> <span class="o">{</span>
<span class="n">echo</span> <span class="s1">'todo: create custom environment'</span>
<span class="o">}</span>
<span class="o">}</span>
<span class="o">}</span>
<span class="o">}</span></code></pre></figure>
<p>We have 4 stages on this pipeline:</p>
<ul>
<li><code class="highlighter-rouge">Build</code>: It will build our Dockerfile and generate an image from this build tagged with openjobs with version named latest . It will use docker-compose to build, install dependencies, create and migrate the database created with compose .</li>
<li><code class="highlighter-rouge">Tests</code>: It will run 2 parallel steps, one to run unit tests, and another to run feature tests.</li>
<li><code class="highlighter-rouge">Deploy to staging</code>: If it is the master branch, it will deploy the app to staging.domain . We will cover this in the next steps.</li>
<li><code class="highlighter-rouge">Create feature environment</code>: If it isn’t the master branch, it will deploy the app to branchname.domain . We will cover this in the next steps.</li>
</ul>
<p>Let’s create our pipeline on Jenkins. Push your code, go to your Jenkins, and access the blue ocean interface and click in the <code class="highlighter-rouge">New Pipeline</code> button:</p>
<p><img src="https://miro.medium.com/max/1400/1*eXA3HCPFSBQ-mvUNWHV8gw.png" alt="new_pipeline" /></p>
<p>In the next screen, select Github, choose you account and find the repository. Click in <code class="highlighter-rouge">Create Pipeline</code></p>
<p><img src="https://miro.medium.com/max/1400/1*_2gQbUaarl7LFVDOKNcqxw.png" alt="create_pipeline" /></p>
<p>And our build is passing 🎉</p>
<p><img src="https://miro.medium.com/max/1400/1*--GrJVBvaS8b7WMavEazew.png" alt="build_passing" /></p>
<p>The red icon on the build is because this step will not run, since the branch built was <code class="highlighter-rouge">master</code>.</p>
<p>Now we need to create our environments after the build and dynamic route a domain to a specific container.</p>
<p>Entering, <a href="https://traefik.io/">Traefik</a></p>
<p><img src="https://miro.medium.com/max/680/1*0A8y77LMVEQtxLSQ_J0zJA.png" alt="traefik" /></p>
<p>Traefik is a tool that will help us make the dynamic routing and act as a load balancer. Example: If I access <code class="highlighter-rouge">http://mybranch.mydomain.com</code>, I want to access the container containing the app with <code class="highlighter-rouge">mybranch</code> that should be started by Jenkins.</p>
<div class="breaker"></div>
<h2 id="creating-dynamic-environments">Creating dynamic environments</h2>
<p>The following steps should be executed on CI server.</p>
<p>We will use <a href="https://docs.docker.com/engine/swarm/">Docker Swarm</a>. It is very helpful to create a docker cluster. I will use only one server to demonstrate, but you are able also to create a cluster.</p>
<p>Initialize swarm cluster:</p>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash">docker swarm init <span class="nt">--advertise-addr</span><span class="o">=</span>10.10.0.5</code></pre></figure>
<p>This will initialize our server as the swarm master. It will generate a command that you can use to join the cluster in other servers.</p>
<p>Create a network that we can use with traefik and our containers:</p>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash">docker network create <span class="nt">--driver</span><span class="o">=</span>overlay <span class="nt">--attachable</span> traefik-net</code></pre></figure>
<p>Initialize traefik:</p>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash">docker service create <span class="se">\</span>
<span class="nt">--name</span> traefik <span class="se">\</span>
<span class="nt">--constraint</span> <span class="s1">'node.role==manager'</span> <span class="se">\</span>
<span class="nt">--publish</span> 80:80 <span class="se">\</span>
<span class="nt">--publish</span> 8081:8080 <span class="se">\</span>
<span class="nt">--mount</span> <span class="nb">type</span><span class="o">=</span><span class="nb">bind</span>,source<span class="o">=</span>/var/run/docker.sock,target<span class="o">=</span>/var/run/docker.sock <span class="se">\</span>
<span class="nt">--network</span> traefik-net <span class="se">\</span>
traefik <span class="se">\</span>
<span class="nt">--docker</span> <span class="se">\</span>
<span class="nt">--docker</span>.swarmmode <span class="se">\</span>
<span class="nt">--docker</span>.domain<span class="o">=</span>apps.carlosribeiro.me <span class="se">\</span>
<span class="nt">--docker</span>.watch <span class="se">\</span>
<span class="nt">--logLevel</span><span class="o">=</span>DEBUG <span class="se">\</span>
<span class="nt">--web</span></code></pre></figure>
<p>This will initialize traefik. You should treat this initialization on some startup script on your server.</p>
<p>If we access our server in 8081 port, we can access traefik dashboard.</p>
<p><img src="https://miro.medium.com/max/1400/1*Let1rhq73CWwjCyWSZgKLw.png" alt="traefik_dashboard" /></p>
<p>The <code class="highlighter-rouge">docker.domain</code> specify that we will access the apps through <code class="highlighter-rouge">appname.apps.carlosribeiro.me</code>. To allow this, I created two alias on my DNS server pointing to the CI server’s IP:</p>
<ul>
<li>apps.carlosribeiro.me</li>
<li>*.apps.carlosribeiro.me</li>
</ul>
<h2 id="editing-jenkinsfile-to-create-the-environments">Editing Jenkinsfile to create the environments</h2>
<p>Lets add a method on Jenkinsfile that will create a environment when the build is triggered.</p>
<figure class="highlight"><pre><code class="language-groovy" data-lang="groovy"><span class="kt">def</span> <span class="nf">createEnvironment</span><span class="o">(</span><span class="n">name</span><span class="o">)</span> <span class="o">{</span>
<span class="n">sh</span> <span class="s2">"docker-compose down"</span>
<span class="n">sh</span> <span class="s2">"docker service rm ${name} || :"</span>
<span class="n">sh</span> <span class="s2">"docker service rm ${name}-pg || :"</span>
<span class="n">sh</span> <span class="s2">"docker service rm ${name}-redis || :"</span>
<span class="n">sh</span> <span class="nl">script:</span> <span class="s2">"""\
docker service create \
--name ${name}-pg \
--network traefik-net \
postgres \
"""</span>
<span class="n">sh</span> <span class="nl">script:</span> <span class="s2">"""\
docker service create \
--name ${name}-redis \
--network traefik-net \
redis \
"""</span>
<span class="n">sh</span> <span class="nl">script:</span> <span class="s2">"""\
docker service create \
--name ${name} \
-e REDIS_URL='redis://${name}-redis:6379' \
-e DATABASE_URL='postgresql://postgres@${name}-pg/openjobs' \
-e RAILS_ENV='production' \
-e SECRET_KEY_BASE='5062c5efb655ca4e40512dc46b5167d7cea579a84160134813583ec1c339c3e390cbcfcf6ae7e31332e6fef9b4654d5068a1fd0a352beff2b1e8f0270908a3bd' \
-e RAILS_SERVE_STATIC_FILES=true \
--label 'traefik.port=3000' \
--network traefik-net \
openjobs:latest \
"""</span>
<span class="n">sh</span> <span class="s2">"docker run -e RAILS_ENV=production -e DATABASE_URL=postgresql://postgres@${name}-pg/openjobs --network traefik-net --rm openjobs:latest rake db:create db:migrate assets:precompile"</span>
<span class="o">}</span></code></pre></figure>
<p>This method will accept an argument to inform the name of the environment. This name will be used to prefix the services name. It will stop all docker-compose containers that are still running. After, it will remove if exist, services with the same name (This is to recreate the environment when we push again to the branch). After, we create 3 services. One for Postgres, another for Redis, and the app itself using the imaged that we built on <code class="highlighter-rouge">build</code> step. The last command, runs a temporary docker container to create and migrate the database and precompile the assets (you can fetch your previously dump from production too).</p>
<p>Look that in the app service, we specify some environment variables.</p>
<ul>
<li><code class="highlighter-rouge">REDIS_URL, DATABASE_URL</code>: Endpoint to connect in both services using the previously created services hosts.</li>
<li><code class="highlighter-rouge">RAILS_ENV</code>: We set it to production . It will enforce that our app should behave like a production environment.</li>
<li><code class="highlighter-rouge">RAILS_SERVE_STATIC_FILES</code>: Since we will not have a nginx in front of the app server, we need to set this to tell rails to service static files for us.</li>
</ul>
<p>-> label ‘traefik.port’ will inform traefik what is the container’s exposed port. In our case, is the 3000.
-> name inform the service name that traefik will identify as the prefix on domain.</p>
<p>Now, lets call this method on our pipeline’s stages.</p>
<figure class="highlight"><pre><code class="language-groovy" data-lang="groovy"><span class="n">stage</span><span class="o">(</span><span class="s1">'Deploy to Staging'</span><span class="o">)</span> <span class="o">{</span>
<span class="n">when</span> <span class="o">{</span>
<span class="n">expression</span> <span class="o">{</span> <span class="n">env</span><span class="o">.</span><span class="na">BRANCH_NAME</span> <span class="o">==</span> <span class="s1">'master'</span> <span class="o">}</span>
<span class="o">}</span>
<span class="n">steps</span> <span class="o">{</span>
<span class="n">echo</span> <span class="s1">'deploy to staging'</span>
<span class="n">createEnvironment</span><span class="o">(</span><span class="s1">'staging'</span><span class="o">)</span>
<span class="o">}</span>
<span class="o">}</span>
<span class="n">stage</span><span class="o">(</span><span class="s1">'Create feature environment'</span><span class="o">)</span> <span class="o">{</span>
<span class="n">when</span> <span class="o">{</span>
<span class="n">expression</span> <span class="o">{</span> <span class="n">env</span><span class="o">.</span><span class="na">BRANCH_NAME</span> <span class="o">!=</span> <span class="s1">'master'</span> <span class="o">}</span>
<span class="o">}</span>
<span class="n">steps</span> <span class="o">{</span>
<span class="n">echo</span> <span class="s1">'create custom environment'</span>
<span class="n">createEnvironment</span><span class="o">(</span><span class="n">env</span><span class="o">.</span><span class="na">BRANCH_NAME</span><span class="o">)</span>
<span class="o">}</span>
<span class="o">}</span></code></pre></figure>
<p>If it is master branch, we will deploy into an app called <code class="highlighter-rouge">staging</code>. If not, it will call the app with the same name of branch.</p>
<p>Look the final Jenkinsfile:</p>
<figure class="highlight"><pre><code class="language-groovy" data-lang="groovy"><span class="n">pipeline</span> <span class="o">{</span>
<span class="n">agent</span> <span class="n">any</span>
<span class="n">stages</span> <span class="o">{</span>
<span class="n">stage</span><span class="o">(</span><span class="s1">'Build'</span><span class="o">)</span> <span class="o">{</span>
<span class="n">steps</span> <span class="o">{</span>
<span class="n">sh</span> <span class="s1">'docker build -t openjobs:latest .'</span>
<span class="n">sh</span> <span class="s1">'docker-compose build'</span>
<span class="n">sh</span> <span class="s1">'docker-compose run web bundle install'</span>
<span class="n">sh</span> <span class="s1">'docker-compose run web yarn'</span>
<span class="n">sh</span> <span class="s1">'docker-compose run -e RAILS_ENV=test --rm web bundle exec rake db:drop db:create db:migrate'</span>
<span class="o">}</span>
<span class="o">}</span>
<span class="n">stage</span><span class="o">(</span><span class="s1">'Tests'</span><span class="o">)</span> <span class="o">{</span>
<span class="n">steps</span> <span class="o">{</span>
<span class="n">parallel</span><span class="o">(</span>
<span class="s2">"Unit Tests"</span><span class="o">:</span> <span class="o">{</span>
<span class="n">sh</span> <span class="s1">'docker-compose run --name unit --rm web rspec --exclude-pattern "**/features/*_spec.rb"'</span>
<span class="o">},</span>
<span class="s2">"Feature tests"</span><span class="o">:</span> <span class="o">{</span>
<span class="n">sh</span> <span class="s1">'docker-compose run --name feature --rm web rspec spec/features/'</span>
<span class="o">}</span>
<span class="o">)</span>
<span class="o">}</span>
<span class="o">}</span>
<span class="n">stage</span><span class="o">(</span><span class="s1">'Deploy to Staging'</span><span class="o">)</span> <span class="o">{</span>
<span class="n">when</span> <span class="o">{</span>
<span class="n">expression</span> <span class="o">{</span> <span class="n">env</span><span class="o">.</span><span class="na">BRANCH_NAME</span> <span class="o">==</span> <span class="s1">'master'</span> <span class="o">}</span>
<span class="o">}</span>
<span class="n">steps</span> <span class="o">{</span>
<span class="n">echo</span> <span class="s1">'deploy to staging'</span>
<span class="n">createEnvironment</span><span class="o">(</span><span class="s1">'staging'</span><span class="o">)</span>
<span class="o">}</span>
<span class="o">}</span>
<span class="n">stage</span><span class="o">(</span><span class="s1">'Create feature environment'</span><span class="o">)</span> <span class="o">{</span>
<span class="n">when</span> <span class="o">{</span>
<span class="n">expression</span> <span class="o">{</span> <span class="n">env</span><span class="o">.</span><span class="na">BRANCH_NAME</span> <span class="o">!=</span> <span class="s1">'master'</span> <span class="o">}</span>
<span class="o">}</span>
<span class="n">steps</span> <span class="o">{</span>
<span class="n">echo</span> <span class="s1">'create custom environment'</span>
<span class="n">createEnvironment</span><span class="o">(</span><span class="n">env</span><span class="o">.</span><span class="na">BRANCH_NAME</span><span class="o">)</span>
<span class="o">}</span>
<span class="o">}</span>
<span class="o">}</span>
<span class="o">}</span>
<span class="kt">def</span> <span class="nf">createEnvironment</span><span class="o">(</span><span class="n">name</span><span class="o">)</span> <span class="o">{</span>
<span class="n">sh</span> <span class="s2">"docker-compose down"</span>
<span class="n">sh</span> <span class="s2">"docker service rm ${name} || :"</span>
<span class="n">sh</span> <span class="s2">"docker service rm ${name}-pg || :"</span>
<span class="n">sh</span> <span class="s2">"docker service rm ${name}-redis || :"</span>
<span class="n">sh</span> <span class="nl">script:</span> <span class="s2">"""\
docker service create \
--name ${name}-pg \
--network traefik-net \
postgres \
"""</span>
<span class="n">sh</span> <span class="nl">script:</span> <span class="s2">"""\
docker service create \
--name ${name}-redis \
--network traefik-net \
redis \
"""</span>
<span class="n">sh</span> <span class="nl">script:</span> <span class="s2">"""\
docker service create \
--name ${name} \
-e REDIS_URL='redis://${name}-redis:6379' \
-e DATABASE_URL='postgresql://postgres@${name}-pg/openjobs' \
-e RAILS_ENV='production' \
-e SECRET_KEY_BASE='5062c5efb655ca4e40512dc46b5167d7cea579a84160134813583ec1c339c3e390cbcfcf6ae7e31332e6fef9b4654d5068a1fd0a352beff2b1e8f0270908a3bd' \
-e RAILS_SERVE_STATIC_FILES=true \
--label 'traefik.port=3000' \
--network traefik-net \
openjobs:latest \
"""</span>
<span class="n">sh</span> <span class="s2">"docker run -e RAILS_ENV=production -e DATABASE_URL=postgresql://postgres@${name}-pg/openjobs --network traefik-net --rm openjobs:latest rake db:create db:migrate assets:precompile"</span>
<span class="o">}</span></code></pre></figure>
<p>Push master and let’s wait Jenkins create our <code class="highlighter-rouge">staging</code> for us.</p>
<p>Our build passes…</p>
<p><img src="https://miro.medium.com/max/1400/1*dXnyUalMlB61BcsFeyDApA.png" alt="build_pass" /></p>
<p>… and our app is deployed on staging:</p>
<p><img src="https://miro.medium.com/max/2000/1*160K0xkSl3dJ83duQ5Mq8g.png" alt="stg_deployed" /></p>
<p>Now let’s open a pull request to change this button color.</p>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash">git checkout <span class="nt">-b</span> 01-change-button-color</code></pre></figure>
<p>Edit <code class="highlighter-rouge">app/assets/stylesheets/application.scss</code></p>
<figure class="highlight"><pre><code class="language-scss" data-lang="scss"><span class="nc">.btn-register-vacancy</span> <span class="p">{</span>
<span class="nl">background-color</span><span class="p">:</span> <span class="mh">#2769ff</span><span class="p">;</span>
<span class="nl">width</span><span class="p">:</span> <span class="m">300px</span><span class="p">;</span>
<span class="nl">height</span><span class="p">:</span> <span class="m">35px</span><span class="p">;</span>
<span class="nl">border-radius</span><span class="p">:</span> <span class="m">5px</span><span class="p">;</span>
<span class="p">}</span></code></pre></figure>
<p>Push this branch, and open a pull request.</p>
<p><img src="https://miro.medium.com/max/1400/1*eLQPHGOVDArlDDrvPmnLXQ.png" alt="pr" /></p>
<p>Github will tell us that the build is pending.</p>
<p>Job is passing</p>
<p><img src="https://miro.medium.com/max/1400/1*vZwLnuEbj8egwCvUQ8cAIg.png" alt="job_passed" /></p>
<p>and Github is informed:</p>
<p><img src="https://miro.medium.com/max/1400/1*W6y5kHRubVrYJgFeACdRIA.png" alt="github_informed" /></p>
<p>And now we have our dynamic environment up and running</p>
<p><img src="https://miro.medium.com/max/2000/1*M_n7-CK4mquX42LkpM_pmQ.png" alt="review_app" /></p>
<p>I can send this URL to a QA or a PO review it before merging. If something is wrong, it can be validated before it is on master.</p>
<p>That’s all</p>
<p>Cheers,
🍻</p>dudribeiroIn this post I will show a simple example about how to create apps for each pull request (or, creating your own Gitlab/Heroku Review App).Creating your cloud servers with Terraform2017-04-04T15:00:00+00:002017-04-04T15:00:00+00:00https://cadu.dev/creating-your-cloud-servers-with-terraform<p>Sometimes when you handle a lot of servers in the cloud, it is pretty easy to get lost on your infrastructure. “Where is that freaking server that I can’t find?”, or even “Why is this instance for?”.</p>
<p>In this post, I will introduce one tool that I found myself liking a lot: To have a bootstrap of an Infrastructure as Code flow in my applications. <a href="https://www.terraform.io/">Terraform</a>.
Infrastructure as Code (IaC) allows us to have a repository with code that describes our infrastructure. This way, we can avoid reminding how rebuild the entire infrastructure for an application. It will be on the code and it can be versioned and tested. And if something goes wrong, we can revert it. It is very useful having a continuous integration of the infrastructure. The whole team knows how it was built and all the pieces. You can apply the same flow that you use in you app code to your infrastructure, i.e: Someone makes a change, open a Pull Request, someone reviews it and after it is approved, you merge and your CI tools apply the changes in your environment.</p>
<div class="breaker"></div>
<h2 id="why-terraform-what-is-the-difference-between-chef-puppet-or-ansible">Why Terraform? What is the difference between Chef, Puppet or Ansible?</h2>
<p>Chef, Puppet and Ansible are IaC tools too, but they focus on <strong>configuring</strong> operating system and applications. They are called Configuration Management Tools and they also can build infrastructure on the cloud with a help of plugins, but usually it is hard to configure and sometimes it is limited. With Terraform you can build from the services to the networking part. You can use Terraform to create the infrastructure and a configuration management tool to configure the applications. Terraform can’t replace your configuration management tool, but it’s made to work together with it.</p>
<p><img src="https://cdn-images-1.medium.com/max/1600/1*sS6MVPyxzhn3O8pA3nw0kg.jpeg" alt="show_me_code" /></p>
<div class="breaker"></div>
<h2 id="a-practical-example">A practical example</h2>
<p>In order to follow this article, you’ll need an AWS account.</p>
<p>Let’s create the servers for our web application. Take a look at this diagram of the resources that we’ll build.</p>
<p><img src="https://cdn-images-1.medium.com/max/1600/1*nYWHvlp87BBsE6gI2TbKYA.png" alt="scenario" /></p>
<p>We will create 2 subnets (one for public access and another private). We have Elastic Load Balancer in the public subnet to handle the traffic to our web servers. Our web servers will be on the private subnet and it will only be accessible through the Load Balancer. This mean that we won’t have direct access to make connections (for example, SSH) on the server. In order to access via SSH an instance on a private subnet, you’ll need a bastion host and connect to the web server through it. Thus, we will create the bastion host on the public subnet.</p>
<p>Before getting your hands dirty, you need to install Terraform. Follow the instructions of <a href="https://www.terraform.io/intro/getting-started/install.html">this link</a> to install it in your machine.</p>
<h3 id="directory-structure">Directory structure</h3>
<p>Let’s create a folder to handle our infrastructure code.</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">mkdir</span> ~/terraform</code></pre></figure>
<p>I like to follow this pattern when working with Terraform:</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>├── modules
│ ├── networking
│ └── web
├── production
└── staging
</code></pre></div></div>
<p>Let’s create this folder structure</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">cd</span> ~/terraform
<span class="nv">$ </span><span class="nb">mkdir</span> <span class="nt">-p</span> modules/<span class="o">{</span>networking,web<span class="o">}</span> production staging</code></pre></figure>
<p>Our <code class="highlighter-rouge">modules</code> folder contains all the <em>shared code</em> to create the pieces of the infrastructure (web servers, app servers, databases, vpc, etc). Each folder inside the <code class="highlighter-rouge">modules</code> folder is related to a specific module.
Next, I have folders for my environments (staging, production, qa, development, etc). Each of this folder contains code to use our shared modules and create a different architecture for each environment (This is my personal approach using Terraform, but feel free to work on a different way).</p>
<h3 id="our-first-module-networking">Our first module: Networking</h3>
<p>Let’s create our networking module. This will be responsible for creating the networking pieces of our infrastructure, like VPC, subnets, routing table, NAT server and the bastion instance.</p>
<p>Before we get deep in the code, I wanna explain how terraform works:</p>
<p>Terraform will provide us with some commands. Some of them are:</p>
<p><em>plan</em>: Displays all the changes that Terraform makes on our infrastructure
<em>apply</em>: Executes all the changes to the infrastructure
<em>destroy</em>: Destroys everything that was created with Terraform</p>
<p>When you run Terraform inside a directory, it loads ALL <code class="highlighter-rouge">.tf</code> files from the directory and execute them (will not load on subfolders). Terraform will first create a graph of the resources to apply only in the final phase, so you don’t need to specify the resources in any specific order. The graph will determine the relations between the resources and ensure that Terraform creates they in the right order.</p>
<h3 id="continuing-on-our-networking-module">Continuing on our networking module</h3>
<p>Enter in the networking module</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">cd </span>modules/networking</code></pre></figure>
<p>Let’s create our first tf file. The one that specifies all variables needed for our module.</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">touch </span>variables.tf</code></pre></figure>
<p>Insert the following content on the variables.tf file:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">variable</span> <span class="s2">"vpc_cidr"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The CIDR block of the VPC"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"public_subnet_cidr"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The CIDR block for the public subnet"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"private_subnet_cidr"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The CIDR block for the private subnet"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"environment"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The environment"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"region"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The region to launch the bastion host"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"availability_zone"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The az that the resources will be launched"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"bastion_ami"</span> <span class="p">{</span>
<span class="n">default</span> <span class="o">=</span> <span class="p">{</span>
<span class="s2">"us-east-1"</span> <span class="o">=</span> <span class="s2">"ami-f652979b"</span>
<span class="s2">"us-east-2"</span> <span class="o">=</span> <span class="s2">"ami-fcc19b99"</span>
<span class="s2">"us-west-1"</span> <span class="o">=</span> <span class="s2">"ami-16efb076"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"key_name"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The public key for the bastion host"</span>
<span class="p">}</span></code></pre></figure>
<p>These are all variables that our networking module needs in order to create all resources. We need the CIDR for the VPC and the subnets, the AWS region that we will use, the key name and the environment that we are building.
This is the way that you specify a variable in Terraform</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">variable</span> <span class="s2">"variable_name"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The description of the variable"</span>
<span class="n">default</span> <span class="o">=</span> <span class="s2">"A default value if this isn't set
}</span></code></pre></figure>
<p>Ok. Now we have our <code class="highlighter-rouge">variables.tf</code> file to specify the interface of our module. Let’s create the file that will create networking stuffs for our module. Create the <code class="highlighter-rouge">main.tf</code> file in the networking folder. (you can specify any name that you want. Remember, all <code class="highlighter-rouge">tf</code> files will be loaded).</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">touch </span>main.tf</code></pre></figure>
<p>Insert the following content on the main.tf file:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">resource</span> <span class="s2">"aws_vpc"</span> <span class="s2">"vpc"</span> <span class="p">{</span>
<span class="n">cidr_block</span> <span class="o">=</span> <span class="s2">"${var.vpc_cidr}"</span>
<span class="n">enable_dns_hostnames</span> <span class="o">=</span> <span class="kp">true</span>
<span class="n">enable_dns_support</span> <span class="o">=</span> <span class="kp">true</span>
<span class="n">tags</span> <span class="p">{</span>
<span class="no">Name</span> <span class="o">=</span> <span class="s2">"${var.environment}-vpc"</span>
<span class="no">Environment</span> <span class="o">=</span> <span class="s2">"${var.environment}"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="sr">/* Internet gateway for the public subnet */</span>
<span class="n">resource</span> <span class="s2">"aws_internet_gateway"</span> <span class="s2">"ig"</span> <span class="p">{</span>
<span class="n">vpc_id</span> <span class="o">=</span> <span class="s2">"${aws_vpc.vpc.id}"</span>
<span class="n">tags</span> <span class="p">{</span>
<span class="no">Name</span> <span class="o">=</span> <span class="s2">"${var.environment}-igw"</span>
<span class="no">Environment</span> <span class="o">=</span> <span class="s2">"${var.environment}"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="sr">/* Elastic IP for NAT */</span>
<span class="n">resource</span> <span class="s2">"aws_eip"</span> <span class="s2">"nat_eip"</span> <span class="p">{</span>
<span class="n">vpc</span> <span class="o">=</span> <span class="kp">true</span>
<span class="p">}</span>
<span class="sr">/* NAT */</span>
<span class="n">resource</span> <span class="s2">"aws_nat_gateway"</span> <span class="s2">"nat"</span> <span class="p">{</span>
<span class="n">allocation_id</span> <span class="o">=</span> <span class="s2">"${aws_eip.nat_eip.id}"</span>
<span class="n">subnet_id</span> <span class="o">=</span> <span class="s2">"${aws_subnet.public_subnet.id}"</span>
<span class="p">}</span>
<span class="sr">/* Public subnet */</span>
<span class="n">resource</span> <span class="s2">"aws_subnet"</span> <span class="s2">"public_subnet"</span> <span class="p">{</span>
<span class="n">vpc_id</span> <span class="o">=</span> <span class="s2">"${aws_vpc.vpc.id}"</span>
<span class="n">cidr_block</span> <span class="o">=</span> <span class="s2">"${var.public_subnet_cidr}"</span>
<span class="n">availability_zone</span> <span class="o">=</span> <span class="s2">"${var.availability_zone}"</span>
<span class="n">map_public_ip_on_launch</span> <span class="o">=</span> <span class="kp">true</span>
<span class="n">tags</span> <span class="p">{</span>
<span class="no">Name</span> <span class="o">=</span> <span class="s2">"${var.environment}-public-subnet"</span>
<span class="no">Environment</span> <span class="o">=</span> <span class="s2">"${var.environment}"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="sr">/* Private subnet */</span>
<span class="n">resource</span> <span class="s2">"aws_subnet"</span> <span class="s2">"private_subnet"</span> <span class="p">{</span>
<span class="n">vpc_id</span> <span class="o">=</span> <span class="s2">"${aws_vpc.vpc.id}"</span>
<span class="n">cidr_block</span> <span class="o">=</span> <span class="s2">"${var.private_subnet_cidr}"</span>
<span class="n">map_public_ip_on_launch</span> <span class="o">=</span> <span class="kp">false</span>
<span class="n">availability_zone</span> <span class="o">=</span> <span class="s2">"${var.availability_zone}"</span>
<span class="n">tags</span> <span class="p">{</span>
<span class="no">Name</span> <span class="o">=</span> <span class="s2">"${var.environment}-private-subnet"</span>
<span class="no">Environment</span> <span class="o">=</span> <span class="s2">"${var.environment}"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="sr">/* Routing table for private subnet */</span>
<span class="n">resource</span> <span class="s2">"aws_route_table"</span> <span class="s2">"private"</span> <span class="p">{</span>
<span class="n">vpc_id</span> <span class="o">=</span> <span class="s2">"${aws_vpc.vpc.id}"</span>
<span class="n">tags</span> <span class="p">{</span>
<span class="no">Name</span> <span class="o">=</span> <span class="s2">"${var.environment}-private-route-table"</span>
<span class="no">Environment</span> <span class="o">=</span> <span class="s2">"${var.environment}"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="sr">/* Routing table for public subnet */</span>
<span class="n">resource</span> <span class="s2">"aws_route_table"</span> <span class="s2">"public"</span> <span class="p">{</span>
<span class="n">vpc_id</span> <span class="o">=</span> <span class="s2">"${aws_vpc.vpc.id}"</span>
<span class="n">tags</span> <span class="p">{</span>
<span class="no">Name</span> <span class="o">=</span> <span class="s2">"${var.environment}-public-route-table"</span>
<span class="no">Environment</span> <span class="o">=</span> <span class="s2">"${var.environment}"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="n">resource</span> <span class="s2">"aws_route"</span> <span class="s2">"public_internet_gateway"</span> <span class="p">{</span>
<span class="n">route_table_id</span> <span class="o">=</span> <span class="s2">"${aws_route_table.public.id}"</span>
<span class="n">destination_cidr_block</span> <span class="o">=</span> <span class="s2">"0.0.0.0/0"</span>
<span class="n">gateway_id</span> <span class="o">=</span> <span class="s2">"${aws_internet_gateway.ig.id}"</span>
<span class="p">}</span>
<span class="n">resource</span> <span class="s2">"aws_route"</span> <span class="s2">"private_nat_gateway"</span> <span class="p">{</span>
<span class="n">route_table_id</span> <span class="o">=</span> <span class="s2">"${aws_route_table.private.id}"</span>
<span class="n">destination_cidr_block</span> <span class="o">=</span> <span class="s2">"0.0.0.0/0"</span>
<span class="n">nat_gateway_id</span> <span class="o">=</span> <span class="s2">"${aws_nat_gateway.nat.id}"</span>
<span class="p">}</span>
<span class="sr">/* Route table associations */</span>
<span class="n">resource</span> <span class="s2">"aws_route_table_association"</span> <span class="s2">"public"</span> <span class="p">{</span>
<span class="n">subnet_id</span> <span class="o">=</span> <span class="s2">"${aws_subnet.public_subnet.id}"</span>
<span class="n">route_table_id</span> <span class="o">=</span> <span class="s2">"${aws_route_table.public.id}"</span>
<span class="p">}</span>
<span class="n">resource</span> <span class="s2">"aws_route_table_association"</span> <span class="s2">"private"</span> <span class="p">{</span>
<span class="n">subnet_id</span> <span class="o">=</span> <span class="s2">"${aws_subnet.private_subnet.id}"</span>
<span class="n">route_table_id</span> <span class="o">=</span> <span class="s2">"${aws_route_table.private.id}"</span>
<span class="p">}</span>
<span class="sr">/* Default security group */</span>
<span class="n">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"default"</span> <span class="p">{</span>
<span class="nb">name</span> <span class="o">=</span> <span class="s2">"${var.environment}-default-sg"</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"Default security group to allow inbound/outbound from the VPC"</span>
<span class="n">vpc_id</span> <span class="o">=</span> <span class="s2">"${aws_vpc.vpc.id}"</span>
<span class="n">ingress</span> <span class="p">{</span>
<span class="n">from_port</span> <span class="o">=</span> <span class="s2">"0"</span>
<span class="n">to_port</span> <span class="o">=</span> <span class="s2">"0"</span>
<span class="n">protocol</span> <span class="o">=</span> <span class="s2">"-1"</span>
<span class="nb">self</span> <span class="o">=</span> <span class="kp">true</span>
<span class="p">}</span>
<span class="n">egress</span> <span class="p">{</span>
<span class="n">from_port</span> <span class="o">=</span> <span class="s2">"0"</span>
<span class="n">to_port</span> <span class="o">=</span> <span class="s2">"0"</span>
<span class="n">protocol</span> <span class="o">=</span> <span class="s2">"-1"</span>
<span class="nb">self</span> <span class="o">=</span> <span class="s2">"true"</span>
<span class="p">}</span>
<span class="n">tags</span> <span class="p">{</span>
<span class="no">Environment</span> <span class="o">=</span> <span class="s2">"${var.environment}"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="n">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"bastion"</span> <span class="p">{</span>
<span class="n">vpc_id</span> <span class="o">=</span> <span class="s2">"${aws_vpc.vpc.id}"</span>
<span class="nb">name</span> <span class="o">=</span> <span class="s2">"${var.environment}-bastion-host"</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"Allow SSH to bastion host"</span>
<span class="n">ingress</span> <span class="p">{</span>
<span class="n">from_port</span> <span class="o">=</span> <span class="mi">22</span>
<span class="n">to_port</span> <span class="o">=</span> <span class="mi">22</span>
<span class="n">protocol</span> <span class="o">=</span> <span class="s2">"tcp"</span>
<span class="n">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span>
<span class="p">}</span>
<span class="n">egress</span> <span class="p">{</span>
<span class="n">from_port</span> <span class="o">=</span> <span class="mi">0</span>
<span class="n">to_port</span> <span class="o">=</span> <span class="mi">0</span>
<span class="n">protocol</span> <span class="o">=</span> <span class="s2">"-1"</span>
<span class="n">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span>
<span class="p">}</span>
<span class="n">ingress</span> <span class="p">{</span>
<span class="n">from_port</span> <span class="o">=</span> <span class="mi">8</span>
<span class="n">to_port</span> <span class="o">=</span> <span class="mi">0</span>
<span class="n">protocol</span> <span class="o">=</span> <span class="s2">"icmp"</span>
<span class="n">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span>
<span class="p">}</span>
<span class="n">tags</span> <span class="p">{</span>
<span class="no">Name</span> <span class="o">=</span> <span class="s2">"${var.environment}-bastion-sg"</span>
<span class="no">Environment</span> <span class="o">=</span> <span class="s2">"${var.environment}"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="n">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"bastion"</span> <span class="p">{</span>
<span class="n">ami</span> <span class="o">=</span> <span class="s2">"${lookup(var.bastion_ami, var.region)}"</span>
<span class="n">instance_type</span> <span class="o">=</span> <span class="s2">"t2.micro"</span>
<span class="n">key_name</span> <span class="o">=</span> <span class="s2">"${var.key_name}"</span>
<span class="n">monitoring</span> <span class="o">=</span> <span class="kp">true</span>
<span class="n">vpc_security_group_ids</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"${aws_security_group.bastion.id}"</span><span class="p">]</span>
<span class="n">subnet_id</span> <span class="o">=</span> <span class="s2">"${aws_subnet.public_subnet.id}"</span>
<span class="n">associate_public_ip_address</span> <span class="o">=</span> <span class="kp">true</span>
<span class="n">tags</span> <span class="p">{</span>
<span class="no">Name</span> <span class="o">=</span> <span class="s2">"${var.environment}-bastion"</span>
<span class="no">Environment</span> <span class="o">=</span> <span class="s2">"${var.environment}"</span>
<span class="p">}</span>
<span class="p">}</span></code></pre></figure>
<p>Here we are creating all the networking part of our infrastructure based on the diagram that we saw. A VPC, both subnets (public and private), the Internet Gateway to the public subnet, the NAT server for the private subnet, the bastion host and all security group for the VPC, allowing inbound and outbound inside the VPC, and the security group for the bastion host, allowing the SSH on the Port 22. You can check <a href="http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html">this link from AWS</a> for more details.</p>
<p>This is how we create a resource on Terraform.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">resource</span> <span class="s2">"resource"</span> <span class="s2">"name"</span> <span class="p">{</span>
<span class="n">attribute</span> <span class="o">=</span> <span class="s2">"value"</span>
<span class="p">}</span></code></pre></figure>
<p>The <code class="highlighter-rouge">resource</code> is the name of the resource that we want to build. Each cloud provider has different resources. For example, <a href="https://www.terraform.io/docs/providers/aws/index.html">these resources</a> from AWS. We can also concatenate values. Remember that we created the variables file? We use them here with the <code class="highlighter-rouge">var.variable_name</code>. Like in this part of the code, which we use the <code class="highlighter-rouge">key_name</code> variable that we specified in the variables file:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"bastion"</span> <span class="p">{</span>
<span class="o">...</span>
<span class="n">key_name</span> <span class="o">=</span> <span class="s2">"${var.key_name}"</span>
<span class="o">...</span>
<span class="p">}</span></code></pre></figure>
<p>This is how we created the instance and called its bastion. You can also get property of this resource in other parts of the code. Example:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">resource</span> <span class="s2">"someresource"</span> <span class="s2">"somename"</span> <span class="p">{</span>
<span class="n">attribute</span> <span class="o">=</span> <span class="s2">"${aws_instance.bastion.id}"</span>
<span class="p">}</span></code></pre></figure>
<p>We use the same idea of var concatenation. But we specify <code class="highlighter-rouge">${resource_type.resource_name.property}</code>.</p>
<p>Our networking module is almost ready. We need to output some variables after the module build the resources, so we can use it in other parts of the code. Terraform has the <a href="https://www.terraform.io/intro/getting-started/outputs.html">output command</a>, allowing us to expose variables.</p>
<p>Create the output.tf file inside the networking folder.</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">touch </span>output.tf</code></pre></figure>
<p>Insert the following content on the <code class="highlighter-rouge">output.tf</code> file:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">output</span> <span class="s2">"vpc_id"</span> <span class="p">{</span>
<span class="n">value</span> <span class="o">=</span> <span class="s2">"${aws_vpc.vpc.id}"</span>
<span class="p">}</span>
<span class="n">output</span> <span class="s2">"public_subnet_id"</span> <span class="p">{</span>
<span class="n">value</span> <span class="o">=</span> <span class="s2">"${aws_subnet.public_subnet.id}"</span>
<span class="p">}</span>
<span class="n">output</span> <span class="s2">"private_subnet_id"</span> <span class="p">{</span>
<span class="n">value</span> <span class="o">=</span> <span class="s2">"${aws_subnet.private_subnet.id}"</span>
<span class="p">}</span>
<span class="n">output</span> <span class="s2">"default_sg_id"</span> <span class="p">{</span>
<span class="n">value</span> <span class="o">=</span> <span class="s2">"${aws_security_group.default.id}"</span>
<span class="p">}</span></code></pre></figure>
<p>This is how we output a variable from our module:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">output</span> <span class="s2">"variable_name"</span> <span class="p">{</span>
<span class="n">value</span> <span class="o">=</span> <span class="s2">"variable value"</span>
<span class="p">}</span></code></pre></figure>
<p>This will allow us to get these variables outside the module.</p>
<h3 id="using-our-module-to-build-the-networking-from-our-environment">Using our module to build the networking from our environment</h3>
<p>Now that our networking module is ready, we can use it to build our networking from our environment (i.e, staging).
This is how our terraform folder looks now:</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>├── modules
│ ├── networking
│ │ ├── main.tf
│ │ ├── output.tf
│ │ └── variables.tf
│ └── web
├── production
└── staging
</code></pre></div></div>
<p>Go into <code class="highlighter-rouge">staging</code> folder.</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">cd</span> ~/terraform/staging</code></pre></figure>
<p>First, create the public key for the staging servers</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>ssh-keygen <span class="nt">-t</span> rsa <span class="nt">-C</span> <span class="s2">"staging_key"</span> <span class="nt">-f</span> ./staging_key</code></pre></figure>
<p>Let’s create our main file. In this file, we will specify information of the AWS provider.</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">touch </span>_main.tf</code></pre></figure>
<p>(We use _ at the beginning of the name because since terraform loads all files alphabetically, we need this to be loaded first, since it will create the keypair)</p>
<p>You can specify things like Access and secret key in some ways:</p>
<ul>
<li>Specify it directly in the provider (not recommended)</li>
</ul>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">provider</span> <span class="s2">"aws"</span> <span class="p">{</span>
<span class="n">region</span> <span class="o">=</span> <span class="s2">"us-west-1"</span>
<span class="n">access_key</span> <span class="o">=</span> <span class="s2">"myaccesskey"</span>
<span class="n">secret_key</span> <span class="o">=</span> <span class="s2">"mysecretkey"</span>
<span class="p">}</span></code></pre></figure>
<ul>
<li>Using the AWS_ACCESS_KEY and AWS_SECRET_KEY environment variables</li>
</ul>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">export </span><span class="nv">AWS_ACCESS_KEY_ID</span><span class="o">=</span><span class="s2">"myaccesskey"</span>
<span class="nv">$ </span><span class="nb">export </span><span class="nv">AWS_SECRET_ACCESS_KEY</span><span class="o">=</span><span class="s2">"mysecretkey"</span>
<span class="nv">$ </span>terraform plan</code></pre></figure>
<p>The second option is recommended because you don’t need to expose your secrets on the file. <em>Bonus point</em>: If you have the <a href="https://aws.amazon.com/pt/cli/">AWS cli</a> you don’t need to export these variables. Only run the <code class="highlighter-rouge">aws configure</code> command and terraform will use the variables that you set on it.</p>
<p>Insert the following content on the _main.tf file:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">provider</span> <span class="s2">"aws"</span> <span class="p">{</span>
<span class="n">region</span> <span class="o">=</span> <span class="s2">"${var.region}"</span>
<span class="p">}</span>
<span class="n">resource</span> <span class="s2">"aws_key_pair"</span> <span class="s2">"key"</span> <span class="p">{</span>
<span class="n">key_name</span> <span class="o">=</span> <span class="s2">"${var.key_name}"</span>
<span class="n">public_key</span> <span class="o">=</span> <span class="s2">"${file("</span><span class="n">staging_key</span><span class="p">.</span><span class="nf">pub</span><span class="s2">")}"</span>
<span class="p">}</span></code></pre></figure>
<p>We will only specify the region to the provider. Both access and secret key, we will rely on the <code class="highlighter-rouge">AWS cli</code>.</p>
<p>Now create the <code class="highlighter-rouge">networking.tf</code> file. It will use our module to create the resources.</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">touch </span>networking.tf</code></pre></figure>
<p>Insert the following content on the networking.tf file:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">module</span> <span class="s2">"networking"</span> <span class="p">{</span>
<span class="n">source</span> <span class="o">=</span> <span class="s2">"../modules/networking"</span>
<span class="n">environment</span> <span class="o">=</span> <span class="s2">"${var.environment}"</span>
<span class="n">vpc_cidr</span> <span class="o">=</span> <span class="s2">"${var.vpc_cidr}"</span>
<span class="n">public_subnet_cidr</span> <span class="o">=</span> <span class="s2">"${var.public_subnet_cidr}"</span>
<span class="n">private_subnet_cidr</span> <span class="o">=</span> <span class="s2">"${var.private_subnet_cidr}"</span>
<span class="n">region</span> <span class="o">=</span> <span class="s2">"${var.region}"</span>
<span class="n">availability_zone</span> <span class="o">=</span> <span class="s2">"${var.availability_zone}"</span>
<span class="n">key_name</span> <span class="o">=</span> <span class="s2">"${var.key_name}"</span>
<span class="p">}</span></code></pre></figure>
<p>This is how we use <a href="https://www.terraform.io/docs/configuration/modules.html">modules on Terraform</a>.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">module</span> <span class="s2">"name"</span> <span class="p">{</span>
<span class="n">source</span> <span class="o">=</span> <span class="s2">"location_path"</span>
<span class="n">attribute</span> <span class="o">=</span> <span class="s2">"value"</span>
<span class="p">}</span></code></pre></figure>
<p>The module attributes are all variables that we specified before in the variables.tf file from our networking module. Look that we are passing more variables to our module attributes. We need our environment to require these variables too. Create the <code class="highlighter-rouge">variables.tf</code> file for our staging environment.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="err">$</span> <span class="n">touch</span> <span class="n">variables</span><span class="p">.</span><span class="nf">tf</span></code></pre></figure>
<p>Add the following content to the <code class="highlighter-rouge">variables.tf</code> file:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">variable</span> <span class="s2">"environment"</span> <span class="p">{</span>
<span class="n">default</span> <span class="o">=</span> <span class="s2">"staging"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"key_name"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The aws keypair to use"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"region"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"Region that the instances will be created"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"availability_zone"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The AZ that the resources will be launched"</span>
<span class="p">}</span>
<span class="c1"># Networking</span>
<span class="n">variable</span> <span class="s2">"vpc_cidr"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The CIDR block of the VPC"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"public_subnet_cidr"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The CIDR block of the public subnet"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"private_subnet_cidr"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The CIDR block of the private subnet"</span>
<span class="p">}</span></code></pre></figure>
<p>This file follows the same pattern of the module’s variables file. These are all variables that we need to build our staging networking piece.</p>
<p>Ok… I think that we are ready to go. Your terraform’s folder structure should be like this:</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>├── modules
│ ├── networking
│ │ ├── main.tf
│ │ ├── output.tf
│ │ └── variables.tf
│ └── web
├── production
└── staging
├── _main.tf
├── networking.tf
└── variables.tf
</code></pre></div></div>
<p>Run this command on <code class="highlighter-rouge">staging</code> folder: (Terraform’s commands should be run on the environments folder).</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">cd</span> ~/terraform/staging
<span class="nv">$ </span>terraform get
<span class="nv">$ </span>terraform plan</code></pre></figure>
<ul>
<li>the <code class="highlighter-rouge">terraform get</code> command only syncs all modules.</li>
</ul>
<p>After executing the <code class="highlighter-rouge">terraform plan</code> command, it will ask you a lot of informations (our variables). Answer they:</p>
<p><img src="https://cdn-images-1.medium.com/max/1600/1*CKnvWOjniPmXHpbI8u6oNA.png" alt="terra_vars" /></p>
<p>It will output a lot of things. Resources that will be created. You can analyze it to check if everything is ok. <code class="highlighter-rouge">terraform plan</code> will output only the planned change of the infrastructure.</p>
<p>Now, let’s apply these modifications.</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>terraform apply</code></pre></figure>
<p>But it is asking for all that information again. To avoid this, you can follow 2 ways to automatically inject variable’s value to Terraform</p>
<ul>
<li>Using a <code class="highlighter-rouge">terraform.tfvars</code> file and remember to ignore this file in your VCS.</li>
<li>Specifying variables in Environment variables. <code class="highlighter-rouge">TF_VAR_environment=staging terraform apply</code> (this can be useful when you run through some CI tool)</li>
</ul>
<p>We will follow the first way. So, create a terraform.tfvars file</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">touch </span>terraform.tfvars</code></pre></figure>
<p>Insert the following content on <code class="highlighter-rouge">terraform.tfvars</code>:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">environment</span> <span class="o">=</span> <span class="s2">"staging"</span>
<span class="n">key_name</span> <span class="o">=</span> <span class="s2">"test"</span>
<span class="n">region</span> <span class="o">=</span> <span class="s2">"us-west-1"</span>
<span class="n">availability_zone</span> <span class="o">=</span> <span class="s2">"us-west-1a"</span>
<span class="c1"># vpc</span>
<span class="n">vpc_cidr</span> <span class="o">=</span> <span class="s2">"10.0.0.0/16"</span>
<span class="n">public_subnet_cidr</span> <span class="o">=</span> <span class="s2">"10.0.1.0/24"</span>
<span class="n">private_subnet_cidr</span> <span class="o">=</span> <span class="s2">"10.0.2.0/24"</span></code></pre></figure>
<p>Now you can run the apply command without being asked for variable’s value.</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>terraform apply</code></pre></figure>
<p><img src="https://cdn-images-1.medium.com/max/1600/1*Lb4nvDoCX_hOyDckORfLOg.png" alt="apply_complete" /></p>
<p>Congratulations..</p>
<p><img src="https://cdn-images-1.medium.com/max/1600/1*6447MjaXTKhttJ5WlqTVpQ.gif" alt="congrats" /></p>
<p>This will generate 2 files on the staging folder: <code class="highlighter-rouge">terraform.tfstate</code> and <code class="highlighter-rouge">terraform.tfstate.backup</code></p>
<p>Terraform controls all their resources on this <code class="highlighter-rouge">terraform.tfstate</code> file. You should <em>NEVER</em> delete this file. If you do, terraform will think that it needs to create new resources and will lose tracking with the others that it has been already created.</p>
<p>And how can I make my team in sync with the state?</p>
<p>You have 2 ways to keep the team with the remote in sync. You can commit this <code class="highlighter-rouge">.tfstate</code> file to your VCS repository, or use <a href="https://www.terraform.io/docs/state/remote.html">Terraform Remote State</a>. If you rely on terraform’s remote state, I really recommend you to use some wrapper tool for Terraform like <a href="https://github.com/gruntwork-io/terragrunt">Terragrunt</a>. It can handle the remote state locking and initializing it for you.</p>
<div class="breaker"></div>
<h3 id="creating-the-web-servers">Creating the web servers</h3>
<p>This is our folder structure until now.</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>├── modules
│ ├── networking
│ │ ├── main.tf
│ │ ├── output.tf
│ │ └── variables.tf
│ └── web
├── production
└── staging
├── _main.tf
├── networking.tf
├── staging_key
├── staging_key.pub
├── terraform.tfstate
├── terraform.tfstate.backup
├── terraform.tfvars
└── variables.tf
</code></pre></div></div>
<p>Go into our <code class="highlighter-rouge">web</code> module</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">cd</span> ~/terrform/modules/web</code></pre></figure>
<p>Following the same flow we used to create the networking module, let’s create our variables file to specify the interface to our module:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">touch </span>variables.tf</code></pre></figure>
<p>Insert the following content on <code class="highlighter-rouge">variables.tf</code>:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">variable</span> <span class="s2">"web_instance_count"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The total of web instances to run"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"region"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The region to launch the instances"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"amis"</span> <span class="p">{</span>
<span class="n">default</span> <span class="o">=</span> <span class="p">{</span>
<span class="s2">"us-east-1"</span> <span class="o">=</span> <span class="s2">"ami-f652979b"</span>
<span class="s2">"us-east-2"</span> <span class="o">=</span> <span class="s2">"ami-fcc19b99"</span>
<span class="s2">"us-west-1"</span> <span class="o">=</span> <span class="s2">"ami-16efb076"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"instance_type"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The instance type to launch"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"private_subnet_id"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The id of the private subnet to launch the instances"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"public_subnet_id"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The id of the public subnet to launch the load balancer"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"vpc_sg_id"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The default security group from the vpc"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"vpc_cidr_block"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The CIDR block from the VPC"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"key_name"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The keypair to use on the instances"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"environment"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The environment for the instance"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"vpc_id"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The id of the vpc"</span>
<span class="p">}</span></code></pre></figure>
<p>Create the main.tf file to handle the creation of the resources.</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">touch </span>main.tf</code></pre></figure>
<p>Insert the following content on <code class="highlighter-rouge">main.tf</code>:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="sr">/* Security group for the web */</span>
<span class="n">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"web_server_sg"</span> <span class="p">{</span>
<span class="nb">name</span> <span class="o">=</span> <span class="s2">"${var.environment}-web-server-sg"</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"Security group for web that allows web traffic from internet"</span>
<span class="n">vpc_id</span> <span class="o">=</span> <span class="s2">"${var.vpc_id}"</span>
<span class="n">ingress</span> <span class="p">{</span>
<span class="n">from_port</span> <span class="o">=</span> <span class="mi">22</span>
<span class="n">to_port</span> <span class="o">=</span> <span class="mi">22</span>
<span class="n">protocol</span> <span class="o">=</span> <span class="s2">"tcp"</span>
<span class="n">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"${var.vpc_cidr_block}"</span><span class="p">]</span>
<span class="p">}</span>
<span class="n">ingress</span> <span class="p">{</span>
<span class="n">from_port</span> <span class="o">=</span> <span class="mi">80</span>
<span class="n">to_port</span> <span class="o">=</span> <span class="mi">80</span>
<span class="n">protocol</span> <span class="o">=</span> <span class="s2">"tcp"</span>
<span class="n">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"${var.vpc_cidr_block}"</span><span class="p">]</span>
<span class="p">}</span>
<span class="n">egress</span> <span class="p">{</span>
<span class="n">from_port</span> <span class="o">=</span> <span class="mi">0</span>
<span class="n">to_port</span> <span class="o">=</span> <span class="mi">0</span>
<span class="n">protocol</span> <span class="o">=</span> <span class="s2">"-1"</span>
<span class="n">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span>
<span class="p">}</span>
<span class="n">ingress</span> <span class="p">{</span>
<span class="n">from_port</span> <span class="o">=</span> <span class="mi">8</span>
<span class="n">to_port</span> <span class="o">=</span> <span class="mi">0</span>
<span class="n">protocol</span> <span class="o">=</span> <span class="s2">"icmp"</span>
<span class="n">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span>
<span class="p">}</span>
<span class="n">tags</span> <span class="p">{</span>
<span class="no">Name</span> <span class="o">=</span> <span class="s2">"${var.environment}-web-server-sg"</span>
<span class="no">Environment</span> <span class="o">=</span> <span class="s2">"${var.environment}"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="n">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"web_inbound_sg"</span> <span class="p">{</span>
<span class="nb">name</span> <span class="o">=</span> <span class="s2">"${var.environment}-web-inbound-sg"</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"Allow HTTP from Anywhere"</span>
<span class="n">vpc_id</span> <span class="o">=</span> <span class="s2">"${var.vpc_id}"</span>
<span class="n">ingress</span> <span class="p">{</span>
<span class="n">from_port</span> <span class="o">=</span> <span class="mi">80</span>
<span class="n">to_port</span> <span class="o">=</span> <span class="mi">80</span>
<span class="n">protocol</span> <span class="o">=</span> <span class="s2">"tcp"</span>
<span class="n">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span>
<span class="p">}</span>
<span class="n">ingress</span> <span class="p">{</span>
<span class="n">from_port</span> <span class="o">=</span> <span class="mi">8</span>
<span class="n">to_port</span> <span class="o">=</span> <span class="mi">0</span>
<span class="n">protocol</span> <span class="o">=</span> <span class="s2">"icmp"</span>
<span class="n">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span>
<span class="p">}</span>
<span class="n">egress</span> <span class="p">{</span>
<span class="n">from_port</span> <span class="o">=</span> <span class="mi">0</span>
<span class="n">to_port</span> <span class="o">=</span> <span class="mi">0</span>
<span class="n">protocol</span> <span class="o">=</span> <span class="s2">"-1"</span>
<span class="n">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span>
<span class="p">}</span>
<span class="n">tags</span> <span class="p">{</span>
<span class="no">Name</span> <span class="o">=</span> <span class="s2">"${var.environment}-web-inbound-sg"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="sr">/* Web servers */</span>
<span class="n">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"web"</span> <span class="p">{</span>
<span class="n">count</span> <span class="o">=</span> <span class="s2">"${var.web_instance_count}"</span>
<span class="n">ami</span> <span class="o">=</span> <span class="s2">"${lookup(var.amis, var.region)}"</span>
<span class="n">instance_type</span> <span class="o">=</span> <span class="s2">"${var.instance_type}"</span>
<span class="n">subnet_id</span> <span class="o">=</span> <span class="s2">"${var.private_subnet_id}"</span>
<span class="n">vpc_security_group_ids</span> <span class="o">=</span> <span class="p">[</span>
<span class="s2">"${aws_security_group.web_server_sg.id}"</span>
<span class="p">]</span>
<span class="n">key_name</span> <span class="o">=</span> <span class="s2">"${var.key_name}"</span>
<span class="n">user_data</span> <span class="o">=</span> <span class="s2">"${file("</span><span class="err">$</span><span class="p">{</span><span class="n">path</span><span class="p">.</span><span class="nf">module</span><span class="p">}</span><span class="o">/</span><span class="n">files</span><span class="o">/</span><span class="n">user_data</span><span class="p">.</span><span class="nf">sh</span><span class="s2">")}"</span>
<span class="n">tags</span> <span class="o">=</span> <span class="p">{</span>
<span class="no">Name</span> <span class="o">=</span> <span class="s2">"${var.environment}-web-${count.index+1}"</span>
<span class="no">Environment</span> <span class="o">=</span> <span class="s2">"${var.environment}"</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="sr">/* Load Balancer */</span>
<span class="n">resource</span> <span class="s2">"aws_elb"</span> <span class="s2">"web"</span> <span class="p">{</span>
<span class="nb">name</span> <span class="o">=</span> <span class="s2">"${var.environment}-web-lb"</span>
<span class="n">subnets</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"${var.public_subnet_id}"</span><span class="p">]</span>
<span class="n">security_groups</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"${aws_security_group.web_inbound_sg.id}"</span><span class="p">]</span>
<span class="n">listener</span> <span class="p">{</span>
<span class="n">instance_port</span> <span class="o">=</span> <span class="mi">80</span>
<span class="n">instance_protocol</span> <span class="o">=</span> <span class="s2">"http"</span>
<span class="n">lb_port</span> <span class="o">=</span> <span class="mi">80</span>
<span class="n">lb_protocol</span> <span class="o">=</span> <span class="s2">"http"</span>
<span class="p">}</span>
<span class="n">instances</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"${aws_instance.web.*.id}"</span><span class="p">]</span>
<span class="n">tags</span> <span class="p">{</span>
<span class="no">Environment</span> <span class="o">=</span> <span class="s2">"${var.environment}"</span>
<span class="p">}</span>
<span class="p">}</span></code></pre></figure>
<p>This file is practically the same from our networking’s main.tf, we are only creating different resources.
Some differences that you can note:</p>
<ul>
<li>In this example we are using the <code class="highlighter-rouge">count</code> attribute. It specifies to Terraform, to create N times this resource. If we pass 5 on the value, it will create 5 instances.</li>
</ul>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"> <span class="n">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"web"</span> <span class="p">{</span>
<span class="n">count</span> <span class="o">=</span> <span class="s2">"${var.web_instance_count}"</span>
<span class="o">...</span>
<span class="p">}</span>
</code></pre></figure>
<p>and you can create dynamic names with the counting number using the count.index property, for example:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"> <span class="n">tags</span> <span class="p">{</span>
<span class="no">Name</span> <span class="o">=</span> <span class="s2">"web-server-${count.index + 1}"</span>
<span class="p">}</span>
</code></pre></figure>
<ul>
<li>We are passing a file to the <code class="highlighter-rouge">user_data</code> property. In order to execute some code on the instance initialization, we need to pass the <code class="highlighter-rouge">user_data</code> attribute to our instance and we are specifying a file.</li>
</ul>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"> <span class="n">user_data</span> <span class="o">=</span> <span class="s2">"${file("</span><span class="err">$</span><span class="p">{</span><span class="n">path</span><span class="p">.</span><span class="nf">module</span><span class="p">}</span><span class="o">/</span><span class="n">files</span><span class="o">/</span><span class="n">user_data</span><span class="p">.</span><span class="nf">sh</span><span class="s2">")}"</span>
</code></pre></figure>
<p>This will load the content of the <code class="highlighter-rouge">user_data.sh</code> file and pass to the attribute.</p>
<p>But we haven’t created this file yet, let’s do it. On the web module folder, create the <code class="highlighter-rouge">files</code> folder and the <code class="highlighter-rouge">user_data.sh</code> file.</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">mkdir </span>files
<span class="nv">$ </span><span class="nb">touch </span>files/user_data.sh</code></pre></figure>
<p>Insert the following content on the <code class="highlighter-rouge">files/user_data.sh</code>:</p>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="c">#!/bin/bash</span>
apt-get update <span class="nt">-y</span>
apt-get <span class="nb">install</span> <span class="nt">-y</span> nginx <span class="o">></span> /var/nginx.log</code></pre></figure>
<p>This will install the nginx when the instance is created.</p>
<p>Now, let’s create the <code class="highlighter-rouge">output.tf</code> file to get the load balancer’s DNS after the execution.</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">touch </span>output.tf</code></pre></figure>
<p>Insert the following content on the <code class="highlighter-rouge">output.tf</code>:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">output</span> <span class="s2">"elb.hostname"</span> <span class="p">{</span>
<span class="n">value</span> <span class="o">=</span> <span class="s2">"${aws_elb.web.dns_name}"</span>
<span class="p">}</span></code></pre></figure>
<p>Our web module is done.</p>
<p>This is how our terraform structure is now:</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>├── modules
│ ├── networking
│ │ ├── main.tf
│ │ ├── output.tf
│ │ └── variables.tf
│ └── web
│ ├── files
│ │ └── user_data.sh
│ ├── main.tf
│ ├── output.tf
│ └── variables.tf
├── production
└── staging
├── _main.tf
├── networking.tf
├── staging_key
├── staging_key.pub
├── terraform.tfstate
├── terraform.tfstate.backup
├── terraform.tfvars
└── variables.tf
</code></pre></div></div>
<div class="breaker"></div>
<h3 id="using-our-web-module">Using our web module</h3>
<p>Let’s back to our staging folder</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">cd</span> ~/terraform
<span class="nv">$ </span><span class="nb">cd </span>staging</code></pre></figure>
<p>Now, we will use our recent created web module. Create a web.tf file</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">touch </span>web.tf</code></pre></figure>
<p>Insert the following content on the <code class="highlighter-rouge">web.tf</code>:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">module</span> <span class="s2">"web"</span> <span class="p">{</span>
<span class="n">source</span> <span class="o">=</span> <span class="s2">"../modules/web"</span>
<span class="n">web_instance_count</span> <span class="o">=</span> <span class="s2">"${var.web_instance_count}"</span>
<span class="n">region</span> <span class="o">=</span> <span class="s2">"${var.region}"</span>
<span class="n">instance_type</span> <span class="o">=</span> <span class="s2">"t2.micro"</span>
<span class="n">private_subnet_id</span> <span class="o">=</span> <span class="s2">"${module.networking.private_subnet_id}"</span>
<span class="n">public_subnet_id</span> <span class="o">=</span> <span class="s2">"${module.networking.public_subnet_id}"</span>
<span class="n">vpc_sg_id</span> <span class="o">=</span> <span class="s2">"${module.networking.default_sg_id}"</span>
<span class="n">key_name</span> <span class="o">=</span> <span class="s2">"${var.key_name}"</span>
<span class="n">environment</span> <span class="o">=</span> <span class="s2">"${var.environment}"</span>
<span class="n">vpc_id</span> <span class="o">=</span> <span class="s2">"${module.networking.vpc_id}"</span>
<span class="n">vpc_cidr_block</span> <span class="o">=</span> <span class="s2">"${var.vpc_cidr}"</span>
<span class="p">}</span></code></pre></figure>
<p>This is pretty much the same way we used in our networking module. We are using almost the same variables that we already specified (except for <code class="highlighter-rouge">web_instance_count</code>. And some variables, we pass the output from our <code class="highlighter-rouge">networking</code> module.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="s2">"${module.networking.public_subnet_id}"</span></code></pre></figure>
<p>This way we get the <code class="highlighter-rouge">public_subnet_id</code> output created on the networking module.</p>
<p>Let’s add the <code class="highlighter-rouge">web_instance_count</code> variable to our <code class="highlighter-rouge">variables.tf</code> file and <code class="highlighter-rouge">terraform.tfvars</code>. This variable represents the number of web instances that we will be created.</p>
<p>Your <code class="highlighter-rouge">variables.tf</code> from staging folder should be like this:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">variable</span> <span class="s2">"environment"</span> <span class="p">{</span>
<span class="n">default</span> <span class="o">=</span> <span class="s2">"staging"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"key_name"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The aws keypair to use"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"region"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"Region that the instances will be created"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"availability_zone"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The AZ that the resources will be launched"</span>
<span class="p">}</span>
<span class="c1"># Networking</span>
<span class="n">variable</span> <span class="s2">"vpc_cidr"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The CIDR block of the VPC"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"public_subnet_cidr"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The CIDR block of the public subnet"</span>
<span class="p">}</span>
<span class="n">variable</span> <span class="s2">"private_subnet_cidr"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The CIDR block of the private subnet"</span>
<span class="p">}</span>
<span class="c1"># Web</span>
<span class="n">variable</span> <span class="s2">"web_instance_count"</span> <span class="p">{</span>
<span class="n">description</span> <span class="o">=</span> <span class="s2">"The total of web instances to run"</span>
<span class="p">}</span></code></pre></figure>
<p>And your <code class="highlighter-rouge">terraform.tfvars</code> should be like this:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">environment</span> <span class="o">=</span> <span class="s2">"staging"</span>
<span class="n">key_name</span> <span class="o">=</span> <span class="s2">"test"</span>
<span class="n">region</span> <span class="o">=</span> <span class="s2">"us-west-1"</span>
<span class="n">availability_zone</span> <span class="o">=</span> <span class="s2">"us-west-1a"</span>
<span class="c1"># vpc</span>
<span class="n">vpc_cidr</span> <span class="o">=</span> <span class="s2">"10.0.0.0/16"</span>
<span class="n">public_subnet_cidr</span> <span class="o">=</span> <span class="s2">"10.0.1.0/24"</span>
<span class="n">private_subnet_cidr</span> <span class="o">=</span> <span class="s2">"10.0.2.0/24"</span>
<span class="c1"># web</span>
<span class="n">web_instance_count</span> <span class="o">=</span> <span class="mi">2</span></code></pre></figure>
<p>Let’s create an <code class="highlighter-rouge">output.tf</code> for our staging environment. With this, we can get the ELB hostname from our web module.</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nb">touch </span>output.tf</code></pre></figure>
<p>Add the following content to <code class="highlighter-rouge">output.tf</code>:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">output</span> <span class="s2">"elb_hostname"</span> <span class="p">{</span>
<span class="n">value</span> <span class="o">=</span> <span class="s2">"${module.web.elb.hostname}"</span>
<span class="p">}</span></code></pre></figure>
<p>This is the final directory structure that we have:</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>├── modules
│ ├── networking
│ │ ├── main.tf
│ │ ├── output.tf
│ │ └── variables.tf
│ └── web
│ ├── files
│ │ └── user_data.sh
│ ├── main.tf
│ ├── output.tf
│ └── variables.tf
├── production
└── staging
├── _main.tf
├── networking.tf
├── output.tf
├── staging_key
├── staging_key.pub
├── terraform.tfstate
├── terraform.tfstate.backup
├── terraform.tfvars
├── variables.tf
└── web.tf
</code></pre></div></div>
<p>You can now run <code class="highlighter-rouge">terraform plan</code> to check which resources will be created. (before, run <code class="highlighter-rouge">terraform get</code> to update the modules)</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>terraform get
<span class="nv">$ </span>terraform plan</code></pre></figure>
<p><img src="https://cdn-images-1.medium.com/max/1600/1*_3j03t04L3BbcAM9B3t5Tg.png" alt="plan" /></p>
<p>Done. Terraform will create 5 new resources from our web module.</p>
<p>Let’s apply it.</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>terraform apply</code></pre></figure>
<p><img src="https://cdn-images-1.medium.com/max/1600/1*zojlSrGMXN93qiHdoZVPhQ.png" alt="applied" /></p>
<p>Yay.. our instances was created. Let’s get our Load Balancer DNS and try to open it on a Browser:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>terraform output elb_hostname</code></pre></figure>
<p>This command will return the DNS from our Load Balancer. Open it on a browser:</p>
<p><img src="https://cdn-images-1.medium.com/max/1600/1*KAFGuGGUKWTWISGD2dqmBQ.png" alt="host" /></p>
<p><img src="https://cdn-images-1.medium.com/max/1600/1*X4llUCSctCV1RBczcOPusw.png" alt="working" /></p>
<p>It’s working!!! With this, you finished the creation of your infrastructure.</p>
<h3 id="final-notes">Final Notes</h3>
<p>Your web instances don’t have public ips:</p>
<p><img src="https://cdn-images-1.medium.com/max/1600/1*SipX4XhQdT5_Z0zYySLmNg.png" alt="instances" /></p>
<p>In order to SSH then, you need to use the bastion host created on the networking module.</p>
<p>Get the bastion host public IP,</p>
<p><img src="https://cdn-images-1.medium.com/max/1600/1*HctNFDW39zAagy7iRyiirQ.png" alt="bastion" /></p>
<p>and SSH on it with the <code class="highlighter-rouge">-A</code> flag to enable agent forwarding:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">chmod </span>400 staging_key.pub
<span class="nv">$ </span>ssh-add <span class="nt">-K</span> staging_key
<span class="nv">$ </span>ssh <span class="nt">-A</span> ubuntu@52.53.227.241</code></pre></figure>
<p>Now, inside the Bastion host, you can connect into your web server private IP:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>ssh ubuntu@10.0.2.113</code></pre></figure>
<p><img src="https://cdn-images-1.medium.com/max/1600/1*jxxGXtybRz43Rw47BacdxA.png" alt="ssh" /></p>
<p>Now, destroy everything</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>terraform destroy</code></pre></figure>
<p>You can get the full code of the example <a href="https://github.com/duduribeiro/terraform_example">here</a>.</p>
<p>That’s all.</p>
<p><img src="https://cdn-images-1.medium.com/max/1600/1*PlGYD6UUSY3wbNzGRAkHSw.gif" alt="thatsall" /></p>
<p>Cheers,
🍻</p>dudribeiroSometimes when you handle a lot of servers in the cloud, it is pretty easy to get lost on your infrastructure. “Where is that freaking server that I can’t find?”, or even “Why is this instance for?”.Connecting on RDS Server that is not publicly accessible2017-01-10T15:00:00+00:002017-01-10T15:00:00+00:00https://cadu.dev/connecting-on-rds-server-that-is-not-publicly-accessible<p>Let’s imagine the following scenario:</p>
<p><img src="https://cdn-images-1.medium.com/max/800/1*hywIXPeJfZtsmJylpYPhNw.png" alt="scenario" /></p>
<p>You have web servers on a public subnet that you can connect and your RDS instance is hosted on a private subnet. This way, your database instance is not publicly accessible through the internet and you can’t connect your local client with it.</p>
<p>It’s not possible to do a:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">mysql <span class="nt">-u</span> user <span class="nt">-p</span> <span class="nt">-h</span> RDS_HOST</code></pre></figure>
<p>To establish a connection with the database, you’ll need to use your public EC2 instances to act as a bridge to the RDS. Let’s make a SSH Tunnel.</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">ssh <span class="nt">-i</span> /path/to/keypair.pem <span class="nt">-NL</span> 9000:RDS_ENDPOINT:3306 ec2-user@EC2_HOST <span class="nt">-v</span></code></pre></figure>
<ul>
<li>
<p><strong>-i /path/to/keypair.pem</strong>: The -i option will inform the ssh which key will be used to connect. If you already added your key with ssh-add, this is not necessary.</p>
</li>
<li>
<p><strong>-NL</strong>: <strong>N</strong> will not open a session with the server. It will set up the tunnel. <strong>L</strong> will set up the port forwarding.</p>
</li>
<li>
<p><strong>9000:RDS_ENDPOINT:3306</strong>: The -L option will make the port forwarding based on this argument. The first number 9000 is the local port that you want to use to connect with the remote host. RDS_ENDPOINT is the RDS host of your database instance. 3306 is the port of the remote host that you want to access (3306 is the MySQL’s default port).</p>
</li>
<li>
<p><strong>ec2-user@EC2_HOST</strong>: How ssh your public EC2 instance.</p>
</li>
<li>
<p><strong>-v</strong>: Is optional. With this you will print the ssh log on your terminal.</p>
</li>
</ul>
<p>With this you can now connect to your private RDS instance using your local client.</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">mysql <span class="nt">-h</span> 127.0.0.1 <span class="nt">-P9000</span> <span class="nt">-u</span> RDS_USER <span class="nt">-p</span></code></pre></figure>
<p>If your EC2 instance is on a private subnet too, you will need to set up a bastion host to make the bridge possible. Bastion host is an instance that will be placed on a public subnet and will be accessible using SSH. You will use the same SSH tunnel, only changing the host used to point the bastion host.</p>
<p>Cheers 🍻</p>dudribeiroLet’s imagine the following scenario:Accepting Emojis on a Rails app with MySQL2016-03-07T14:07:16+00:002016-03-07T14:07:16+00:00https://cadu.dev/accepting-emojis-on-a-rails-app-with-mysql<p>In the past weeks at work, we faced a problem in our application. A user tried to express himself with an emoji in the description field. We were not expecting it then you can imagine what happened. 💥 in production 😱.</p>
<p><img src="https://cdn-images-1.medium.com/max/800/0*QTCcpZBDToKhJpzX.png" alt="emojis_everywhere" /></p>
<p>We received an alert in the team’s chat.</p>
<p><img src="https://cdn-images-1.medium.com/max/800/0*80MUt99SOl1guZEM.png" alt="emojis_everywhere" /></p>
<p>Going through the error details, we can see that MySQL raised an error.</p>
<p><img src="https://cdn-images-1.medium.com/max/800/0*TzEinnXN9U9cXgwA.png" alt="invalid_statement" /></p>
<p>And looking at the request, we can see the emoji in the body attribute:</p>
<p><img src="https://cdn-images-1.medium.com/max/800/0*AFefcxzHWuii1hTu.png" alt="body" /></p>
<p>Why did this happen? Is not <a href="https://en.wikipedia.org/wiki/Emoticons_%28Unicode_block%29">Emoji a unicode character</a> supported by the UTF8?
<strong>Yes</strong>, it is. But some of them uses <strong>4-bytes</strong> to store their data, and if we look at the <a href="http://dev.mysql.com/doc/refman/5.7/en/charset-unicode-utf8.html">UTF8 charset support at MySQL’s oficial doc</a>, we can see that it can only accept <strong>3-bytes</strong>.</p>
<ul>
<li>A maximum of three bytes per multibyte character.</li>
</ul>
<p>It’s a different approach from Postgres’ UTF8. In <a href="http://www.postgresql.org/docs/9.5/static/multibyte.html#CHARSET-TABLE">Postgres charset table</a> we see that UTF8 can store up to 4-bytes, meaning that Postgres already accepts Emojis by default.</p>
<div class="divider"></div>
<h2 id="how-to-store-emojis-on-mysql-database-and-avoid-the-incorrect-string-value-error">How to store Emojis on MySQL database and avoid the Incorrect String value error?</h2>
<p>Let’s check the <a href="http://dev.mysql.com/doc/refman/5.7/en/charset.html">MySQL’s doc</a> again. We can see that in charsets support there is one item called <a href="http://dev.mysql.com/doc/refman/5.7/en/charset-unicode-utf8mb4.html">utf8mb4</a>. It’s a UTF8 with <strong>4-bytes</strong> support. We should use it instead the default 3-bytes only.</p>
<p>I created a <a href="https://github.com/duduribeiro/mysql_emoji_test/">simple scaffold</a> application for demonstration. Let’s use the model <code class="highlighter-rouge">Comment</code> with 2 properties (body and name).</p>
<p>If we try to save the comment with an emoji on the body, it will raise an exception.</p>
<p><img src="https://cdn-images-1.medium.com/max/800/0*JGf5WWhuW7SaMtti.png" alt="form" />
<img src="https://cdn-images-1.medium.com/max/800/0*lneemsbUVPoEoaXo.png" alt="exception" /></p>
<p>Let’s generate a migration to convert this table and the columns to utf8mb4</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>bin/rails g migration change_comments_to_utf8mb4</code></pre></figure>
<p>and add the following content to the migration:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="k">class</span> <span class="nc">ChangeCommentsToUtf8mb4</span> <span class="o"><</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">Migration</span>
<span class="k">def</span> <span class="nf">up</span>
<span class="n">execute</span> <span class="s2">"ALTER TABLE comments CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_bin"</span>
<span class="n">execute</span> <span class="s2">"ALTER TABLE comments MODIFY name VARCHAR(191) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin"</span> <span class="n">execute</span> <span class="s2">"ALTER TABLE comments MODIFY body TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_bin"</span>
<span class="k">end</span>
<span class="k">def</span> <span class="nf">down</span>
<span class="n">execute</span> <span class="s2">"ALTER TABLE comments CONVERT TO CHARACTER SET utf8 COLLATE utf8_bin"</span>
<span class="n">execute</span> <span class="s2">"ALTER TABLE comments MODIFY name VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_bin"</span>
<span class="n">execute</span> <span class="s2">"ALTER TABLE comments MODIFY body TEXT CHARACTER SET utf8 COLLATE utf8_bin"</span>
<span class="k">end</span>
<span class="k">end</span></code></pre></figure>
<p>See that we set the column <code class="highlighter-rouge">name</code> with <code class="highlighter-rouge">VARCHAR(191)</code>. This is because <a href="http://dev.mysql.com/doc/refman/5.7/en/create-index.html">MySQL’s max key length for index on InnoDB engine is 767 bytes</a>. With <code class="highlighter-rouge">utf8</code> (3-bytes), we can store VARCHAR with a maximum of 255 chars (255 chars * 3 bytes = 765 bytes), but with <code class="highlighter-rouge">utf8mb4</code> we can store the maximum of 191 chars (191 chars * 4 bytes = 764 bytes). If you want to store more bytes on the index, please look at <a href="http://dev.mysql.com/doc/refman/5.7/en/innodb-parameters.html#sysvar_innodb_large_prefix">InnoDB large prefix</a>.</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>bin/rake db:migrate</code></pre></figure>
<p>We need to change the <code class="highlighter-rouge">database.yml</code> to set the <strong>encoding</strong> to <strong>utf8mb4</strong>. So, open the <code class="highlighter-rouge">config/database.yml</code> and change the line with</p>
<figure class="highlight"><pre><code class="language-yaml" data-lang="yaml"><span class="na">encoding</span><span class="pi">:</span> <span class="s">utf8</span></code></pre></figure>
<p>to</p>
<figure class="highlight"><pre><code class="language-yaml" data-lang="yaml"><span class="na">encoding</span><span class="pi">:</span> <span class="s">utf8mb4</span></code></pre></figure>
<p>Restart the server and now we can save emoji in our comment 😎.</p>
<p><img src="https://cdn-images-1.medium.com/max/800/0*kXCaEZQ6ZjH9_1-K.png" alt="success" /></p>
<p>If you are creating a new project, I highly recommend to start with <code class="highlighter-rouge">utf8mb4</code> to avoid these issues in the future and eliminate the necessity of a migration for all tables or simply use Postgres instead ♥️</p>
<p>Cheers 🍻</p>dudribeiroIn the past weeks at work, we faced a problem in our application. A user tried to express himself with an emoji in the description field. We were not expecting it then you can imagine what happened. 💥 in production 😱.