Convox Installer

A Ruby gem that makes it easier to build a Convox installation script. The main purpose of this gem is to make it easier to set up on-premise installations of your app for enterprise users.

This gem provides a DSL so that you can write a script that walks your users through setting up Convox and getting your app and running, setting up S3 buckets, etc.

Requirements

  • MacOS
  • Convox v3 CLI

Please let us know if you need to run this script on Linux. Linux support should not be too difficult to implement, but unfortunately we probably won't be able to support Windows.

Requires Convox >= 3

This version of convox_installer is only designed to work with Convox 3 and later. You can run convox version to check your version. Please install the Convox v3 CLI by following the instructions here: https://docs.convox.com/getting-started/introduction/

If you want to set up a Convox v2 rack (deprecated), the last version of convox_installer that supports the v2 CLI is 1.0.9. (Take a look at the convox2 branch.)

USE AT YOUR OWN RISK! THIS CODE IS PROVIDED WITHOUT ANY WARRANTIES OR GUARANTEES

We have successfully set up a number of test and production deployments using this gem. Everything seems to work very well. The library also facilitates idempotency and crash-resistance, so you can easily re-run your installation script if something goes wrong. However, if anything goes wrong, then you can end up with a large AWS bill if you're not careful. If anything crashes then make sure you double-check everything in your AWS account and shut down any leftover resources. USE THIS SOFTWARE AT YOUR OWN RISK.

Features

  • Idempotent. If this script crashes, you can restart it and it will pick up where it left off. Every step looks up the existing state, and only makes a change if things are not yet set up (or out of sync).
  • Ensures that the convox and terraform CLI tools are installed
  • Wraps the convox CLI and parses JSON output from API calls
  • Add a Docker Repository (e.g. ECR registry)
  • Set up an S3 bucket with an optional CORS policy
  • Set up an RDS database (Postgres)
  • Set up an Elasticache cluster (Redis)

Introduction

Convox is an awesome open source PaaS, which is like Heroku for your own AWS account. convox/rack is completely open source and free to use, but you can also sign up for a free or paid account to use the hosted service on convox.com.

convox_installer is a Ruby gem that makes it much easier to build an installation script for convox/rack (the open source PaaS). The Convox CLI is awesome, but it's missing a nice way to script a full deployment. I originally wrote a bash script that made API calls and used jq and sed, but this was very error-prone and it did not have good cross-platform support.

I've written this installation script in Ruby, which provides very good cross-platform support, and also allows me to write tests.

Usage

Create a new Ruby file (e.g. install.rb), and use bundler/inline to install and require the convox_installer gem. Your install script should start like this:

#!/usr/bin/env ruby
require 'bundler/inline'

gemfile do
  source 'https://rubygems.org'
  gem 'convox_installer', '3.0.0'
end

require "convox_installer"
include ConvoxInstaller

Including the include ConvoxInstaller gives you some Ruby methods that you can call to construct an installation workflow. See the "ConvoxInstaller DSL" section below.

You should create a new git repo for your own installation script, and then use the provided classes and methods to build your own installation workflow. You must also include a convox.yml (or a convox.example.yml).

You can see a complete example in examples/full_installation.rb.

Config

Config is loaded from ENV vars, or from saved JSON data at ./.installer_config.json. The script will save all of the user's responses into ./.installer_config.json (in the current directory).

Customize the Config Prompts

You can set your own config prompts in your own installation script, by setting a @prompts instance variable. You can extend the default config prompts like this:

@prompts = ConvoxInstaller::Config::DEFAULT_PROMPTS + [
  {
    section: "Docker Authentication",
    info: "You should have received authentication details for the Docker Registry\n" \
    "via email. If not, please contact [email protected]",
  },
  {
    key: :docker_registry_url,
    title: "Docker Registry URL",
    value: "1234567890.dkr.ecr.us-east-1.amazonaws.com",
  },
  {
    key: :docker_registry_username,
    title: "Docker Registry Username",
  },
  {
    key: :docker_registry_password,
    title: "Docker Registry Password",
  }
]

Prompt API:

The @prompts variable must be an array of hashes. There are two kinds of hashes:

Section Heading

Shows a heading and optional details.

{
  section: "The heading for this config section",
  info: "Description about this config section"
}

Config Prompt

  • A config prompt with a default value:
{
  key: :config_key_name,
  title: "Title to show in the user prompt / config summary",
  prompt: "Question to show the user",
  default: "default value",
}
  • Set a value from a Proc, and don't prompt the user:
  {
    key: :config_key_name,
    title: "Title to show in the config summary",
    value: -> () { "string-with-random-suffix-#{SecureRandom.hex(4)}" },
  }
  • Set a value, and hide this setting from the user (even in the summary):
  {
    key: :config_key_name,
    value: "Config Value",
    hidden: true,
  },

ConvoxInstaller DSL

ensure_requirements!

Makes sure that the convox and terraform CLI tools are installed on this system. If not, shows installation instructions and exits.

prompt_for_config

Loads config from ENV vars, or from saved config at ./.installer_config.json. If any config settings are missing, it prompts the user for input. Finally, it shows a summary of the config, and asks the user if they want to proceed with the installation. If the user enters y (or yes), the prompt_for_config method completes. If they enter n (or no), we loop over every setting and let them press "enter" to keep the current value, or provide a new value to correct any mistakes.

install_convox

  • Required Config: aws_region, aws_access_key_id, aws_secret_access_key, stack_name, instance_type

Runs convox rack install .... Has some validations to ensure that all required settings are present.

validate_convox_rack_and_write_current!

Ensures that the local machine contains a directory for the rack's terraform config, and sets the current rack for Convox CLI commands.

validate_convox_rack_api!

Makes an API request (convox api get /system) to get the rack details, and makes sure that everything is correct.

convox_rack_data

Returns a Ruby hash with all convox rack data.

create_convox_app!

  • Required Config: convox_app_name

Checks if the app already exists. If not, calls convox apps create ... --wait to create a new app. Then waits for the app to be ready. (Avoids an occasional race condition.)

set_default_app_for_directory!

Writes the app name into ./.convox/app (in the current directory.) The convox CLI reads this file, so you don't need to specify the --app flag for future commands.

add_s3_bucket

Adds an S3 bucket to your Terraform config.

  • Required Config: s3_bucket_name

NOTE: This method just writes a new Terraform configuration file. You must run apply_terraform_update! to apply the changes and create the S3 bucket.

Creates an S3 bucket from the :s3_bucket_name config setting. This is not a default setting, so you can add something like this to your custom @prompts:

  {
    key: :s3_bucket_name,
    title: "S3 Bucket for uploads",
    value: -> () { "yourapp-uploads-#{SecureRandom.hex(4)}" },
  }

The :value Proc will generate a bucket name with a random suffix. (Avoids conflicts when you are setting up multiple deployments for your app.)

You can also set a CORS policy for your S3 bucket. (:s3_bucket_name) We set the cors_rule option for the aws_s3_bucket resource in the Terraform configuration. Example:

   cors_rule {
    allowed_headers = ["*"]
    allowed_methods = ["PUT", "POST"]
    allowed_origins = ["https://s3-website-test.hashicorp.com"]
    expose_headers  = ["ETag"]
    max_age_seconds = 3000
  }

See: https://registry.terraform.io/providers/hashicorp/aws/3.33.0/docs/resources/s3_bucket#using-cors

Note: If the :s3_bucket_cors_rule setting is not provided, then it is skipped.

Here's how we set up a CORS policy in our own install.rb script:

xxxxc = <<-TERRAFORM
  cors_rule {
    allowed_headers = ["Authorization", "cache-control", "x-requested-with"]
    allowed_methods = ["PUT", "POST", "GET"]
    allowed_origins = ["*"]
    expose_headers  = []
    max_age_seconds = 3000
  }
TERRAFORM

@prompts = [
  {
    key: :s3_bucket_cors_rule,
    value: S3_BUCKET_CORS_RULE,
    hidden: true,
  }
]

add_rds_database

Adds an RDS database to your Terraform config.

  • Required Config:
    • database_username
    • database_password
  • Optional Config:
    • database_allocated_storage (default: 30)
    • database_engine (default: 'postgres')
    • database_engine_version (default: '15.7')
    • database_instance_class (default: 'db.t3.small')
    • database_multi_az (default: true)

add_elasticache_cluster

Adds an Elasticache cluster to your Terraform config.

  • Optional Config:
    • engine (default: 'redis')
    • engine_version (default: '7.1')
    • node_type (default: 'cache.t3.medium')
    • num_cache_nodes (default: 1)
    • port (default: 6379)

apply_terraform_update!

Runs terraform apply -auto-approve to apply any changes to your Terraform configuration (add new resources, etc.)

rds_details

Returns information about the created RDS database resource.

{
  postgres_url: "Full URL for the RDS database (including auth)",
}

elasticache_details

Returns information about the created RDS database resource.

{
  redis_url: "Full URL for the Redis cluster",
}

s3_bucket_details

  • Required Config: s3_bucket_name

Get the S3 bucket details for s3_bucket_name. Parses the URL and returns a hash:

{
  access_key_id: "AWS Access Key ID",
  secret_access_key: "AWS Secret Access Key",
  name: "Full S3 Bucket Name (includes the rack/app)",
}

I use these S3 bucket details to set env variables for my app. (convox env set ...)

add_docker_registry!

  • Required Config: docker_registry_url, docker_registry_username, docker_registry_password

Checks the list of registries to see if docker_registry_url has already been added. If not, runs convox registries add ... to add a new Docker registry (e.g. Docker Hub, ECR).

default_service_domain_name

  • Required Config: convox_app_name
  • Optional Config: default_service

Finds the default *.convox.cloud URL for the web service. (You can visit this URL in the browser to access your app.)

Example: web.docspring.dc6bae48c2e36366.convox.cloud

You can override the default service name in your config (e.g. web):

@prompts = [
  # ...
  {
    key: :default_service,
    title: "Default Convox Service (for domain)",
    value: "web",
    hidden: true,
  }
]

(This hidden setting isn't visible to the user.)

run_convox_command!(cmd)

Runs a convox CLI command, and shows all output in the terminal. Crashes the script with an error if the convox command has a non-zero exit code.

If you want to run convox env set MYVAR=value, then you would call:

run_convox_command! 'env set MYVAR=value'

License

MIT