Discourse setup in GCE


(Jzhu077) #1

I followed this discourse/INSTALL-cloud.md at master · discourse/discourse · GitHub to create a docker image and pushed it onto google container registry.

After I deploy it with

apiVersion: v1
kind: Service
metadata:
  name: web-server
  labels:
    app: web-server
spec:
  ports:
    - port: 80
      protocol: TCP
      targetPort: 80
  selector:
    app: web-server
  sessionAffinity: None
  type: LoadBalancer
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: web-server
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: web-server
    spec:
      containers:
      - name: web-server
        image: gcr.io/platform-161007/discourse:com
        command: ["/sbin/boot"]
        ports:
        - containerPort: 80

        resources:
          requests:
            cpu: 500m
            memory: 1Gi
          limits:
            cpu: 1
            memory: 2Gi
        imagePullPolicy: Always

I got this error:

run-parts: executing /etc/runit/1.d/00-ensure-links
run-parts: executing /etc/runit/1.d/00-fix-var-logs
run-parts: executing /etc/runit/1.d/anacron
run-parts: executing /etc/runit/1.d/cleanup-pids
Cleaning stale PID files
run-parts: executing /etc/runit/1.d/copy-env
run-parts: executing /etc/runit/1.d/enable-brotli
run-parts: executing /etc/runit/1.d/letsencrypt
/etc/runit/1.d/letsencrypt: line 4: /shared/letsencrypt/acme.sh: No such file or directory
/etc/runit/1.d/letsencrypt: line 6: cd: /shared/letsencrypt/discuss.junyuzhu.com: No such file or directory
/etc/runit/1.d/letsencrypt: line 8: /shared/letsencrypt/acme.sh: No such file or directory
/etc/runit/1.d/letsencrypt: line 11: /shared/letsencrypt/acme.sh: No such file or directory
Started runsvdir, PID is 69
ok: run: redis: (pid 84) 0s
ok: run: postgres: (pid 80) 0s
rsyslogd: command 'KLogPermitNonKernelFacility' is currently not permitted - did you already set it via a RainerScript command (v6+ config)? [v8.16.0 try http://www.rsyslog.com/e/2222 ]
rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted.
rsyslogd: activation of module imklog failed [v8.16.0 try http://www.rsyslog.com/e/2145 ]
rsyslogd: Could not open output pipe '/dev/xconsole':: No such file or directory [v8.16.0 try http://www.rsyslog.com/e/2039 ]
nginx: [emerg] BIO_new_file("/shared/ssl/discuss.junyuzhu.com.cer") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/discuss.junyuzhu.com.cer','r') error:2006D080:BIO routines:BIO_new_file:no such file)
supervisor pid: 81 unicorn pid: 94
nginx: [emerg] BIO_new_file("/shared/ssl/discuss.junyuzhu.com.cer") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/discuss.junyuzhu.com.cer','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/shared/ssl/discuss.junyuzhu.com.cer") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/discuss.junyuzhu.com.cer','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/shared/ssl/discuss.junyuzhu.com.cer") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/discuss.junyuzhu.com.cer','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/shared/ssl/discuss.junyuzhu.com.cer") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/discuss.junyuzhu.com.cer','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/shared/ssl/discuss.junyuzhu.com.cer") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/discuss.junyuzhu.com.cer','r') error:2006D080:BIO routines:BIO_new_file:no such file)
config/unicorn_launcher: line 44: kill: (94) - No such process
config/unicorn_launcher: line 10: kill: (94) - No such process
exiting

What did I miss?


(Matt Palmer) #2

Getting an SSL certificate, by the look of it.


(Jzhu077) #3

I have set up the ingress to obtain the SSL key via kube-lego (let’s encrypt) once the service backend passes the health check, but that never happens because the container is not running because of the missing SSL key? This looks like a deadlock to me.

Also, when the container is run by the discourse-setup binary locally it didn’t complain about

/etc/runit/1.d/letsencrypt: line 4: /shared/letsencrypt/acme.sh: No such file or directory
/etc/runit/1.d/letsencrypt: line 6: cd: /shared/letsencrypt/discuss.junyuzhu.com: No such file or directory
/etc/runit/1.d/letsencrypt: line 8: /shared/letsencrypt/acme.sh: No such file or directory
/etc/runit/1.d/letsencrypt: line 11: /shared/letsencrypt/acme.sh: No such file or directory