Difference between revisions of "Flynn"
(→Useful commands) |
(→Useful commands) |
||
| Line 30: | Line 30: | ||
flynn -a router env set RESTART=1 | flynn -a router env set RESTART=1 | ||
| + | |||
| + | Increase file descriptors for the router (in case of heavy load). Default is 10,000 | ||
| + | |||
| + | flynn -a router limit set router max_fd=40000 | ||
== Git requirements == | == Git requirements == | ||
Revision as of 15:32, 7 March 2017
Open-source PaaS software
Available from https://flynn.io/
Perl applications
There's no out of the box support for Perl PSGI applications, but it just takes a single command to setup the environment.
flynn -a yourappname env set \ BUILDPACK_URL=https://github.com/pnu/heroku-buildpack-perl \ PERL5LIB=/app/lib:/app/local/lib/perl5
There has to be an app.psgi file (the actual filename is app.psgi, that's not a placeholder) in the top directory of your application. If you use the default Catalyst application structure, you should have a 'yourappname.psgi' which can just be renamed to app.psgi
Useful commands
Recover dashboard login token:
flynn -a dashboard env | grep LOGIN_TOKEN
Increase temporary disk space for web service (default 100MB)
flynn limit set web temp_disk=200MB
Restart the router app
flynn -a router env set RESTART=1
Increase file descriptors for the router (in case of heavy load). Default is 10,000
flynn -a router limit set router max_fd=40000
Git requirements
Requires git 1.8.5 or higher for seamless publishing via git
1.8.3 (CentOS7 default) requires an environment variable to publish app due to the self-signed SSL certificate. Since the CA certificate is stored within ~/.flynn/ when you setup the cluster, the GIT_SSL_CAINFO env can be used to specify the CA used.
$ GIT_SSL_CAINFO=~/.flynn/ca-certs/default.pem git push flynn master
Below 1.7.3 (e.g CentOS6 default of 1.7.1) there's a little more work required because it doesn't support the credential helper. You'll need the key for your flynn cluster which can be found with:
$ grep Key ~/.flynnrc
Key = "44161646005d26ede2c6687aaaaaaaaa"
$ git remote get-url flynn https://git.flynn1.bocks.com/myapp.git $ git remote set-url flynn https://:44161646005d26ede2c6687aaaaaaaaa@git.flynn1.bocks.com/myapp.git
To push the repository with git 1.7.x, you still need the GIT_SSL_CAINFO env as for git 1.8.3
See Updating Git for instructions.
Firewall
Flynn requires a bunch of firewall rules to secure the API from external users.
ufw allow ssh ufw allow http ufw allow https ufw allow 3000:3500/tcp ufw allow from a.b.c.d # repeat for each node IP address if in a cluster ufw enable ufw allow in on flynnbr0 ufw allow in on flannel.1
This next line is only required if you want to give connection refused instead of silently dropping packets.
ufw default REJECT
Because applications run in Docker, ufw needs to forward some traffic so edit the ufw config /etc/default/ufw and change
DEFAULT_FORWARD_POLICY="DROP"
to
DEFAULT_FORWARD_POLICY="ACCEPT"
Then reload the firewall
ufw reload
The full information about these rules can be found at https://www.philiplb.de/flynn/2016/04/19/flynn-ufw/
