OK … after much climbing the AWS, EC2, IAM etc curve and stumbling in the dark, I have tried to follow the instructions as previously kindly provided but unfortunately and numerous attempts unable to deploy OR so far …
17422 / 17422ERROR:root:stderr: b"\nAn error occurred (ValidationError) when calling the CreateStack operation: AccessDenied. User doesn’t have permission to call ssm:GetParameters\n"
Any clues as to where I’m going wrong very appreciated.
I’m not convinced I have done the following correctly …
Quick update … I redid user adding all the permissions listed in or guide and this thread, IAM, EC2, SNS etc … and tried again and got the following …
[ec2-user@ip-172-31-90-79 ~]$ openremote-cli deploy --provider aws --dnsname host.domain --region us-east-1 To see commands use -v switch (-vvv for debug)
Deploying OR… This usually takes less than 15 minutes.
After approx. 10mins it fails … with following errors …
ERROR:root:stderr: b’\nWaiter StackCreateComplete failed: Waiter encountered a terminal failure state: For expression “Stacks[].StackStatus” we matched expected path: “CREATE_FAILED” at least once\n’ ERROR:root:Exiting main because of uncached: (255, ‘\nWaiter StackCreateComplete failed: Waiter encountered a terminal failure state: For expression “Stacks[].StackStatus” we matched expected path: “CREATE_FAILED” at least once\n’) Traceback (most recent call last):
File “/home/ec2-user/.local/lib/python3.7/site-packages/openremote_cli/cli.py”, line 624, in main*
OpenRemote(sys.argv[1:], parser=parser)*
File “/home/ec2-user/.local/lib/python3.7/site-packages/openremote_cli/cli.py”, line 71, in init*
getattr(self, command)(arguments)*
File “/home/ec2-user/.local/lib/python3.7/site-packages/openremote_cli/cli.py”, line 161, in deploy*
args.password, args.dnsname, args.region*
File “/home/ec2-user/.local/lib/python3.7/site-packages/openremote_cli/scripts.py”, line 199, in deploy_aws*
This is probably point where there are problems. You should own domain and add hosted zone in route 53 for it. The cloud formation tries insert A record with host to it. For example we own openremote.io domain and I’ve created Route 53 hosted zone mvp.openremote.io on our AWS account. Then I use -dnsname test.mvp.openremote.io and after creation I can access the openremote host on https://test.mvp.openremote.io.
Secondly, it is not necessary to run openremote-cli --provider aws from EC2 instance. This option is meant to run from local machine as it creates a new EC2 instance.
This is only domain, you should add host to it - e.g. --dnsname test.microgro.co.
docker-compose: command not found is self explaining. You don’t have docker-compose installed on your EC2 box. You can either use --provider aws which spins a new EC2 instance with docker-compose preinstalled or install docker-compose on your EC2 host:
This is in fact a different error message. The previous one was from /bin/sh: docker-compose: command not found and now it is from docker-compose itself. It is complaining about Not, I suspect that docker-compose isn’t installed properly. Try to run
> docker-compose --version
Docker Compose version v2.5.1
Check what is inside your /usr/local/bin/docker-compose file
many thanks for all this help but to no avail … i still need to use sudo to get docker-compose version … and still getting same errors when trying to install. (sigh)
I obviously messed up somewhere in my initial setup … hardly surprising as the whole aws ec2 thing is totally new to me.
I’m going to terminate this instance and start again … hopefully more carefully and armed with a little bit more experience and familiarity.
You are mixing 2 things. Deploying openremote stack on a fresh EC2 instance with deploying it locally. Anyway, if you say that or deploy --provider aws --dnsname test.iot.microgro.co --region us-east-1 -v runs without errors this means that it already created A record in route53 and was able to perform health check of the deployed stack. Just look at the command output and try to understand what this feedback means. However, you are saying that there is no access to test.iot.microgro.co, which is strange as it should be reported as error during or deploy... command. By the way is your hosting zone public? With private hosting zone you will be able to access this host only within VPC.
ah … yes … you are right … confused about local and newly created instance …
and yes … the A record was created for test.iot.microgro.co in r53 … but still no joy in accessing the OR login page
Soo … I’ve gone back and used my original microgro.co instance to deploy a new stack to new instance
test1.iot.microgro.co … then ssh to this instance and tried following and got the following warnings …
$docker-compose pull
WARN[0000] The “OR_HOSTNAME” variable is not set. Defaulting to a blank string.
WARN[0000] The “OR_EMAIL_USER” variable is not set. Defaulting to a blank string.
WARN[0000] The “OR_EMAIL_PASSWORD” variable is not set. Defaulting to a blank string.
WARN[0000] The “OR_HOSTNAME” variable is not set. Defaulting to a blank string.
WARN[0000] The “OR_HOSTNAME” variable is not set. Defaulting to a blank string.
