I’m sorry but I don’t know enough about raw docker-compose deploing. It has changed a lot since the last time I’ve used it. I would like to understand though what gives you such hard time to use openremote-cli? What do you see in the output of this command. Can you share it?
I have followed the or-cli guide and all aok until the following …
(Including using the --remove . command to remove test and test1 instances successfully).
However, the following deploy command produces an error …
$or deploy --provider aws --dnsname gro1.iot.microgro.co -v
If you need help go to https://forum.openremote.io/
Deploying OR… This usually takes less than 15 minutes.
> aws configure list-profiles
> aws ec2 describe-key-pairs --key-names openremote --profile openremote-cli
ERROR:root:stderr: b"\nAn error occurred (InvalidKeyPair.NotFound) when calling the DescribeKeyPairs operation: The key pair ‘openremote’ does not exist\n"
I have previously created the ‘openremote’ key pair which is clearly shown on my ec2 Dashboard.
Any idea why I’m getting this error … do I need to ‘associate’ the openremote key pair with my microgro.co domain instance?
Do I need to be logged in as root?
thx
Note that key pairs are region dependent. Previously you’ve specified region us-east-1 and now you are using a default region which can be different. Simply make sure that openremote key pair exists in the region you are deploying (probably eu-west-1)
> aws configure get region --profile openremote-cli
eu-west-1
yea … tried the eu-west-1 and errors … then tried us-east-1 … and the stack deployed …
Stack deployed, waiting for startup to complete …
Mind that running it cost money 
! To free resources execute:
aws cloudformation delete-stack --stack-name gro1-53f3d5f6-5767-44eb-8d6a-5470c234ceb4 --profile openremote-cli --region=us-east-1
check running stack with health command:
or deploy -a health --dnsname gro1.iot.microgro.co -v
[ec2-user@ip-172-31-90-79 ~]$ or deploy -a health --dnsname gro1.iot.microgro.co -v
If you need help go to https://forum.openremote.io/
Error calling
curl https://gro1.iot.microgro.co/api/master/info
However, as above … -a health created error.
Also, nav public ip produces 503 service unavailable … ?
Any thoughts or tips?
thx
ssh into gro1 instance and tried following …
[ec2-user@ip-172-31-81-168 ~]$ or deploy -a health -v
If you need help go to https://forum.openremote.io/
Error calling
curl https://localhost/api/master/info
[ec2-user@ip-172-31-81-168 ~]$ or deploy -a health -vvv
DEBUG:root:Namespace(config_file=‘~/.openremote/config.ini’, dry_run=False, no_telemetry=False, quiet=False, verbose=3)
INFO:root:Using /home/ec2-user/.openremote/config.ini as config
DEBUG:root:adding deploy parser
DEBUG:root:adding prerequisites parser
DEBUG:root:Namespace(action=‘health’, command=‘deploy’, config_file=‘~/.openremote/config.ini’, dnsname=‘localhost’, dry_run=False, no_telemetry=False, password=‘secret’, provider=‘localhost’, quiet=False, region=‘us-east-1’, verbose=3, with_email=False)
DEBUG:root:command: deploy
If you need help go to https://forum.openremote.io/
DEBUG:root:dispatching deploy([‘deploy’, ‘-a’, ‘health’, ‘-vvv’])
INFO:root:Namespace(action=‘health’, command=‘deploy’, config_file=‘~/.openremote/config.ini’, dnsname=‘localhost’, dry_run=False, no_telemetry=False, password=‘secret’, provider=‘localhost’, quiet=False, region=‘us-east-1’, verbose=3, with_email=False)
Error calling
curl https://localhost/api/master/info
DEBUG:root:Sending telemetry to https://cli.developers.openremote.io/metrics
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): cli.developers.openremote.io:443
DEBUG:urllib3.connectionpool:https://cli.developers.openremote.io:443 “POST /metrics HTTP/1.1” 200 20
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): pypi.org:443
DEBUG:urllib3.connectionpool:https://pypi.org:443 “GET /pypi/openremote-cli/json HTTP/1.1” 200 34136
[ec2-user@ip-172-31-81-168 ~]$
Does the help?
thx
It seems that you don’t have correctly configured Route53 hosting zone
> nslookup
> set q=ns
> gro1.iot.microgro.co
Server: 192.168.69.103
Address: 192.168.69.103#53
** server can't find gro1.iot.microgro.co: NXDOMAIN
> iot.microgro.co
Server: 192.168.69.103
Address: 192.168.69.103#53
** server can't find iot.microgro.co: NXDOMAIN
You have to correctly set DNS name server before it can possibly work. Before above command give correct answer there is no hope. Read more about it Working with public hosted zones - Amazon Route 53
I have 2 hosted zones r53 …
- microgro.co (domain registered in AWS)
- iot.microgro.co (is this automatically created by or-cli?)
For 1. using nslookup I get …
C:\Users\info>nslookup
Default Server: bthub.home
*Address: xxxx
> set q=ns
> microgro.co
Server: bthub.home
*Address: xxxxx
Non-authoritative answer:
microgro.co nameserver = ns-1434.awsdns-51.org
microgro.co nameserver = ns-440.awsdns-55.com
microgro.co nameserver = ns-1540.awsdns-00.co.uk
microgro.co nameserver = ns-729.awsdns-27.net
So, I assume this DNS is all aok?
Do I need to set the domain … iot.microgro.co … to the same name servers as microgro.co?
thx
iot.microgro.co is your subdomain which you would need to create manually and correctly pass nameservers generated by Route 53 to parent domain microgro.co. However if you have hosted zone for microgro.co why don’t you use it instead? Just
or deploy --provider aws --dnsname test.microgro.co --region us-east-1 -v
without iot subdomain.
no, the subdomain is not created by or-cli. in order to pass iot.microgto.co to DNS servers you have to
- got to route 53 and open iot.mcrogro.co hosted zone
- note NS record value, i.e. 4 name servers assigned automatically by AWS
- open microgro.co hosting zone and create NS record with record name iot.microgro.co and values noted in previous step.
After this nslookup -type=ns iot.microgro.co should return these without errors.
Sitrep
ok … did that … stack deployed aok
now have gro2.microgro.co as an A record with ip address in microgro.co domain
ssh into gro2 instance and tried … $or deploy -a health -v
-
error returned
-
public ip in instance = 503 Service Unavailable …
did following …
C:\Users\info>nslookup
Default Server: bthub.home
Address: xxx
> set q=ns
> microgro.co
Server: bthub.home
Address: xxx
Non-authoritative answer:
microgro.co nameserver = ns-1540.awsdns-00.co.uk
microgro.co nameserver = ns-1434.awsdns-51.org
microgro.co nameserver = ns-440.awsdns-55.com
microgro.co nameserver = ns-729.awsdns-27.net
> gro2.microgro.co
Server: bthub.home
Address:xxx
-
primary name server = ns-1434.awsdns-51.org* -
responsible mail addr = awsdns-hostmaster.amazon.com* -
serial = 1* -
refresh = 7200 (2 hours)* -
retry = 900 (15 mins)* -
expire = 1209600 (14 days)* -
default TTL = 86400 (1 day)*
at least something from gro2.microgro.co returned. … I think. 
also … DNS Checker - DNS Check Propagation Tool
returns aok
so … why the 503 error for browser page = gro2.microgro.co ??
the or aws cloudformation guide says following …
Route 53 Hosted Zone
A Hosted zone should exist for app.openremote.io.
Do I need to add this?
thanks for all your help thus far …
I’ve checked again and indeed in the meantime we were discussed the cloud-formation template had a breaking change and hence the 503 error. I’ve updated the template to new keycloak environment variables and it deploys again correctly. This time or deploy --provider aws --dnsname test.microgro.co --region us-east-1 -v should create functional stack for you too.
cheers for this and deployed a new stack with new instance igro …unfortunately got the following … 
so near yet so far …
any thoughts …
the or manager in the instance seems to be working ok …
thx
wait a minute … just tried again … and joy of joys …
Maybe the brave browser shield blocked first attempt.
Big question is … what’s the user name and password?
Tried various combos … admin/secret (from guide) etc …
Almost there, I hope, and well done on excellent works and support.
User name is admin. Password is random generated during deploying. If you look carefully at the log then you’ll notice
> or deploy --provider aws --dnsname ... --region us-east-1 -v
If you need help go to https://forum.openremote.io/
Deploying OR... This usually takes less than 15 minutes.
> aws configure list-profiles
> aws ec2 describe-key-pairs --key-names openremote --profile openremote-cli
Generated password: 6nylYjJ7We
You can overwrite this behaviour by adding --password parameter - but not use secret as this one will be overwritten as not safe. To see all options just use -h switch
> or deploy -h
usage: or deploy [-h] [-V] [-n] [-v] [-t] [-q] [--config-file CONFIG_FILE] [-a [{create,remove,clean,health}]]
[-p PASSWORD] [--provider [{aws,localhost,rich}]] [--region REGION] [-d DNSNAME] [--with-email]
Deploy OpenRemote stack. By default create on localhost.
optional arguments:
-h, --help show this help message and exit
-V, --version show program's version number and exit
-n, --dry-run showing effects without actual run and exit (default: False)
-v, --verbose increase output verbosity (default: 0)
-t, --no-telemetry Don't send usage data to server (default: False)
-q, --quiet suppress info (default: False)
--config-file CONFIG_FILE
config.ini file location in home directory (default: ~/.openremote/config.ini)
deploy arguments:
-a [{create,remove,clean,health}], --action [{create,remove,clean,health}]
create/remove/clean OpenRemote stack (default: create)
-p PASSWORD, --password PASSWORD
password for admin user (default: secret)
--provider [{aws,localhost,rich}]
where the stack should be deployed (rich is on localhost but with artifacts from S3)
(default: localhost)
--region REGION AWS region to deploy (default: us-east-1)
-d DNSNAME, --dnsname DNSNAME
host and domain name (default: localhost)
--with-email generate valid SMTP server access keys (default: False)
1 Like
every other time … I made a copy of the password generated … but not the last time … 
typical … hanyway … in like flynn …
now the real work begins
once again … many thanks and looking forward to using OR
best
2 Likes
Congrats on your stamina. Don’t forget to show us your use case, we always appreciate it a lot.
Thank you for your unlimited patience! 
However, it looks like I’m not out of the woods yet as I’m having problems communicating via mqtt.
On my local OR deploy, I was able to access and edit the local yml file in the manager section to include access to port 1883 for mqtt and that worked aok.
How do I do similar for the aws ec2 deployment?
(I’ll tackle the 8883 and CA cert issue later but just want to get the system up and running first.)
Where is the yml file located on the ec2 instance?
And how do I dynamically edit it to take effect or do I need to redeploy the stack again?
FYI … The cloudformation template link still doesn’t work …
https://github.com/openremote/openremote/blob/master/.ci_cd/aws/cloudformation-standard.yml
thanks
For accessing aws ec2 deployment you need to use Session Manager because there is no ssh access for security reasons.
There docker is running under ec2-user account
For adding ports you don’t only edit docker-compose.yml but also the associated security group
You are referring to the template found in the openremote project. openremote-cli is a separate project with its own template.
Thanks for this and I’ve done all the changes (including security group) but no luck on connecting via mqttBox so far.
34.201.116.44:1883
Do I need to reboot my ec2 instance to effect the yml file edit changes?
Or re- deploy using or-cli?
I am pretty confident that all the mqtt parameters in mqttbox and corresponding igro OR instance are setup correctly as they are the same as my local openremote/mqttbox setup and it is working fine.
cheers
In order to re-deploy your modified docker-compose.yml do
. access.txt
docker-compose -p openremote up -d
It will recreate all containers with modified environment.