From b83378152ecc5bbbe923081eac62dbf4e5025f1c Mon Sep 17 00:00:00 2001 From: Jeremias Werner Date: Mon, 11 Aug 2025 12:17:30 +0200 Subject: [PATCH 1/2] create codeengine-fleet-defaults secret and persistent data store. fix region lookup --- experimental/serverless-fleets/README.md | 2 +- .../serverless-fleets/init-fleet-sandbox | 68 +++++++++++++------ 2 files changed, 47 insertions(+), 23 deletions(-) diff --git a/experimental/serverless-fleets/README.md b/experimental/serverless-fleets/README.md index 5983acbcf..ce137ff49 100644 --- a/experimental/serverless-fleets/README.md +++ b/experimental/serverless-fleets/README.md @@ -175,7 +175,7 @@ If you don't have a fleet sandbox, choose one of the two methods to create one. Run the following command, which will create all required cloud resources for you. ``` -./init-fleet-sandbox +NAME_PREFIX=ce-fleet-sandbox REGION=eu-de ./init-fleet-sandbox ``` The following resources will be created in the resource group `ce-fleet-sandbox--rg` in `eu-de`. diff --git a/experimental/serverless-fleets/init-fleet-sandbox b/experimental/serverless-fleets/init-fleet-sandbox index c56dbe726..20da5bca7 100755 --- a/experimental/serverless-fleets/init-fleet-sandbox +++ b/experimental/serverless-fleets/init-fleet-sandbox @@ -1,13 +1,5 @@ #!/bin/bash -#### Global vars -# vsi_images hashmap contains the list of valid vsi-images that can be used within fleets -# The fleet sandbox can be setup on regions with a valid vsi-image, only. -declare -A vsi_images -vsi_images["eu-de"]=r010-e7b25759-7857-455a-aec0-904b65c3c4cb -vsi_images["eu-gb"]=r018-31655c46-96e7-4d38-b61a-2ab1b66b9bbd -vsi_images["us-east"]=r014-b7f47448-72db-4012-b018-bb120518b078 - # Env vars CLEANUP_ON_ERROR=${CLEANUP_ON_ERROR:=false} CLEANUP_ON_SUCCESS=${CLEANUP_ON_SUCCESS:=false} @@ -33,6 +25,19 @@ icl_name="${NAME_PREFIX}--icl" sysdig_name="${NAME_PREFIX}--sysdig" sysdig_key_name="${NAME_PREFIX}--sysdig-key" +# checking if a there is a valid vsi-image in the region available +vsi_image_id="" +if [[ "$REGION" == "eu-de" ]]; then + vsi_image_id="r010-e7b25759-7857-455a-aec0-904b65c3c4cb" +elif [[ "$REGION" == "eu-gb" ]]; then + vsi_image_id="r018-31655c46-96e7-4d38-b61a-2ab1b66b9bbd" +elif [[ "$REGION" == "us-east" ]]; then + vsi_image_id="r014-b7f47448-72db-4012-b018-bb120518b078" +else + echo "Fleet sandbox setup is currently not supported in region ($region), exiting setup... " + exit -1 +fi + # ============================== # COMMON FUNCTIONS # ============================== @@ -58,7 +63,7 @@ function clean() { fi if [[ "$SETUP_LOGGING" == "true" ]]; then - ibmcloud iam service-id-delete ${icl_name}-svc-id + ibmcloud iam service-id-delete ${icl_name}-svc-id 2>/dev/null ibmcloud is endpoint-gateway-delete ${icl_name}-vpegw --force 2>/dev/null ibmcloud resource service-instance-delete $icl_name -f -q 2>/dev/null fi @@ -89,12 +94,12 @@ function clean() { if [[ $? == 0 ]]; then COUNTER=0 # some resources (e.g. boot volumes) are deleted with some delay. Hence, the script waits before exiting with an error - while (( "$(ibmcloud resource service-instances --type all -g $resource_group_name --output json | jq -r '. | length')" > 0 )); do + while (( "$(ibmcloud resource service-instances --type all -g $resource_group_name --location $REGION --output json | jq -r '. | length')" > 0 )); do sleep 5 COUNTER=$((COUNTER + 1)) if ((COUNTER > 3)); then print_error "Cleanup failed! Please make sure to delete remaining resources manually to avoid unwanted charges." - ibmcloud resource service-instances --type all -g $resource_group_name + ibmcloud resource service-instances --type all -g $resource_group_name --location $REGION exit 1 fi done @@ -109,8 +114,8 @@ function abortScript() { clean else print_msg "\nSkipping deletion of the created IBM Cloud resources. Please be aware that the created resources will occur costs in your account." - echo "$ ibmcloud resource service-instances --type all -g $resource_group_name" - ibmcloud resource service-instances --type all -g $resource_group_name + echo "$ ibmcloud resource service-instances --type all -g $resource_group_name --location $REGION" + ibmcloud resource service-instances --type all -g $resource_group_name --location $REGION fi exit 1 } @@ -154,13 +159,6 @@ echo "Please note: This script will install various IBM Cloud resources within t print_msg "\nChecking prerequisites ..." check_prerequisites -# checking if a there is a valid vsi-image in the region available -vsi_image_id=${vsi_images[${REGION}]} - -if [[ $vsi_image_id == "" || $vsi_image_id == null ]]; then - echo " Fleet sandbox setup is currently not supported in region ($region), exiting setup... " - exit -1 -fi # Ensure that latest versions of used IBM Cloud ClI is installed print_msg "\nPulling latest IBM Cloud CLI release ..." @@ -439,6 +437,7 @@ ibmcloud ce configmap create --name fleet-vpc-config \ # alternative to fetch the latest stock image: # --from-literal VSI_IMAGE_ID="$(ibmcloud is image ibm-ubuntu-24-04-6-minimal-amd64-1 --output json | jq -r '.id')" +## crawl+ print_msg "\nCreating a Code Engine secret 'fleet-cos-config' to access the COS bucket ..." ibmcloud ce secret create --name fleet-cos-config \ --from-literal access_key_id=$(ibmcloud resource service-key ${cos_key_name} --output JSON | jq -r '.[0] | .credentials | .cos_hmac_keys | .access_key_id') \ @@ -451,15 +450,40 @@ ibmcloud ce secret create --name fleet-cos-config \ --from-literal prefix="" \ --from-literal resource_instance_id=$COS_ID +## walk +print_msg "\nCreating a Code Engine Persistant Data Store 'fleet-task-store' to access the COS bucket as the task state store ..." +ibmcloud ce secret create --name fleet-task-store-secret \ +--format hmac \ +--secret-access-key $(ibmcloud resource service-key ${cos_key_name} --output JSON | jq -r '.[0] | .credentials | .cos_hmac_keys | .secret_access_key') \ +--access-key-id $(ibmcloud resource service-key ${cos_key_name} --output JSON | jq -r '.[0] | .credentials | .cos_hmac_keys | .access_key_id') +## walk +ibmcloud ce pds create --name fleet-task-store \ +--cos-bucket-name ${cos_bucket_name} \ +--cos-bucket-location ${REGION} \ +--cos-access-secret fleet-task-store-secret + +## walk +print_msg "\nCreating the Code Engine default secret 'codeengine-fleet-defaults' with observability and VPC subnet configurations ..." +ibmcloud ce secret create -n codeengine-fleet-defaults \ +--from-literal pool_subnet_crn_1="$(ibmcloud is subnet ${vpc_name}-subnet --output json | jq -r '.crn')" \ +--from-literal pool_security_group_crns_1="$(ibmcloud is security-group ${vpc_name}-group --output json | jq -r '.crn')" + print_msg "\nCreating a Code Engine secret 'fleet-observability-config' to enable logging and monitoring integrations ..." ibmcloud ce secret create --name fleet-observability-config --format generic --from-literal LOGGING_ENABLED=${SETUP_LOGGING} if [[ "$SETUP_LOGGING" == "true" ]]; then print_msg "\nMake sure logs are sent to '${icl_ingestion_host}' ..." + ## crawl+ ibmcloud ce secret update --name fleet-observability-config \ --from-literal LOGGING_INGESTION_HOST=${icl_ingestion_host} \ --from-literal LOGGING_INGESTION_APIKEY=${icl_ingestion_apikey} \ --from-literal LOGGING_LEVEL_AGENT=info \ --from-literal LOGGING_LEVEL_WORKER=info + ## walk + ibmcloud ce secret update -n codeengine-fleet-defaults \ + --from-literal LOGGING_INGRESS_ENDPOINT="${icl_ingestion_host}" \ + --from-literal LOGGING_SENDER_API_KEY="${icl_ingestion_apikey}" \ + --from-literal LOGGING_LEVEL_AGENT=info \ + --from-literal LOGGING_LEVEL_WORKER=info fi if [[ "$SETUP_MONITORING" == "true" ]]; then print_msg "\nMake sure monitoring is enabled to '${sysdig_collector_host}' ..." @@ -469,8 +493,8 @@ if [[ "$SETUP_MONITORING" == "true" ]]; then fi print_msg "\nThe Fleet demo sandbox has been configured. Please be aware that the created resources will occur costs in your account." -echo "$ ibmcloud resource service-instances --type all -g $resource_group_name" -ibmcloud resource service-instances --type all -g $resource_group_name +echo "$ ibmcloud resource service-instances --type all -g $resource_group_name --location $REGION" +ibmcloud resource service-instances --type all -g $resource_group_name --location $REGION print_msg "\nFollow the tutorial to launch your first Serverless Fleet with './run'" From 58e6ccb16cc675b60fa81d422abb9bdf9fa21ef3 Mon Sep 17 00:00:00 2001 From: Jeremias Werner Date: Mon, 11 Aug 2025 17:19:32 +0200 Subject: [PATCH 2/2] add lifecycle configuration for results and target rg and region before cleanup --- .../serverless-fleets/init-fleet-sandbox | 21 ++++++++++--------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/experimental/serverless-fleets/init-fleet-sandbox b/experimental/serverless-fleets/init-fleet-sandbox index 20da5bca7..bd184975e 100755 --- a/experimental/serverless-fleets/init-fleet-sandbox +++ b/experimental/serverless-fleets/init-fleet-sandbox @@ -48,24 +48,22 @@ source ${SCRIPT_DIR}/common.sh # Clean up previous run function clean() { ( + target_region $REGION + target_resource_group $resource_group_name + rm -f ${sshkey_name} rm -f ${sshkey_name}.pub - - ibmcloud resource service-instance-delete $icl_name -f -q 2>/dev/null - ibmcloud iam service-id-delete ${icl_name}-svc-id -f -q 2>/dev/null - ibmcloud is endpoint-gateway-delete ${icl_name}-vpegw --force 2>/dev/null - if [[ "$SETUP_MONITORING" == "true" ]]; then ibmcloud resource service-key-delete ${sysdig_key_name} -f -q 2>/dev/null - ibmcloud resource service-instance-delete ${sysdig_name} -f -q 2>/dev/null + ibmcloud resource service-instance-delete ${sysdig_name} -g ${resource_group_name} -f -q 2>/dev/null ibmcloud is endpoint-gateway-delete ${sysdig_name}-vpegw --force 2>/dev/null fi if [[ "$SETUP_LOGGING" == "true" ]]; then - ibmcloud iam service-id-delete ${icl_name}-svc-id 2>/dev/null + ibmcloud iam service-id-delete ${icl_name}-svc-id -f 2>/dev/null ibmcloud is endpoint-gateway-delete ${icl_name}-vpegw --force 2>/dev/null - ibmcloud resource service-instance-delete $icl_name -f -q 2>/dev/null + ibmcloud resource service-instance-delete $icl_name -g ${resource_group_name} -f -q 2>/dev/null fi ibmcloud iam api-key-delete ${apikey_name} --force 2>/dev/null @@ -172,7 +170,6 @@ ensure_plugin_is_up_to_date vpc-infrastructure ensure_plugin_is_up_to_date cloud-object-storage ensure_plugin_is_up_to_date container-registry -print_msg "\nTargetting IBM Cloud region '$REGION' ..." target_region $REGION # @@ -361,13 +358,17 @@ ibmcloud cos config region --region $REGION print_msg "\nCreating COS bucket '${cos_bucket_name}' ..." ibmcloud cos bucket-create --bucket ${cos_bucket_name} --ibm-service-instance-id $COS_ID - # Create COS credentials print_msg "\nCreating COS service key '${cos_key_name}' ..." ibmcloud resource service-key-create ${cos_key_name} --parameters '{"HMAC":true}' --instance-id $COS_ID print_msg "\nCOS instance '${COS_ID}' and bucket '${cos_bucket_name}' created ..." +ibmcloud cos config crn --force --crn $(ibmcloud resource service-instance $cos_name --crn | grep "crn") + +print_msg "\ncreateing bucket lifecycle configuration for objects in the result folder with 1 day retention ..." +ibmcloud cos bucket-lifecycle-configuration-put --bucket ${cos_bucket_name} --region ${REGION} --lifecycle-configuration '{ "Rules": [ {"Expiration": {"Days": 1},"Filter": {"Prefix": "result/ticker"},"ID": "ticker results","Status": "Enabled"}, {"Expiration": {"Days": 1},"Filter": {"Prefix": "result/inferencing"},"ID": "inferencing results","Status": "Enabled"}, {"Expiration": {"Days": 1},"Filter": {"Prefix": "result/docling"},"ID": "docling results","Status": "Enabled"}, {"Expiration": {"Days": 1},"Filter": {"Prefix": "result/wordcount"},"ID": "wordcount results","Status": "Enabled"} ] }' + print_msg "\nCreating local rclone environment .rclone.conf to upload/download to the COS bucket..." cat > .rclone.conf << EOF