Add first-party support for launching with infrastructure-as-code solutions

Question

Add first-party support for launching with infrastructure-as-code solutions

Closed this issue 4 months ago · 1 comments

Description
Update docs and perhaps update the scripts to support a workflow that can be triggered from something like terraform or CDK and doesn't require user input.

Basic example
We use CDK to deploy our infrastructure as code. Here's a stripped-down snippet of our meilisearch CDK config (in python).

        meilisearch_sg = ec2.SecurityGroup(
            self,
            generate_resource_name("meilisearch-security-group"),
            vpc=vpc,
            allow_all_outbound=True,
        )
        meilisearch_sg.add_ingress_rule(
            peer=ec2.Peer.any_ipv4(),
            connection=ec2.Port.tcp(22),
            description="SSH from anywhere",
        )
        meilisearch_sg.add_ingress_rule(
            peer=ec2.Peer.any_ipv4(),
            connection=ec2.Port.tcp(80),
            description="HTTP from anywhere",
        )
        meilisearch_sg.add_ingress_rule(
            peer=ec2.Peer.any_ipv4(),
            connection=ec2.Port.tcp(443),
            description="HTTPS from anywhere",
        )

        meilisearch_key_pair = ec2.KeyPair(
            self,
            generate_resource_name("meilisearch-ssh-cert"),
            key_pair_name=generate_resource_name("meilisearch-ssh-key"),
        )

        meilisearch_domain_prefix = (
            "search" if ENVIRONMENT == "prod" else f"{ENVIRONMENT}.search"
        )

        meilisearch_user_data = ec2.UserData.for_linux()
        meilisearch_user_data.add_commands(
            f"""cat << EOF > /var/opt/meilisearch/env
export MEILISEARCH_ENVIRONMENT=production
export USE_API_KEY=true
export MEILISEARCH_MASTER_KEY={MEILISEARCH_MASTER_TOKEN}
export MEILI_DUMP_DIR=/var/opt/meilisearch/dumps
export DOMAIN_NAME={meilisearch_domain_prefix}.{apex_domain}
export USE_SSL=true
export USE_CERTBOT=true
export MEILISEARCH_SERVER_PROVIDER=amazon-ebs
export MEILI_SKIP_USER_INPUT=true
EOF""",
            "sudo sh /var/opt/meilisearch/scripts/first-login/001-setup-prod.sh",
        )

        meilisearch_server = ec2.Instance(
            self,
            generate_resource_name("meilisearch-server"),
            vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
            instance_type=ec2.InstanceType.of(
                ec2.InstanceClass.R4, ec2.InstanceSize.XLARGE
            ),
            machine_image=ec2.LookupMachineImage(
                name="Meilisearch-v1.8.0-Debian-11", owners=["567502172578"]
            ),
            vpc=vpc,
            key_pair=meilisearch_key_pair,
            block_devices=[
                ec2.BlockDevice(
                    device_name="/dev/xvda", volume=ec2.BlockDeviceVolume.ebs(25)
                )
            ],
            security_group=meilisearch_sg,
            associate_public_ip_address=True,
            user_data=meilisearch_user_data,
            user_data_causes_replacement=True,
        )

        meilisearch_domain = route53.ARecord(
            self,
            id=generate_resource_name("meilisearch-domain"),
            zone=zone,
            record_name=meilisearch_domain_prefix,
            target=route53.RecordTarget(values=[meilisearch_server.instance_public_ip]),
        )

        meilisearch_domain.apply_removal_policy(RemovalPolicy.DESTROY)
        meilisearch_key_pair.apply_removal_policy(RemovalPolicy.DESTROY)
        meilisearch_sg.apply_removal_policy(RemovalPolicy.DESTROY)
        meilisearch_server.apply_removal_policy(RemovalPolicy.DESTROY)

As you can see, we add a startup script that dumps the env variables into the env file and calls the setup-prod script (calling meilisearch-setup fails and continues to prompt for user-input even with the skip flag set). I'm worried that this will be fragile in future releases where the API may change.

Other
It would be nice to have a few things, each of which could be split into a smaller PR if necessary:

Better docs about where to put environment variables for meilisearch.
Documentation about using a skip-user-input flag on startup.
Better handling of the skip-user-input flag directly using the meilisearch-setup script.
A different base linux distro for out of the box instance-connect support (#76).
Better first-party, zero-config support for common EC2 SSL settings that could be managed by us in our AWS infrastructure without having to configure meilisearch to be hosted over https.
It could also be nice to name all of the variables in /var/opt/meilisearch/env consistent with the env variables that meilisearch looks at in its base toml config so that there's less of a documentation burden.

Answer 1 · 2024-07-19T15:04:22.000Z

Hi @wesharper thanks for placing this issue!

First of all, I don't know if I understood the purpose of this issue because, if I understood it, it is not the responsibility of this repository scope to provide such automation.

The idea behind cloud-providers is to place Meilisearch as a ready-to-use snapshot image in cloud providers' marketplaces like AWS and GCP. Creating a new layer of automation to allow the users to create multiple instances in those providers is not part of this scope and, to me, will never be.

But since we are open source, and if you want to create such automation, we would be thrilled to share/promote such a tool within our community as we did to other tools like meilisync although we don't have the time budget to work in automation like that 😅 because we would always recommend our own product Meilisearch Cloud.

By the way, we keep a curated list of third-party tools here https://github.com/meilisearch/awesome-meilisearch/.

So, in summary, I really appreciate your idea, but we can't work on that, and since it is not the scope of this repo, I'm going to close this issue. If you think I'm mistaken let me know!