Drone Autoscaler

hash167 · May 22, 2019, 9:38pm

Hi there,

I am trying to run the drone auto scaler container.I keep getting the following error
{“level”:“fatal”,“error”:“missing provider configuration”,“time”:“2019-05-22T21:30:56Z”,“message”:“Invalid or missing hosting provider”}

I tried running the container as show in https://autoscale.drone.io/intro/amazon/ and get the same error. Am I missing something?

Below is my docker compose file. Thanks for your help

version: ‘3’
services:
drone-autoscaler:
image: drone/autoscaler
ports:
- 8080:8080
volumes:
- /var/lib/autoscaler:/data
restart: always
environment:
- DRONE_POOL_MIN=2
- DRONE_POOL_MAX=10
- DRONE_SERVER_PROTO=“https”
- DRONE_SERVER_HOST={HostName} - DRONE_SERVER_TOKEN={DroneServerToken}
- DRONE_AGENT_TOKEN={DroneRPCSecret} - DRONE_AMAZON_IMAGE="ami-4e79ed36" - DRONE_AMAZON_INSTANCE="t2.medium" - DRONE_AMAZON_PRIVATE_IP=true -DRONE_AMAZON_TAGS="Service:drone" - DRONE_AMAZON_REGION="us-west-2" - DRONE_AMAZON_SUBNET_ID={AutoScalerSubnetId}
- DRONE_AMAZON_SECURITY_GROUP={AutoScalerSecurityGroup} - DRONE_AMAZON_SSHKEY={Key}

bradrydzewski · May 22, 2019, 10:00pm

missing require aws authentication variables, such as AWS_ACCESS_KEY_ID https://github.com/drone/autoscaler/blob/master/cmd/drone-autoscaler/main.go#L243

hash167 · May 22, 2019, 10:14pm

Thanks Brad. I downloaded the the code from github and did a grep for the error and thought of the same thing. I thought maybe the container could assume the role by itself, since it is running in the ec2 instance which has the appropriate IAM role.

Quick question: What are the minimum IAM requirements needed by the autoscaler. I have given it full access to EC2 and Autoscaling. Anything else needed?

Another quick question: Will the drone agents use the same iam role or will it use the role of the drone server?

bradrydzewski · May 22, 2019, 10:19pm

I thought maybe the container could assume the role by itself, since it is running in the ec2 instance which has the appropriate IAM role.

It may require setting AWS_IAM=true

What are the minimum IAM requirements needed by the autoscaler.

Sorry, I do not use AWS and am therefore not very knowledgable when it comes to things like IAM roles. However, I am guessing Drone Autoscaler would require similar IAM roles as docker-machine. So perhaps this will helpful Minimal IAM policy · Issue #1655 · docker/machine · GitHub

Will the drone agents use the same iam role or will it use the role of the drone server?

No, I believe you have to set the IAM role via DRONE_AMAZON_IAM_PROFILE_ARN

hash167 · May 22, 2019, 10:42pm

This is great info. Thanks Brad. I’ll update this thread if I run into any issues.

hash167 · May 23, 2019, 6:39pm

Hi Brad,

So I have the autoscaler configured and it is creating agents(New ec2 instances). The autoscaler is able to connect to the agent and start the containers. Yet no builds are running. Any idea where I can troubleshoot. I logged into the agent and checked the container logs and there are no logs at all

Below is my complete docker-compose file including server and autoscaler

version: ‘3’
services:
drone-server:
image: drone/drone:1.1
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/drone:/data
restart: always
environment:
- DRONE_SERVER_HOST={HostName} - DRONE_AGENTS_ENABLED=true - DRONE_SERVER_PROTO=https - DRONE_TLS_AUTOCERT=false - DRONE_BITBUCKET_CLIENT_ID={ClientID}
- DRONE_BITBUCKET_CLIENT_SECRET={ClientSecret} - DRONE_RPC_SECRET={DroneRPCSecret}
- DRONE_REPOSITORY_FILTER=xyz
- DRONE_USER_FILTER=xyz
- DRONE_USER_CREATE=username:droneadmin,machine:true,admin:true,token:{DroneServerToken} - DRONE_DATABASE_DRIVER=mysql - DRONE_DATABASE_DATASOURCE=root:{DroneDatabasePassword}@tcp({DroneDatabaseHostname}:3306)/drone?parseTime=true drone-autoscaler: image: drone/autoscaler depends_on: - drone-server ports: - 8080:8080 volumes: - /var/lib/autoscaler:/data restart: always environment: - DRONE_SERVER_HOST=drone-server - DRONE_POOL_MIN=2 - DRONE_POOL_MAX=10 - DRONE_SERVER_PROTO=http - DRONE_SERVER_TOKEN={DroneServerToken}
- DRONE_AGENT_TOKEN={DroneRPCSecret} - DRONE_AMAZON_IMAGE=ami-4e79ed36 - DRONE_AMAZON_INSTANCE=t2.medium - DRONE_AMAZON_TAGS="Service:drone" - DRONE_AMAZON_REGION=us-west-2 - DRONE_AMAZON_SUBNET_ID={AutoScalerSubnetId}
- DRONE_AMAZON_SECURITY_GROUP={AutoScalerSecurityGroup} - DRONE_AMAZON_SSHKEY=xyz - DRONE_AMAZON_PRIVATE_IP=true - DRONE_AMAZON_IAM_PROFILE_ARN={AgentInstanceProfile}
- AWS_IAM=true
links:
- drone-server

bradrydzewski · May 23, 2019, 6:48pm

Have a look at Builds are Stuck in Pending Status

hash167 · May 23, 2019, 9:48pm

How do I get logs for the agent especially since I’m not provisioning the agents, the autoscaler is. DRONE_LOGS_TRACE=true has been set for the drone server container and the autoscaler container. How can I debug the agent?

bradrydzewski · May 23, 2019, 10:44pm

You can pass additional configuration parameters to the agent by setting DRONE_AGENT_ENVIRON. For example:

DRONE_AGENT_ENVIRON=DRONE_LOGS_TRACE=true

hash167 · May 24, 2019, 4:48pm

Thank you so much for your help. Much appreciated. We got the deployment working.

bradrydzewski · May 24, 2019, 5:32pm

@hash167 great, could you provide some details about which IAM permissions were required? And any other details that might be useful to others looking to setup the autoscaler on AWS? Thanks!

mtb-xt · June 15, 2019, 2:39am

Ended up with this set of IAM Policies to authorize drone to launch it’s agents:
WARNING! This policy could be stricter - you can, for example, use tags to only allow termination of drone-agents. Right now, drone server would be able to terminate any instance in your region.

Also, I’m using a different Instance Profile for my drone agents, and you have to explicitly allow drone’s role to pass a role to the agents - search for “iam:PassRole” in this example, and change to your agents role

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:Describe*"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:RunInstances"
            ],
            "Resource": [
                "arn:aws:ec2:ap-southeast-2:<ACCOUNTID>:instance/*",
                "arn:aws:ec2:ap-southeast-2:<ACCOUNTID>:key-pair/*",
                "arn:aws:ec2:ap-southeast-2:<ACCOUNTID>:security-group/*",
                "arn:aws:ec2:ap-southeast-2:<ACCOUNTID>:volume/*",
                "arn:aws:ec2:ap-southeast-2::image/ami-*",
                "arn:aws:ec2:ap-southeast-2:<ACCOUNTID>:network-interface/*",
                "arn:aws:ec2:ap-southeast-2:<ACCOUNTID>:subnet/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:TerminateInstances"
            ],
            "Resource": [
                "arn:aws:ec2:ap-southeast-2:<ACCOUNTID>:instance/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "iam:PassRole",
            "Resource": "arn:aws:iam::<ACCOUNTID>:role/drone-agent.tools.prod.movio.co"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:CreateTags"
            ],
            "Resource": "arn:aws:ec2:ap-southeast-2:<ACCOUNTID>:*/*",
            "Condition": {
                "StringEquals": {
                    "ec2:CreateAction": "RunInstances"
                }
            }
        }
    ]
}

Topic		Replies	Views
After some help with drone and the amazon autoscaler Drone Support	3	901	December 12, 2018
Droner autoscaler - Issue with AWS EC2 Drone Support	1	457	March 3, 2022
Error with autoscaled drone agents Drone Support	9	512	March 17, 2023
Setting cloud config raises unrelated error Drone Support	2	348	March 31, 2021
Drone-agent in error status Drone Support	1	465	October 3, 2019

Drone Autoscaler

Related topics