Similar to Unknown host error met for my Running App - #2 by MatthewIngwersen.
Created new app using
fly lauch
when folder already contained a fly.toml. Ended with an app without IPs. Allocating manually assigned the IPs.
Hi @andig, sorry for the delay replying here. Two questions:
-
Just to make sure I understand the scenario, you answered “yes” when
fly launchasked “An existing fly.toml file was found […] Would you like to copy its configuration to the new app? (y/N)”? -
Would you be able/willing to share a redacted
fly.toml(particularly any[[services]]and[http_service]sections) here?
(I did try this out on an app with a basic [http_service], and I didn’t see anything unusual happen with the IPs. However, fly launch/fly deploy allocate IPs based on how services are configured, so I wonder if there’s an issue that affects your config but not mine.)
@MatthewIngwersen I think I can repro this. Seems it does indeed depend on the services section of the fly.toml being copied from.
Using
[[services]]
protocol = "tcp"
internal_port = 80
[[services.ports]]
port = 80
handlers = ["http"]
[[services.tcp_checks]]
interval = "15s"
timeout = "2s"
grace_period = "1s"
[[services]]
protocol = "tcp"
internal_port = 443
[[services.ports]]
port = 443
[[services]]
protocol = "tcp"
internal_port = 8080
[[services.ports]]
port = 8080
[services.concurrency]
hard_limit = 500
soft_limit = 200
I end up with this:
Creating app in /Users/andig/htdocs/evcc-test
An existing fly.toml file was found for app evcc
? Would you like to copy its configuration to the new app? Yes
Using build strategies '[the "..." docker image]'. Remove [build] from fly.toml to force a rescan
Some regions require a paid plan (bom, fra, maa).
See https://fly.io/plans to set up a plan.
? Choose a region for deployment: Amsterdam, Netherlands (ams)
App will use 'ams' region as primary
Created app 'evcc-test3' in organization 'evcc'
Admin URL: https://fly.io/apps/evcc-test3
Hostname: evcc-test3.fly.dev
? Would you like to set up a Postgresql database now? No
? Would you like to set up an Upstash Redis database now? No
Wrote config file fly.toml
? Would you like to deploy now? Yes
Validating /Users/andig/htdocs/evcc-test/fly.toml
Platform: machines
âś“ Configuration is valid
==> Building image
Searching for image '...' remotely...
image found: img_g72wp0wl50y4yxko
Watch your deployment at https://fly.io/apps/evcc-test3/monitoring
? Would you like to allocate dedicated ipv4 and ipv6 addresses now? No
Creating a 1 GB volume named 'perm' for process group 'app'. Use 'fly vol extend' to increase its size
This deployment will:
* create 1 "app" machine
No machines in group app, launching a new machine
^C
Smoke checks for 9185e04a255e08 failed: failed to get VM 9185e04a255e08: Get "https://api.machines.dev/v1/apps/evcc-test3/machines/9185e04a255e08": aborted by user
Check its logs: here's the last lines below, or run 'fly logs -i 9185e04a255e08':
INFO detected canceled context and allowing 500ms to release machine 9185e04a255e08 [app] lease
-------
-------
âś– Failed: error getting logs for machine 9185e04a255e08: Get "https://api.fly.io/api/v1/apps/evcc-test3/logs?instance=9185e04a255e08&next_token=®io…
-------
According to log it seems it does not allocate IPs. Question is only for dedicated IP, so denied. Wdyt?
Hi @andig, thanks for this! I found a little time to check flyctl’s behavior this evening. It looks like your app has some service definitions that don’t work with a shared IPv4 address (link to docs). Specifically:
- Port 443 is a raw TCP service (it’s lacking
httpandtlshandlers) - Port 8080 is also a raw TCP service
That’s why flyctl gives the option to allocated dedicated IP addresses instead of automatically allocating a (free) shared IPv4 and dedicated IPv6.
Perhaps it would be helpful if fly launch printed a bit of explanatory text before the question?
@MatthewIngwersen Thank you! Reason for the setup is/was, that I wasn’t aware that Fly can handle Letsencrypt certificates, hence I had this built into the Go application.
Perhaps it would be helpful if
fly launchprinted a bit of explanatory text before the question?
I think so, yes (also mention UDP). In this specific case though, the question isn’t even asked, probably since Fly determined it could not allocate a shared address. It would be good if fly launch could explain what it’s doing and why it isn’t trying to allocate a shared IPv4 address.
Another oddity regarding services (and off topic): in the process of moving to Fly-managed Letsencrypt certificates I’m stuck with a strange error in another case. It would be great if you could also take a look there. I’m seeing this with two apps I’d like to convert and CLI doesn’t give any indication what is really going on:
1 Like
Thanks for the feedback @andig.
As for the certificate issue:
-
Did you remember to run
fly deployto deploy the updatedfly.tomlbefore trying to issue the certificate? (You probably did! Just trying to be thorough though) -
Was the app in question originally running on Nomad and was migrated to Apps v2 recently? If so, did you make the change to services after the migration?
Very good questions @MatthewIngwersen 
- app was running on nomad before
- I don’t think I’ve changed any services as code is still the same, but I did deploy the app
Regarding changing to fly-managed certificates: I did not deploy the new service configuration as I was waiting for the certificate to become available first to not risk downtime. Apparently that won’t work.
I did then deploy new service config last night and quickly checked certificates afterwards. The certificate was still in “stuck” state claiming invalid service configuration. Is that a timing issue and I should just be patient or do the stuck certificates need be pushed/removed/re-added?
Thank you for the input- much appreciated!
Hi @andig, we suspect that your certificate was incorrectly being blocked due to some leftover Nomad service data associated with your app. We’ve just deployed a fix. Can you check/try it again and let me know how it goes?
@MatthewIngwersen confirmed working, much appreciated- thank you!
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.