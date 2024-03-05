Deploying a fault-tolerant architecture with preemptible VMs
In this tutorial, you will create a Yandex Cloud Functions function in Node.js that will be invoked on a schedule and restart a stopped preemptible Yandex Compute Cloud VM.
The architecture described here is suitable for VMs with non-critical loads. It allows you to use cost advantages of preemptible VMs and, in the event of a VM's shutdown, ensures that the idle time is less than a minute.
To deploy a fault-tolerant architecture with a preemptible VM:
- Prepare the environment.
- Prepare a ZIP archive with the function code.
- Create a function.
- Create a trigger.
- Test the function.
If you no longer need the resources you created, delete them.
Getting started
Prepare the environment
- Create a service account that will be used to invoke the function and assign it the
functions.functionInvokerand
lockbox.payloadViewerroles.
- Create a preemptible VM.
Create a secret
Create a Yandex Lockbox secret to store an OAuth token.
- In the management console, select the folder where you want to create a secret.
- In the list of services, select Lockbox.
- Click Create secret.
- In the Name field, enter a name for the secret, e.g.,
oauth-token.
- Under Version:
- In the Key field, enter
key_token.
- In the Value field, enter the OAuth token value required for function authorization.
- In the Key field, enter
- Click Create.
To create a secret, run this command:
yc lockbox secret create --name oauth-token \
--payload "[{'key': 'key_token', 'text_value': '<OAuth_token>'}]"
Where
text_value is the value of the OAuth token required for function authorization.
Result:
done (1s)
id: e6qu9ik259lb********
folder_id: b1g9d2k0itu4********
...
status: ACTIVE
payload_entry_keys:
- key_token
-
In the configuration file, describe the secret parameters:
resource "yandex_lockbox_secret" "oauth-token" { name = "oauth-token" } resource "yandex_lockbox_secret_version" "my_version" { secret_id = yandex_lockbox_secret.my_secret.id entries { key = "key_token" text_value = "<OAuth_token>" } }
Where:
name: Secret name.
key: Secret key.
text_value: OAuth token value required for function authorization.
For more information about the parameters of resources used in Terraform, see the provider documentation:
-
-
Make sure the configuration files are valid.
-
In the command line, go to the directory where you created the configuration file.
-
Run a check using this command:
terraform plan
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
-
-
Deploy cloud resources.
-
If the configuration does not contain any errors, run this command:
terraform apply
-
Confirm the secret creation: type
yesin the terminal and press Enter.
-
To create a secret, use the create REST API method for the Secret resource or the SecretService/Create gRPC API call.
Prepare a ZIP archive with the function code
-
Save the following code to a file named
index.js:
import { serviceClients, Session, cloudApi } from '@yandex-cloud/nodejs-sdk'; const { compute: { instance_service: { ListInstancesRequest, GetInstanceRequest, StartInstanceRequest, }, instance: { IpVersion, }, }, } = cloudApi; const FOLDER_ID = process.env.FOLDER_ID; const INSTANCE_ID = process.env.INSTANCE_ID; const OAUTHTOKEN = process.env.OAUTHTOKEN; export const handler = async function (event, context) { const session = new Session({ oauthToken: OAUTHTOKEN }); const instanceClient = session.client(serviceClients.InstanceServiceClient); const list = await instanceClient.list(ListInstancesRequest.fromPartial({ folderId: FOLDER_ID, })); const state = await instanceClient.get(GetInstanceRequest.fromPartial({ instanceId: INSTANCE_ID, })); var status = state.status if (status == 4){ const startcommand = await instanceClient.start(StartInstanceRequest.fromPartial({ instanceId: INSTANCE_ID, })); } return { statusCode: 200, body: { status } }; };
-
Save the following code to a file named
package.json:
{ "name": "my-awesome-package", "version": "1.0.0", "type": "module", "dependencies": { "@yandex-cloud/nodejs-sdk": "latest" } }
-
Add the
index.jsand
package.jsonfiles to the
function-js.ziparchive.
Create a function
- In the management console, select the folder where you want to create a function.
- In the list of services, select Cloud Functions.
- Create a function:
- Click Create function.
- In the window that opens, enter
function-restart-vmsas the function name.
- Click Create.
- Create a function version:
- Select the
nodejs18runtime environment, disable the Add files with code examples option, and click Continue.
- In the Method field, select
ZIP archive.
- In the File field, click Attach file and select the
function-js.ziparchive you created earlier.
- Specify the entry point:
index.handler.
- Under Parameters, specify:
- Timeout, sec:
3.
- Memory:
128 MB.
- Service account: Select the previously created service account with rights to invoke the function.
- Environment variables:
FOLDER_ID: ID of the folder in which to restart the stopped VM instances.
INSTANCE_ID: ID of the VM instance to restart at interruption.
-
- Lockbox secrets:
- In the Environment variable field, specify
OAUTHTOKEN.
- In the Secret ID field, select the previously created
oauth-tokensecret.
- In the Version ID field, select a version for the secret.
- In the Secret key field, select
key_tokenas the key name.
- In the Environment variable field, specify
- If you do not want to save logs and pay for using Cloud Logging, disable logging: select
Not specifiedin the Destination field under Logging.
- Timeout, sec:
- Click Save changes.
- Select the
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the
--folder-name or
--folder-id parameter.
-
Create a function named
function-restart-vms:
yc serverless function create --name function-restart-vms
Result:
id: d4ebrmenrr7l******** folder_id: b1g9d2k0itu4******** created_at: "2023-10-28T17:26:58.200799757Z" name: function-restart-vms http_invoke_url: https://functions.yandexcloud.net/d4ebrmenrr7l******** status: ACTIVE
-
Create a function version named
function-restart-vms:
yc serverless function version create \ --function-name function-restart-vms \ --memory=128m \ --execution-timeout=3s \ --runtime=nodejs18 \ --entrypoint=index.handler \ --service-account-id=<service_account_ID> \ --environment FOLDER_ID=<folder_ID>,INSTANCE_ID=<instance_ID> \ --secret name=oauth-token,version-id=<secret_version_ID>,key=key_token,environment-variable=OAUTHTOKEN \ --source-path=./function-js.zip \ --no-logging
Where:
--function-name: Name of the function a version of which you are creating.
--memory: Amount of RAM.
--execution-timeout: Maximum function execution time before the timeout is reached.
--runtime: Runtime environment.
--entrypoint: Entry point.
--service-account-id: ID of the service account with rights to invoke the function.
--environment: Environment variables:
FOLDER_ID: ID of the folder in which to restart the stopped VM instances.
INSTANCE_ID: ID of the VM instance to restart at interruption.
-
--secret: Yandex Lockbox secret details:
name: Secret name.
version-id: Secret version ID.
key: Secret key.
environment-variable: Environment variable where the secret will be kept.
-
--source-path: Path to the
index-js.ziparchive you created earlier.
- (Optional)
--no-logging: Set this flag to avoid logging and paying for Cloud Logging use.
Result:
done (16s) id: d4etv5f4sjet******** function_id: d4ebrmenrr7l******** ... log_options: disabled: true folder_id: b1g9d2k0itu4********
-
If you do not have Terraform yet, install it and configure the Yandex Cloud provider.
-
In the configuration file, describe the
function-restart-vmsfunction parameters and its versions:
resource "yandex_function" "function-restart-vms" { name = "function-restart-vms" user_hash = "first function" runtime = "nodejs18" entrypoint = "index.handler" memory = "128" execution_timeout = "3" service_account_id = "<service_account_ID>" folder_id = "<folder_ID>" environment = { FOLDER_ID = "<folder_ID>" INSTANCE_ID = "<instance_ID>" } secrets { id = "<secret_ID>" version_id = "<secret_version_ID>" key = "key_token" environment_variable = "OAUTHTOKEN" } content { zip_filename = "./function-js.zip" } }
Where:
name: Function name.
user_hash: Arbitrary string that identifies the function version.
runtime: Function runtime environment.
entrypoint: Entry point.
memory: Amount of memory allocated for function execution, in MB.
execution_timeout: Function execution timeout.
service_account_id: ID of the service account with rights to invoke a function.
folder_id: ID of the folder to create your function in.
environment: Environment variables:
FOLDER_ID: ID of the folder in which to restart the stopped VM instances.
INSTANCE_ID: ID of the VM instance to restart at interruption.
-
secrets: Yandex Lockbox secret details:
id: Secret ID.
version_id: Secret version ID.
key: Secret key.
environment_variable: Environment variable where the secret will be kept.
-
zip_filename: Path to the
index-js.ziparchive you created earlier.
For more information about the
yandex_functionresource parameters, see the provider documentation.
-
-
Make sure the configuration files are valid.
-
In the command line, go to the directory where you created the configuration file.
-
Run a check using this command:
terraform plan
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
-
-
Deploy cloud resources.
-
If the configuration does not contain any errors, run this command:
terraform apply
-
Confirm the function creation: type
yesin the terminal and press Enter.
This will create a function named
function-restart-vmsin the specified folder. You can check the new resources and their configuration using the management console or this CLI command:
yc serverless function get function-restart-vms
Result:
id: d4ees84gsdsd******** folder_id: b1g9d2k0itu4******** created_at: "2023-08-09T10:11:40.740Z" name: function-restart-vms log_group_id: ckgjitlio5aj******** http_invoke_url: https://functions.yandexcloud.net/d4ees84gsdsd******** status: ACTIVE
-
To create a function, use the create REST API method for the Function resource or the FunctionService/Create gRPC API call.
To create a function version, use the createVersion REST API method for the Function resource or the FunctionService/CreateVersion gRPC API call.
Create a trigger
Note
The trigger is initiated within 5 minutes of being created.
- In the management console, select the folder where you want to create your trigger.
- In the list of services, select Cloud Functions.
- In the left-hand panel, select Triggers.
- Click Create trigger.
- Under Basic settings:
- Enter the trigger name:
timer.
- In the Type field, select
Timer.
- In the Launched resource field, select
Function.
- Enter the trigger name:
- Under Timer settings, enter
* * ? * * *or select
Every minute.
- Under Function settings, select the
function-restart-vmsfunction and specify:
- Function version tag:
$latest.
- Previously created service account with rights to invoke the function.
- Function version tag:
- Click Create trigger.
To create a trigger that invokes a function, run this command:
yc serverless trigger create timer \
--name timer \
--cron-expression '* * ? * * *' \
--invoke-function-name function-restart-vms \
--invoke-function-service-account-id <service_account_ID>
Where:
--name: Trigger name.
--cron-expression: Function invocation schedule specified as a cron expression.
--invoke-function-name: Name of the function being invoked.
--invoke-function-service-account-id: ID of the service account with rights to invoke the function.
Result:
id: a1sv54ekvknb********
folder_id: b1g9d2k0itu4********
created_at: "2023-08-08T19:46:22.860681482Z"
...
function_tag: $latest
service_account_id: ajeh2dukocg3********
status: ACTIVE
To create a trigger that launches a function:
-
In the configuration file, describe the
timertrigger parameters:
resource "yandex_function_trigger" "timer" { name = "timer" timer { cron_expression = "* * ? * * *" } function { id = "<function_ID>" service_account_id = "<service_account_ID>" } }
Where:
name: Trigger name.
cron_expression: Function invocation schedule specified as a cron expression.
ID: ID of the function to be invoked by the trigger.
service_account_id: ID of the service account with rights to invoke a function.
For more information about resource parameters in Terraform, see the provider documentation.
-
-
Make sure the configuration files are valid.
-
In the command line, go to the directory where you created the configuration file.
-
Run a check using this command:
terraform plan
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
-
-
Deploy cloud resources.
-
If the configuration does not contain any errors, run this command:
terraform apply
-
Confirm creating the resources: type
yesin the terminal and press Enter.
This will create the
timertrigger in the specified folder. You can check the new resources and their configuration using the management console or this CLI command:
yc serverless trigger get timer
Result:
id: a1s4bvdvmod0******** folder_id: b1g9d2k0itu4******** created_at: "2023-08-09T10:19:12.356Z" ... function_id: d4ebrmenrr7l******** service_account_id: ajeh2dukocg3******** status: ACTIVE
-
To create a timer, use the create REST API method for the Trigger resource or the TriggerService/Create gRPC API call.
Test the function
- In the management console, go to the folder where you created your preemptible VM.
- In the list of services, select Compute Cloud.
- In the left-hand panel, select Virtual machines.
- Click next to the VM name and select Stop.
- In the window that opens, click Stop. The VM status will change to
Stopped.
- Check the VM status in a minute or later. Make sure it changes to
Running.
How to delete the resources you created
To stop paying for the resources you created:
- Delete the trigger.
- Delete the function.
- Delete the secret.
- Delete the VM.
- If you logged data to a log group, delete the group.