Notes for Week 6 of 2021

I continued spending this week on internal infrastructure and connecting applications with databases. I also started getting a lot of email bounces. Seems like someone likes to use one of my emails to spam.

Fixing Email

I set up my email a long time ago, before the modern antispam times. DKIM and SPF were for this week; DMARC is up next. Google has good docs:

I have discovered the usefulness of SPF even if you don’t use email on that domain. For all my domains where that’s the case, I have added this TXT record:

v=spf1 ~all

This declares the domain as sending no email at all and prevents spoofing.


MySQL Cluster setup

  • Aurora is only compatible with MySQL 5.7 (the current version is 8.0)

  • Write forwarding is only available for the aurora global database, not when making cross-region replicas

  • Aurora doesn’t verify replication checksums by default, but that can be enabled with binlog_checksum.

  • Anno Domini 2021, Aurora MySQL limits password length to 41 characters

  • To retrieve available parameters: aws rds describe-db-parameters --db-parameter-group-name=default.aurora-mysql5.7

  • AWS docs on working with parameter groups

  • Database parameter group and cluster database parameter group are different beasts. Using the wrong one leads to an InvalidParameter error.

  • Not really, obviously, parameter groups are of two types: static and dynamic. The static parameters require apply_method = "pending-reboot" attribute. Do this if you encounter Error: error modifying DB Cluster Parameter Group: InvalidParameterCombination: cannot use immediate apply method for the static parameter.

  • This is described well in Instacart’s Terraforming RDS series:

  • In AWS UI, the application hangs if you switch Regions on the Database page. Use the Dashboard link to continue

  • The only way in UI to know that cross-region replication is working well is to check Replication source in the configuration tab for the slave cluster. You will still see a writeable node. In CLI, check ReadReplicaIdentifiers of the aws rds describe-db-clusters

  • For debugging replication issues on follower: use SHOW SLAVE STATUS\G in the MySQL console

  • Slave cluster broken beyond repair? Use the power of terraform! Just terraform destroy target=aws_rds_cluster.slaveclustername && terraform apply, and you’re done!

    • Just kidding: InvalidDBClusterStateFault: Cannot delete the last instance of the read replica DB cluster. Promote the DB cluster to a standalone DB cluster in order to delete it
    • Terraform is only working on resource level and not un-promoting cluster correctly. Use the following commands to fix:
    • aws rds describe-db-clusters | grep DBClusterIdentifier
    • aws rds promote-read-replica-db-cluster --db-cluster-identifier=<see above>
    • Re-run terraform destroy target=aws_rds_cluster.slaveclustername
    • If this leads to InvalidDBClusterStateFault: Cluster cannot be deleted, it still contains DB instances in non-deleting state., run terraform refresh and repeat
  • Good overview of various replication options is on Jayendra’s blog

Connecting MySQL and next.js with Prisma

Digital Ocean App Platform

Digital Ocean launched a much-needed competitor for Heroku. I’ve been deploying a Django application there.

  • DigitalOcean App platform doesn’t support monorepo from the UI, but it does from the CLI. Example in their monorepo and then the app has to be deployed from CLI. This is easy: doctl apps create --spec .do/app.yaml
  • doctl apps logs doesn’t support your app id (like example-app), you have to use UUID retrieved from doctl apps list. This is the case for a lot of other commands and makes the CLI usage a bit more cumbersome than it should be
  • Updating the spec of the app is possible via doctl apps update <app id> --spec .do/app.yaml. In my case, it deletes the explicitly provided environment variables though
  • The platform doesn’t have a native way how to send deployment hooks to Slack

Published in Weekly Notes and tagged

All texts written by . I'd love to hear your feedback. If you've liked this, you may want to subscribe for my monthly newsletter, RSS , or Mastodon. You can always return to home page or read about the site and its privacy handling.