Most active commenters
  • danielvaughn(4)
  • steve_adams_86(4)

←back to thread

Fly.io Postgres cluster down for 3 days, no word from them about it

(webcache.googleusercontent.com)
797 points burnerbob | 32 comments | 20 Jul 23 23:42 UTC | HN request time: 0.97s | source | bottom
Show context
spiderice ◴[21 Jul 23 03:25 UTC] No.36809650[source]
There is now a response to the support thread from Fly[1]:

> Hi Folks,

> Just wanted to provide some more details on what happened here, both with the thread and the host issue.

> The radio silence in this thread wasn’t intentional, and I’m sorry if it seemed that way. While we check the forum regularly, sometimes topics get missed. Unfortunately this thread one slipped by us until today, when someone saw it and flagged it internally. If we’d seen it earlier, we’d have offered more details the.

> More on what happened: We had a single host in the syd region go down, hard, with multiple issues. In short, the host required a restart, then refused to come back online cleanly. Once back online, it refused to connect with our service discovery system. Ultimately it required a significant amount of manual work to recover.

> Apps running multiple instances would have seen the instance on this host go unreachable, but other instances would have remained up and new instances could be added. Single instance apps on this host were unreachable for the duration of the outage. We strongly recommend running multiple instances to mitigate the impact of single-host failures like this.

> The main status page (status.fly.io) is used for global and regional outages. For single host issues like this one we post alerts on the status tab in the dashboard (the emergency maintenance message @south-paw posted). This was an abnormally long single-host failure and we’re reassessing how these longer-lasting single-host outages are communicated.

> It sucks to feel ignored when you’re having issues, even when it’s not intentional. Sorry we didn’t catch this thread sooner.

[1] https://community.fly.io/t/service-interruption-cant-destroy...

replies(10): >>36809693 #>>36809725 #>>36809824 #>>36809928 #>>36810269 #>>36810740 #>>36811025 #>>36812597 #>>36812956 #>>36813681 #
mrcwinn ◴[21 Jul 23 03:39 UTC] No.36809725[source]
For what it’s worth, I left Fly because of this crap. At first my Fly machine web app had intermittent connection issues to a new production PG machine. Then my PG machine died. Hard. I lost all data. A restart didn’t work - it could not recover. I restored an older backup over at RDS and couldn’t be happier I left.
replies(5): >>36809880 #>>36810018 #>>36810039 #>>36810724 #>>36814012 #
steve_adams_86 ◴[21 Jul 23 04:07 UTC] No.36809880[source]
I left digitalocean for fly because some of their tooling was excellent. I was pretty excited.

I’m back on digitalocean now. I’m not unhappy about it, they’re very solid. I don’t love some things about their services, but overall I’d highly recommend them to other developers.

I gave up on fly because I’d spontaneously be unable to automate deployments due to limited resources. Or I’d have previously happy deployments go missing with no automatic recovery. I didn’t realize this was happening to a number of my services until I started monitoring with 3rd party tools, and it became evident that I really couldn’t rely on them.

It’s a shame because I do like a lot of other things about them. Even for hobby work it didn’t seem worth the trouble. With digitalocean, everything “just works”. There’s no free tier, but the lower end of pricing means I can run several Go apps off of the same droplet for less than the price of a latte. It’s worth the sanity.

replies(4): >>36810127 #>>36810379 #>>36813660 #>>36813890 #
1. danielvaughn ◴[21 Jul 23 04:53 UTC] No.36810127[source]
I adore DO. They’re seriously underrated. I love how they’ll just give you a server and say here, have at it. No abstractions, no fancy crap, just get out of my way and let me do my thing.
replies(10): >>36810554 #>>36810628 #>>36810638 #>>36812302 #>>36813142 #>>36813668 #>>36814283 #>>36823458 #>>36827607 #>>36834710 #
2. justsid ◴[21 Jul 23 06:13 UTC] No.36810554[source]
I wish I could say the same. My ISP and DO have absolutely terrible peering, unfortunately a lot of our internal stuff is hosted there. It’s always fun to git push/pull with 40kb/s on a gigabit connection.
replies(2): >>36810619 #>>36811718 #
3. masklinn ◴[21 Jul 23 06:25 UTC] No.36810619[source]
Maybe you could VPN to or proxy through a box with good peering to you and DO?
replies(1): >>36810741 #
4. JanSt ◴[21 Jul 23 06:26 UTC] No.36810628[source]
I'm using Digital Ocean App platform, which does pretty much everything for me. It's very simple to use. I can run my app as a single developer without caring about infrastructure for 99% of the time.
replies(2): >>36811443 #>>36823542 #
5. vasco ◴[21 Jul 23 06:28 UTC] No.36810638[source]
Same! I've had my first server there for 10 years now. They added a lot of stuff in the meantime, they have AWS-like things you can do. But in terms of launching a VM that just works, they are a great choice.
replies(1): >>36813291 #
6. aidos ◴[21 Jul 23 06:46 UTC] No.36810741{3}[source]
When I’ve run into this in the past Cloudflare Warp has been a bit of a saviour. It’s a hassle free way to flick a switch and follow a different path over the network.
7. fauigerzigerk ◴[21 Jul 23 08:32 UTC] No.36811443[source]
Do they offer authentication/authorization?

This is the one thing I need in every app and don't want to do myself.

replies(4): >>36811797 #>>36813386 #>>36813744 #>>36814722 #
8. abwizz ◴[21 Jul 23 09:16 UTC] No.36811718[source]
wow! sub mbps indicates that there is indeed no peering at all (political issues?) but just a transit connection via an overloaded carryall.

collect some evidence, maybe someone wants to do something about it.

9. spacebanana7 ◴[21 Jul 23 09:29 UTC] No.36811797{3}[source]
I've been using Supabase for authentication/authorization in my recent side project.

The main app is node/express running on Digital Ocean and it connects to directly to the Supabase hosted Postgres for most operations, but then uses the Supabase auth API for auth related stuff.

Saves a lot of time sending password reset emails etc and the entire project costs less than $5/mo in hosting costs.

10. yard2010 ◴[21 Jul 23 10:56 UTC] No.36812302[source]
I love their high value content about dev ops, I have learned most of what I know in this field tinkering with a VPS with their great tutorials on how to set up stuff.
replies(2): >>36812714 #>>36823186 #
11. brightball ◴[21 Jul 23 11:47 UTC] No.36812714[source]
They filled the Slicehost vacuum nicely in this area. That's where I got my start in running my own servers about 15 years ago and the tutorials were the driving factor.
12. dbingham ◴[21 Jul 23 12:46 UTC] No.36813142[source]
I love DO for projects where I don't need control. For my side project, I eventually migrated to AWS after running into a lot of issues with DO.

Things like they don't give you the postgres root user on their managed postgres. And I ran into issues trying to capture the deployments in code. Their terraform providers are pretty good, but still leave something to be desired. For all its many warts, I'm much happier back on AWS. It did end up more expensive, but it's worth it for the fine grained control in my case.

But I spent the last 5 years as a DevOps/SRE, so... uh... I'm picky.

replies(2): >>36813306 #>>36823571 #
13. danielvaughn ◴[21 Jul 23 13:05 UTC] No.36813291[source]
Yeah I hadn't seen those newer features until recently, the one-click deployments are super cool.
14. danielvaughn ◴[21 Jul 23 13:07 UTC] No.36813306[source]
That's interesting, because granular control is why I enjoy DO, although I'm thinking about it from the server perspective. They set up a machine, give me root access, and that's literally it. I set up my own ssh keys, firewalls, and there's no additional abstraction that I have to learn. I might just be reminiscing because right now I'm on a team where we're writing terraform/helm/k8s in GCP and it makes me want to cry myself to sleep each night lol.
15. okhuman ◴[21 Jul 23 13:16 UTC] No.36813386{3}[source]
Would you consider a project like https://github.com/authcompanion/authcompanion2 for the authentication side? Missing anything?
replies(1): >>36814350 #
16. bjord ◴[21 Jul 23 13:45 UTC] No.36813668[source]
historically, I've used Vultr, but I don't see anyone talking about it—I'm curious if anyone else has thoughts on them? (I've been happy, but then again my usage has been exceedingly basic)
replies(2): >>36813883 #>>36814910 #
17. pc86 ◴[21 Jul 23 13:50 UTC] No.36813744{3}[source]
In addition to Supabase Auth the sibling mentions (which I played with very briefly) I've been using clerk.dev (no affiliation) and it's great. Depending on your definition of doing it yourself it could be just want you want. You have to set some things up, you're not going to get things like row-level permissions you get out of the box w/ Supabase, but if you're looking for a quick implementation where things like password reset etc. are handled for you, it might be a good fit.
18. tedchs ◴[21 Jul 23 14:03 UTC] No.36813883[source]
I've used Vultr for several years (hobby projects) with no issues. My favorite feature is having a BGP session from my VM, which is unusual among cloud providers. I have an AS and am able to advertise my own IPs from multiple Vultr instances (anycast).
replies(1): >>36814660 #
19. eduction ◴[21 Jul 23 14:35 UTC] No.36814283[source]
I went to DO's site due to your comment and I don't see anywhere where I can just get a server. Do you mean a VPS/Droplet? (I'm looking under Products and Solutions.)
replies(2): >>36814600 #>>36814680 #
20. fauigerzigerk ◴[21 Jul 23 14:39 UTC] No.36814350{4}[source]
No I would not.

I don't like self hosting anything that requires its own process. And if I did decide to self host I would choose a more mature project.

This is a very young one man project delegating the heavy lifting to another one man project. And it doesn't appear to support social logins.

replies(1): >>36819868 #
21. gregsadetsky ◴[21 Jul 23 14:59 UTC] No.36814600[source]
Not GP, but yes -- Droplets are DigitalOcean's "servers" (virtual, but nonetheless).

You boot one up in less than 30 seconds, and get ssh access to it almost immediately. It's very BS-free.

22. LtdJorge ◴[21 Jul 23 15:03 UTC] No.36814660{3}[source]
How do you get an AS?
23. danielvaughn ◴[21 Jul 23 15:05 UTC] No.36814680[source]
The other commenter was correct - I meant a droplet. Should have been more explicit, apologies. But yeah if you're looking to learn how to work with backends, going through a droplet set up is by far the best way to get started IMO.
24. LtdJorge ◴[21 Jul 23 15:08 UTC] No.36814722{3}[source]
I like https://github.com/goauthentik It has Helm charts and a Terraform provider.
25. creeble ◴[21 Jul 23 15:26 UTC] No.36814910[source]
Have used both DO and Vultr for years. Put simply, DO is better, but Vultr isn’t terrible.

Higher number of outages at Vultr over 5 years, but none longer than a few hours. I can’t remember the last DO outage lasting more than a few minutes.

Experienced a Vultr routing problem that lasted several hours; they communicated about it, but it was still a long time to fix.

DO once did an auto-migration of a server to another cluster with an attendant outage that lasted a few minutes at most. No IP changes, completely transparent.

26. okhuman ◴[21 Jul 23 21:13 UTC] No.36819868{5}[source]
thanks for the feedback.
27. xp84 ◴[22 Jul 23 04:14 UTC] No.36823186[source]
Seriously! They have an amazing article I followed one time to set up a k8s cluster to run any container I wanted with full automatic ssl provisioning/management and dns. Make a quick little yml file that includes what subdomain it wants to be and kubectl apply. The cluster was like $100 a month all-in and performed like a beast at huge traffic levels, and all I did was follow a tutorial.

I know that’s probably pretty easy for many, but I was pretty new to k8s and it felt like magic.

28. steve_adams_86 ◴[22 Jul 23 05:05 UTC] No.36823458[source]
I agree. I can either abstract with the app platform or kubernetes, or I can go straight into the box myself and do whatever needs doing. It has been a real pleasure.

I think fly’s tooling feels better than doctl, but the infrastructure is incomparable at the end of the day. doctl has improved over time too, and with added pressure from newcomers I don’t doubt that it’ll continue to improve.

29. steve_adams_86 ◴[22 Jul 23 05:24 UTC] No.36823542[source]
Same, it works really well.

Part of what inspired me to give fly.io a shot was that I didn’t love the monorepo deployment story on the app platform. Fly doesn’t have a solution to that, but I suppose I felt less tied to DO at the time because I wasn’t totally content anyways. I’ve discovered since then that I was actually doing it wrong, so I’m way happier. I’m pretty big on monorepos so their whole system fits my workflow remarkably well now.

I’d like to figure out how to prevent deployments when my code doesn’t change in one app, but does in another. At the moment, pushing anything at all will trigger all apps to rebuild and deploy again. Not a huge deal and several orders of magnitude less painful than not being able to deploy at all, haha.

30. steve_adams_86 ◴[22 Jul 23 05:31 UTC] No.36823571[source]
Those are good things to know. I’ve been wondering about their managed databases recently, so I’ll keep that in mind.

I’m nowhere near as picky as you are, but maybe I’ll need to be at some point. As it is I mostly just build stuff and send it to the internet. If it builds and it does what I expected, I’m pretty happy! I don’t often need anything too special.

31. apple4ever ◴[22 Jul 23 16:34 UTC] No.36827607[source]
I really love DO except for one thing - you can't run your own firewall/router there (like opnSense). Really hard to link systems together.
32. michaelcampbell ◴[23 Jul 23 12:28 UTC] No.36834710[source]
I find myself going to DO docs on various setup things even when I'm not using said thing on DO (although I'm also a DO customer, and love them for the reasons you've stated).