Elastic Beanstalk crons on multi-instance environments

Wow. What a lot of pain.

So let me first confirm what won’t work. Whether Apache 1, Apache 2, leader_only or EB_IS_COMMAND_LEADER testing, you cannot consistenty get exactly one (not zero, or 2+) instances to run a cron job over a long period of time.

The issue is the the leader information isn’t safe. It’s only available during deployments, when you usually first set up the cron job. But when an instance replacement happens—for whatever reason—there is no related deployment, the test to check if the new instance is the leader fails, and you end up with no crons.

So for anything you do at the moment of deployment—database migrations, logging, whatever— that you only want to run once, even on multi-instance environments in an Elastic Beanstalk Application, you can use and trust the leader tests available to you.

But for anything you want to run regularly, on a schedule across weeks and months, you cannot trust those options.

After a lot of research, and trial and error there are two options available to you.

Worker environments

The ‘official’ way is probably via a worker environment. Essentially an instance set up specifically to schedule and run short or long lives processes.

You can learn more about them via the links below, but for the rest of this article we’ll be talking about the alternative option of ‘runtime leader testing’.

https://medium.com/@joelennon/running-cron-jobs-on-amazon-web-services-aws-elastic-beanstalk-a41d91d1c571

Runtime leader testing

This option means running the cron on every instance of an environment, but the initial section of the code being run checks the if the instance id that it’s running on is the first to be returned in the list of all instances. That is, only the first instance id returned by the aws elastic beanstalk api will continue to run the task.

Below the examples are in PHP, but it’s a valid method for other languages too.

We’re assuming you’ve already set up a cron and know how to alter it to make it run on all instances of your environment.

The steps in this guide:

  • Create an IAM user just for this process and give it limited read permissions
  • Add the credentials to EB configuration
  • Write code to check the instance id from the api against the current instance id

Adding the user

  • Open IAM in AWS console
  • Click Users
  • Click Add users
  • Type your User name – we used “[applicationCode]-eb-read-user”
  • Click the ‘Access Key’ access type
  • Click Next: Permissions
  • Click the ‘Attach existing policies directly’ tab
  • Type ‘AWSElasticBeanstalkReadOnly’ and select it
    • NB: This permission actually gives more access than is required and you could trim it further
  • Click Next: Tags
  • Click Next: Review
  • Click Create user
  • Take a copy of the KEY and SECRET

Storing the key and secret in the environment

  • Open your environment
  • Click configuration
  • Click ‘edit’ on the ‘Software’ section
  • Add two new items, one for the key (examples use AWS_KEY) and one for the secret (examples use AWS_SECRET)

The code

So this is php, but the basic idea is:

  • Install the aws library – here we use composer
  • Add some code to call the library
  • Compare the first returned instance id against the id of the instance running the code

Install the aws library

$composer require aws/aws-sdk-php

Add the code to do the check

$client = ElasticBeanstalkClient::factory([
    'credentials' => [
        'key' => $_ENV['AWS_KEY'],
        'secret' => $_ENV['AWS_SECRET'],
    ],
    'region'  => '[[your region]]',
    'version' => 'latest'
]);

Replace [[your_region]] above with your own

$result = $client->describeEnvironmentResources([
    'EnvironmentName' => '[[your_environment_name]]'
]);

Then load in the current instance’s id

$currentId = file_get_contents("http://instance-data/latest/meta-data/instance-id");

Then compare the API’s first result to the current one. If the same, so something, otherwise don’t.

if ($currentId == $result['EnvironmentResources']['Instances'][0]['Id'])
{
    // do something. Only one instance will get here
}
else
{
    // don't do anything. All other instances will be here
}

Other useful resources:

https://rotaready.com/blog/scheduled-tasks-elastic-beanstalk-cron

Updating PHP on an AWS Lightsail WordPress Stack

Updated 27th September 2020 to consider restart of all services where restarting just apache isn’t enough, and also to share choice when it comes to import first vs SSL first as you may lose permalinks. Thanks to Peter and Simon in the comments.

Updated 25th January 2021 to add an initial paragraph clarifying that you can’t ‘choose’ a PHP version on Lightsail and to further clarify that you must first check which version of PHP a new AWS Lightsail instance will be built with to confirm it will resolve the message being displayed in WordPress.

Updated 11th May 2021 to confirm that snapshots cannot be used to update the PHP version of a Lightsail Bitnami instance.

Updated 22nd September 2022 to add a link to a guide to check which PHP version you’ll get if you spin up a new Lightsail WordPress instance. Also added a note about WordPress supported PHP versions.

Updated 7th September 2023 to add a mention of the option to use Bitnami’s bncert tool to create an SSL certificate


NB: If you’re hoping for a way to click ‘update php’ or ‘use X version of PHP’ in Lightsail, it doesn’t (at time of writing) exist. This guidance will walk you though creating a new Lightsail instance with a newer version of PHP installed and moving everything over to it.

The AWS Lightsail service is great. Click a few buttons and you have a powerful VPS with WordPress up and running for only a few dollars a month. The Bitnami integration allows you to choose from a whole set of Stacks to include upon setup. The LAMP option allows a competent PHP developer to run almost anything on Lightsail.

But after a while running the Lightsail VPS the setup is going to get stale, and because Bitnami bundles everything up, it’s not recommended to go poking around with only a few parts of it.

That’s the challenge I was faced with. Logging into the WordPress admin console a message is displayed which is telling me WordPress would prefer a newer version of PHP please. My version was old and not receiving security updates.

I read a fair bit about my options, but after looking at the choices I decided the best thing was to do an export and import onto a new Lightsail instance.

Continue reading “Updating PHP on an AWS Lightsail WordPress Stack”

Yii upgrade service

Yii 1.1 is currently in maintenance mode following Yii 2 being released way back in May 2013.

Support and bug fixes for Yii 1 were only provided until December 31, 2016 and security fixes and PHP 7 compatibility ends December 31, 2020.

That means that right now the only reason updates to Yii 1 are being created and made available are for security issues found in the existing codebase, and from 2021 it’s mothballed completely.

If you’re maintaining a Yii 1 codebase it’s time to start thinking about how to migrate away from Yii completely, or upgrade your codebase to Yii 2.

There is an official guide aimed at supporting the upgrade process, but it is unlikely to get you from Yii 1 to Yii 2 without significant pain and head scratching.

Converting from Yii 1 to Yii 2 is completely unlike developing code for either framework, and you’d want to source a Yii upgrade professional rather than getting an inexperienced developer or team involved with a large or mission critical codebase.

Personally I’ve now upgraded four codebases from Yii 1 to Yii 2. All the upgrades have been different. All follow a similar path, and the repeatable process I’ve created, but each has its own edge cases, bespoke widgets and complexities.

The work takes many days per codebase before testing and perfection can happen, and where an existing development team are involved with ongoing development or support of the Yii 1 system, it’s best handled as a team effort. Acceptance that the process isn’t anywhere close to just flicking a switch or downloading a patch is required from day one.

At this point I’m considering two next steps.

Firstly, if your company has significant budget and is in need of support moving from Yii 1 to Yii 2, I’d be interested in hearing from you. You may want a supportive voice helping your existing developers to make the move. You may also be looking to hand over a Yii 1 codebase and get it back ready for some testing and iteration.

Secondly, I’m considering sharing some or all of the process I’ve created for manually moving a codebase over from Yii 1 to Yii 2, the gotchas, the process and how to update specific things within Yii 1, where it isn’t as simple as a like

Feel free to send me a direct message on Twitter @harrybailey or leave a comment below if you’d like to contact me.

Yii 1, PHP 7.1, yii-pdf and Mpdf

Mpdf 6.x only supports PHP versions up to 7.0. If you’re upgrading your local machine, or hosting environment to PHP 7.1 or beyond (you should be) then you’ll need to upgrade your Mpdf install to something more recent than 6. That requires a few changes.

Now just to make things complex here, the latest version of Mpdf happens to be version 7.1. From here on I’ll try and prefix any version numbers with either PHP or Mpdf.

Mpdf 7 and greater is composer install only. You could still download and copy the files into place, but I highly recommend using composer to manage your vendor packages in Yii (and Yii 2). It will save you hours and hours over time.

Mpdf 7 has updated it’s class name to be Mpdf with a capital M, and changed it’s construct method to accept a config array instead of separate parameters. Small but significant updates we’ll have to deal with.

If you’re already using composer, then you’ll have a composer.json file in the root of your codebase, and in there you should have a line which starts “mpdf/mpdf”.

That line will probably end something like “^6.0” or “^6.4”

Assuming it’s less than “7.x.x” we’re going to update with composer.

Back up your codebase. I shouldn’t have to mention it, but do it, honest.

Run composer require mpdf/mpdf “^7.0”

That line will install the latest version, Mpdf 7.1, allow anything newer to be installed if you update in the future, and change your composer.json file (and likely your composer.lock file too) to include the newer information.

So we have the latest code, but we need to update Yii to use it.

yii-pdf wraps mpdf and makes it available via Yii->app()->ePdf->mpdf()

The yii-pdf config to get it functioning with Mpdf 7+ will look something like this:

'ePdf' => [
	'class' => 'application.extensions.yii-pdf.EYiiPdf',
	'params' => [
		'mpdf' => [
			'librarySourcePath' => 'vendor.mpdf.mpdf.src.*',
			'constants' => [
				'_MPDF_TEMP_PATH' => Yii::getPathOfAlias('application.runtime'),
			],
			'class'=>'\Mpdf\Mpdf',
			'defaultParams' => [
				'mode' => '',		//  This parameter specifies the mode of the new document.
				'format' => 'A4',	// format A4, A5, ...
			],
		],
	],
],

Note the librarySourcePath and class values. You can add your existing defaultParams and anything else which was in your preferences previously.

The last part is to update all places where you call the mpdf library. Previously it would have looks something like:

$mpdf = Yii::app()->ePdf->mpdf('UTF-8', '', 0, '', 15, 15, 15, 15, 8, 8);

We now convert the config to be an array of values:

$mpdf = Yii::app()->ePdf->mpdf(['UTF-8', '', 0, '', 15, 15, 15, 15, 8, 8]);

And that should be it. Update using composer, update your config, update all locations you instantiate mpdf. Then check your pdf generating code is still functioning.

Chrome browser masking PHP errors

I thought I was going mad for a while, but it turns out that sometimes spotting php error messages which come back from the server to the Google Chrome browser can be really tough.

If the error is inside an html element or attribute of an html element you’re going to struggle to see it in Google Chrome…

<a href="<?= $Model->fakeFunction(); ?>">link</a>

If $Model doesn’t have a method called fakeFunction then php will spit a “Fatal error: Call to a member function” error. The page that is displayed in Chrome won’t show you the error and viewing the source will also hide it from you.

Even the elements tab in Chrome Developer Tools won’t show it.

There only way I’ve been able to find the error content is to look at the network tab in Chrome and view the raw response of the document back from the server.

A few hours lost on this one!