Skip to content

Commit 4dee884

Browse files
Add mainnet Metabase Fly deployment config
1 parent 8c0c998 commit 4dee884

3 files changed

Lines changed: 156 additions & 0 deletions

File tree

fly/mainnet-metabase-setup.md

Lines changed: 110 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,110 @@
1+
# Mainnet Metabase Fly setup
2+
3+
`fly/mainnet.metabase.fly.toml` is the Fly app config for the Noah mainnet
4+
Metabase instance.
5+
6+
Metabase needs two Postgres connections:
7+
8+
- an application database, where Metabase stores its own users, dashboards,
9+
saved questions, permissions, and sync metadata
10+
- a read-only reporting connection to the existing Noah mainnet database
11+
12+
The current Noah mainnet Managed Postgres cluster is:
13+
14+
```text
15+
Cluster ID: 3x9jv02ywl6r6qp7
16+
Cluster name: noah-mainnet-db
17+
Database: fly-db
18+
Schema admin user: fly-user
19+
Region: iad
20+
Direct IP: fdaa:38:716f:0:1::4
21+
```
22+
23+
Fly Managed Postgres roles are cluster-wide. A `schema_admin` user can read and
24+
write across the cluster, so the safest setup is to use a separate small Managed
25+
Postgres cluster for Metabase's application database and use a `reader` user on
26+
`noah-mainnet-db` only for reporting.
27+
28+
## One-time setup
29+
30+
Create the Metabase Fly app:
31+
32+
```sh
33+
fly apps create noah-mainnet-metabase
34+
```
35+
36+
Create a separate Managed Postgres cluster for Metabase's own application state:
37+
38+
```sh
39+
fly mpg create \
40+
--name noah-mainnet-metabase-db \
41+
--region iad \
42+
--plan Basic \
43+
--volume-size 10 \
44+
--pg-major-version 16
45+
```
46+
47+
List the new cluster and save its ID:
48+
49+
```sh
50+
fly mpg list personal
51+
```
52+
53+
Attach the new Metabase database cluster to the Metabase app. This stores the
54+
Metabase application database connection string as the `MB_DB_CONNECTION_URI`
55+
secret:
56+
57+
```sh
58+
fly mpg attach <metabase-cluster-id> \
59+
--config fly/mainnet.metabase.fly.toml \
60+
--database fly-db \
61+
--username fly-user \
62+
--variable-name MB_DB_CONNECTION_URI
63+
```
64+
65+
`fly mpg attach` stores a normal Postgres URL. Metabase expects a JDBC URL for
66+
`MB_DB_CONNECTION_URI`, so replace that secret with a JDBC URL after attaching.
67+
Use the Metabase database cluster's Direct IP from `fly mpg status`:
68+
69+
```sh
70+
fly secrets set -a noah-mainnet-metabase \
71+
MB_DB_CONNECTION_URI='jdbc:postgresql://[<metabase-db-direct-ip>]:5432/fly-db?sslmode=disable' \
72+
MB_DB_USER=fly-user \
73+
MB_DB_PASS='<fly-user password from the attach URL>' \
74+
MB_ENCRYPTION_SECRET_KEY='<random 32+ character secret>'
75+
```
76+
77+
Create a read-only reporting user on the existing Noah mainnet cluster:
78+
79+
```sh
80+
fly mpg users create 3x9jv02ywl6r6qp7 \
81+
--username metabase-readonly \
82+
--role reader
83+
```
84+
85+
Deploy Metabase:
86+
87+
```sh
88+
fly deploy --config fly/mainnet.metabase.fly.toml --remote-only
89+
```
90+
91+
The first boot can be slow because Metabase creates and migrates its application
92+
database before `/api/health` returns healthy. The Fly config uses a longer
93+
deploy wait for that first start.
94+
95+
After the first deploy, open Metabase and add the Noah mainnet database as a
96+
data source:
97+
98+
```text
99+
Database type: PostgreSQL
100+
Host: fdaa:38:716f:0:1::4
101+
Port: 5432
102+
Database name: fly-db
103+
User: metabase-readonly
104+
Password: <metabase-readonly password from Fly>
105+
Use a secure connection: disabled
106+
```
107+
108+
This keeps Metabase's own state outside the production Noah cluster while
109+
limiting reporting access to read-only queries against the production `fly-db`
110+
database.

fly/mainnet-setup.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,10 @@
55
There is intentionally no `fly/mainnet.postgres.toml`.
66
Fly Managed Postgres is not deployed as a second app config like the legacy Signet Postgres machine. It is created and attached separately.
77

8+
Metabase for mainnet is configured separately in `fly/mainnet.metabase.fly.toml`.
9+
See `fly/mainnet-metabase-setup.md` for the Metabase app database and read-only
10+
reporting role setup.
11+
812
## One-time setup
913

1014
Create the mainnet app:

fly/mainnet.metabase.fly.toml

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
# Fly app configuration for Noah mainnet Metabase.
2+
#
3+
# Metabase stores its own users, dashboards, and settings in a separate app
4+
# database. The Noah mainnet database should be added inside the Metabase UI
5+
# with a read-only reporting role.
6+
7+
app = "noah-mainnet-metabase"
8+
primary_region = "iad"
9+
10+
[build]
11+
image = "metabase/metabase:latest"
12+
13+
[deploy]
14+
strategy = "rolling"
15+
wait_timeout = "30m"
16+
17+
[env]
18+
MB_DB_TYPE = "postgres"
19+
MB_JETTY_HOST = "0.0.0.0"
20+
MB_JETTY_PORT = "3000"
21+
MB_LOAD_SAMPLE_CONTENT = "false"
22+
MB_SITE_URL = "https://noah-mainnet-metabase.fly.dev"
23+
24+
[http_service]
25+
internal_port = 3000
26+
force_https = true
27+
auto_stop_machines = "off"
28+
auto_start_machines = true
29+
min_machines_running = 1
30+
processes = ["app"]
31+
32+
[[http_service.checks]]
33+
grace_period = "1m"
34+
interval = "30s"
35+
method = "GET"
36+
timeout = "10s"
37+
path = "/api/health"
38+
39+
[[vm]]
40+
memory = "4gb"
41+
cpu_kind = "shared"
42+
cpus = 2

0 commit comments

Comments
 (0)