Evan Byrne

Menu

Reflections on Self-Hosting with Rove v0.0.3

RoveDocker SwarmSelf-Hosting

In late summer of 2024, I quietly released Rove to the world as a response to the many lessons I had learned from building Beaker Studio, a continuous deployment platform for AWS. Rove is in many ways the antithesis of Beaker Studio. Instead of using closed-source technology to deploy to cloud services that have become outrageously expensive and complex to work with, Rove is free software that uses Docker Swarm to deploy to your own server with roughly equivalent ease to using a modern closed-source PaaS. At least that is how it was advertised. I've been busy at my day job working on our cancer diagnostics offering, so it was not until quite recently that I actually had the opportunity to deploy a production service with Rove. For the most part, Rove performed wonderfully. The services deployed with Rove run without any issues and adventurous administrators can use it for production workloads today. However, I also ran into some gaps in the implementation, which required SSH-ing into the server and running a few commands manually.

The following additions have been made to the roadmap based on my findings from using Rove v0.0.3 in a production environment:

  • [✓] #18: Oftentimes, services just need to be redeployed without requiring any changes to their configuration. To support this workflow better, a rove service redeploy <name> command will be added. This has been implemented on main and is now the recommended way to redeploy services from CI.
  • [✓] #15: Some images need to be manually pulled before they can be run with Docker. This is fairly obvious in retrospect and I accounted for this when building Beaker Studio, but must have missed with Rove because my manual testing was done entirely with public Docker Hub images.
  • [✓] #17: Existing UDP ports are missing their /udp suffix in deployment and service inspection diffs.
  • #16: Low level ports (<1024), including common ones like 80 and 443, are unable to be binded to by default in Ubuntu and possibly other distros as well. A remedy is to set net.ipv4.ip_unprivileged_port_start in /etc/sysctl.conf to a reasonable low value. For our purposes, a default value of 80 along with a flag to modify the setting would be appropriate, because this would prevent applications from binding to the standard FTP, SSH, Telnet, and DNS ports while allowing HTTP, HTTPS, and IMAP.
  • #13: Flags are present in rove task run for mounting to volumes, but missing from rove service run. This is slightly more complex than it seems on the surface, because it involves diffing the existing service state and selectively adding/removing in the Swarm update.
  • #14: It would be nice to be able create, list, and delete volumes directly from Rove, rather than having to SSH into the server and run Docker commands manually.
  • #19: Diffs need more details. For example, secrets are currently reported as just their name (secrets=["my-service-env"]), but users probably want to see non-default options, like where the secret was mounted, in the diff (secrets=["source=my-service-env,target=.env"]). This will require changes to how Rove diffs many different parts of service configuration.

There is plenty of work to be done, but the nice thing about working on a project like Rove is that every update comes back around. Self-hosting has cut my web hosting bill down from nearly $100/mo to <$10, and it is way easier than managing a web of AWS configuration.

Get the latest articles in your inbox: