Tools
-
- Used for building the disk image of the orchestrator client and server
-
Terraform (v1.5.x)
- We ask for v1.5.x because starting from v1.6 Terraform switched their license from Mozilla Public License to Business Source License.
- The last version of Terraform that supports Mozilla Public License is v1.5.7
-
- Used for managing the infrastructure on Google Cloud
Accounts
- Cloudflare account
- Domain on Cloudflare
- GCP account + project
- PostgreSQL database (Supabase's DB only supported for now)
Optional
Recommended for monitoring and logging
- Grafana Account & Stack (see Step 15 for detailed notes)
- Posthog Account
Check if you can use config for terraform state management
-
Go to
console.cloud.google.comand create a new GCP project -
Create
.env.prod,.env.staging, or.env.devfrom.env.template. You can pick any of them. Make sure to fill in the values. All are required if not specified otherwise.Get Postgres database connection string from your database, e.g. from Supabase: Create a new project in Supabase and go to your project in Supabase -> Settings -> Database -> Connection Strings -> Postgres -> Direct
-
Run
make switch-env ENV={prod,staging,dev}to start using your env -
Run
make login-gcloudto login togcloud -
Run
make init. If this errors, run it a second time--it's due to a race condition on Terraform enabling API access for the various GCP services; this can take several seconds. A full list of services that will be enabled for API access: -
Run
make build-and-upload -
Run
make copy-public-builds. This will copy kernel and rootfs builds for Firecracker to your bucket. You can build your own kernel and Firecracker roots. -
Run
make migrate -
Secrets are created and stored in GCP Secrets Manager. Once created, that is the source of truth--you will need to update values there to make changes. Create a secret value for the following secrets:
- e2b-cloudflare-api-token
Get Cloudflare API Token: go to the Cloudflare dashboard -> Manage Account -> Account API Tokens -> Create Token -> Edit Zone DNS -> in "Zone Resources" select your domain and generate the token
- e2b-supabase-jwt-secrets (optional / required to self-host the E2B dashboard)
Get Supabase JWT Secret: go to the Supabase dashboard -> Select your Project -> Project Settings -> Data API -> JWT Settings
- e2b-grafana-api-key (optional) - read more in grafana README
- Posthog API keys for monitoring (optional)
- Run
make plan-without-jobsand thenmake apply - Fill out the following secret in the GCP Secrets Manager:
- e2b-postgres-connection-string
This is the same value as for the
POSTGRES_CONNECTION_STRINGenv variable.
- Run
make planand thenmake apply. Note: This will work after the TLS certificates was issued. It can take some time; you can check the status in the Google Cloud Console - Setup data in the cluster by following one of the two
make prep-clusterinpackages/sharedto create an initial user, etc. (You need to be logged in viae2bCLI). It will create a user with same information (access token, api key, etc.) as you have in E2B.- You can also create a user in database, it will automatically also create a team, an API key and an access token. You will need to build template(s) for your cluster. Use
e2bCLI) and runE2B_DOMAIN=<your-domain> e2b template build.
When using SDK pass domain when creating new Sandbox in JS/TS SDK
import { Sandbox } from "@e2b/sdk";
const sandbox = new Sandbox({
domain: "<your-domain>",
});or in Python SDK
from e2b import Sandbox
sandbox = Sandbox(domain="<your-domain>")When using CLI you can pass domain as well
E2B_DOMAIN=<your-domain> e2b <command>You can also set your domain in the dashboard at Developer settings
To access the nomad web UI, go to https://nomad.<your-domain.com>. Go to sign in, and when prompted for an API token, you can find this in GCP Secrets Manager. From here, you can see nomad jobs and tasks for both client and server, including logging.
To update jobs running in the cluster look inside packages/nomad for config files. This can be useful for setting your logging and monitoring agents.
If any problems arise, open a Github Issue on the repo and we'll look into it.
E2B is using Firecracker for Sandboxes.
You can build your own kernel and Firecracker version from source by running make build-and-upload-fc-components
- Note: This needs to be done on a Linux machine due to case-sensitive requirements for the file system--you'll error out during the automated git section with a complaint about unsaved changes. Kernel and versions could alternatively be sourced elsewhere.
- You will still have to copy
envd-v0.0.1from public bucket by running the command bellow or you can build it from this commit
gsutil cp -r gs://e2b-prod-public-builds/envd-v0.0.1 gs://$(GCP_PROJECT_ID)-fc-env-pipeline/envd-v0.0.1
make init- setup the terraform environmentmake plan- plans the terraform changesmake apply- applies the terraform changes, you have to runmake planbefore this onemake plan-without-jobs- plans the terraform changes without provisioning nomad jobsmake plan-only-jobs- plans the terraform changes only for provisioning nomad jobsmake destroy- destroys the clustermake version- increments the repo versionmake build-and-upload- builds and uploads the docker images, binaries, and cluster disk imagemake copy-public-builds- copies the old envd binary, kernels, and firecracker versions from the public bucket to your bucketmake migrate- runs the migrations for your databasemake login-gcloud- logs in to gcloudmake switch-env ENV={prod,staging,dev}- switches the environmentmake import TARGET={resource} ID={resource_id}- imports the already created resources into the terraform statemake setup-ssh- sets up the ssh key for the environment (useful for remote-debugging)make connect-orchestrator- establish the ssh connection to the remote orchestrator (for testing API locally)