poanetwork
/
blockscout-terraform
mirror of https://github.com/poanetwork/blockscout-terraform.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #98 from ArseniiPetrovich/upd2 

Refactor code, move Parameter Store variables to the Ansible
This commit is contained in:
Victor Baranov 2019-04-23 12:31:05 +03:00 committed by GitHub
parent 674d19d71f 3b3559b1d2
commit 433f930ba5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 241 additions and 569 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.gitignore vendored
View File

@ -1,8 +1,3 @@
.DS_Store
# Testing
/ignore.tfvars
# Terraform State
*.terraform*
*terraform.tfstate.d*
@ -10,11 +5,13 @@
roles/main_infra/files/backend.tfvars
roles/main_infra/files/remote-backend-selector.tf
roles/main_infra/files/terraform.tfvars
roles/main_infra/files/hosts.tf
roles/main_infra/files/routing.tf
*.backup
# Sensitive information
/*.privkey
/*.tfvars
*.privkey
*.tfvars
# Stack-specific information
/PREFIX

4
ansible.cfg
View File

@ -1,2 +1,6 @@
[defaults]
force_handlers = True
pipelining = True
inventory = hosts
deprecation_warnings = False
host_key_checking=false

1
clean.yml
View File

@ -10,3 +10,4 @@
- roles/main_infra/files/terraform.tfstate.d
- roles/main_infra/files/main.tfvars
- roles/main_infra/files/backend.tfvars
- roles/main_infra/files/terraform.tfplan

2
deploy_software.yml
View File

@ -13,7 +13,7 @@
- name: Use role in loop
include_role:
name: main_software
loop: "{{ chains.keys() }}"
loop: "{{ chain_custom_environment.keys() }}"
loop_control:
loop_var: chain
index_var: index

54
group_vars/all.yml.example
View File

@ -1,3 +1,6 @@
# System variables
ansible_python_interpreter: "/usr/bin/python3"
# Common variables
## Credentials to connect to AWS
@ -14,12 +17,53 @@ upload_config_to_s3: true
bucket: "poa-terraform-state"
## All resources will be prefixed with this one
prefix: "sokol"
prefix: "poa"
## This variable represents network RPC endpoint:
chains:
core: "http://10.10.10.10:8545"
sokol: "https://192.168.0.1:8545"
chain_custom_environment:
core:
NETWORK: "(POA)" # Name of the organization/community that hosts the chain
SUBNETWORK: "Core Network" # Actual name of the particular network
NETWORK_ICON: "_network_icon.html" # Either _test_network_icon.html or _network_icon.html, depending on the type of the network (prod/test).
LOGO: "/images/blockscout_logo.svg" # Chain logo
ETHEREUM_JSONRPC_VARIANT: "parity" # Chain client installed at ETHEREUM_JSONRPC_HTTP_URL
ETHEREUM_JSONRPC_HTTP_URL: "http://localhost:8545" # Network RPC endpoint
ETHEREUM_JSONRPC_TRACE_URL: "http://localhost:8545" # Network RPC endpoint in trace mode. Can be the same as the previous variable
ETHEREUM_JSONRPC_WS_URL: "ws://localhost:8546" # Network RPC endpoint in websocket mode
NETWORK_PATH: "/poa/core" # relative URL path, for example: blockscout.com/$NETWORK_PATH
SECRET_KEY_BASE: "TPGMvGK0iIwlXBQuQDA5KRqk77VETbEBlG4gAWeb93TvBsYAjvoAvdODMd6ZeguPwf2YTRY3n7uvxXzQP4WayQ==" # Secret key for production assets protection. Use `mix phx.gen.secret` or `openssl rand -base64 64 | tr -d '\n'` to generate
#CHECK_ORIGIN: "false" # Used to check the origin of requests when the origin header is present
PORT: 4000 # Port the application runs on
COIN: "POA" # Coin name at the Coinmarketcap, used to display current exchange rate
#METADATA_CONTRACT: # Address of metadata smart contract. Used by POA Network to obtain Validators information to display in the UI
#VALIDATORS_CONTRACT: #Address of the EMission Fund smart contract
#SUPPLY_MODULE: "false" # Used by the xDai Chain to calculate the total supply of the chain
#SOURCE_MODULE: "false" # Used to calculate the total supply
#DATABASE_URL: # Database URL. Usually generated automatically, but this variable can be used to modify the URL of the databases during the updates.
POOL_SIZE: 20 # Defines the number of database connections allowed
ECTO_USE_SSL: "false" # Specifies whether or not to use SSL on Ecto queries
ALB_SSL_POLICY: "ELBSecurityPolicy-2016-08" #SSL policy for Load Balancer. Required if ECTO_USE_SSL is set to true
ALB_CERTIFICATE_ARN: "arn:aws:acm:us-east-1:290379793816:certificate/6d1bab74-fb46-4244-aab2-832bf519ab24" #ARN of the certificate to attach to the LB. Required if ECTO_USE_SSL is set to
true
#DATADOG_HOST: # Host configuration variable for Datadog integration
#DATADOG_PORT: # Port configuration variable for Datadog integration
#SPANDEX_BATCH_SIZE: # Spandex and Datadog configuration setting.
#SPANDEX_SYNC_THRESHOLD: # Spandex and Datadog configuration setting.
HEART_BEAT_TIMEOUT: 30 # Heartbeat is an Erlang monitoring service that will restart BlockScout if it becomes unresponsive. This variables configures the timeout before Blockscout will be restarted.
HEART_COMMAND: "sudo systemctl restart explorer.service" # This variable represents a command that is used to restart the service
BLOCKSCOUT_VERSION: "v1.3.9" # Added to the footer to signify the current BlockScout version
RELEASE_LINK: "https://github.com/poanetwork/blockscout/releases/tag/v1.3.9-beta" # The link to Blockscout release notes in the footer.
ELIXIR_VERSION: "v1.8.1" # Elixir version to install on the node before Blockscout deploy
BLOCK_TRANSFORMER: "base" # Transformer for blocks: base or clique.
GRAPHIQL_TRANSACTION: "0xbc426b4792c48d8ca31ec9786e403866e14e7f3e4d39c7f2852e518fae529ab4" # Random tx hash on the network, used as default for graphiql tx.
FIRST_BLOCK: 0 # The block number, where indexing begins from.
TXS_COUNT_CACHE_PERIOD: 7200 # Interval in seconds to restart the task, which calculates the total txs count.
ADDRESS_WITH_BALANCES_UPDATE_INTERVAL: 1800 #Interval in seconds to restart the task, which calculates addresses with balances
LINK_TO_OTHER_EXPLORERS: "false" # If true, links to other explorers are added in the footer
USE_PLACEMENT_GROUP: "false" # If true, BlockScout instance will be created in the placement group
EXQ_BLOCKS_CONCURRENCY="1"
EXQ_INTERNAL_TRANSACTIONS_CONCURRENCY="1"
EXQ_TRANSACTIONS_CONCURRENCY="1"
## Region. It is recommended to deploy to us-east-1 as some of the other regions fails due to varied reasons
region: "us-east-1"
region: "us-east-1"

13
group_vars/blockscout.yml.example
View File

@ -20,15 +20,4 @@ skip_fetch: false
ps_host: localhost
ps_user: myuser
ps_password: mypass
ps_db: mydb
## Custom environment variables that will be exported when testing the Blockscout instance
chain_custom_environment:
core:
metadata_contract: 0xE3FfFD154931EB80b2aCE096EC32D6df23661203
validators_contract: 0xa105Db0e6671C7B5f4f350ff1Af6460E6C696e71
link_to_other_explorers: false
sokol:
metadata_contract: 0x81c47A798226e1b90A1b4C9dBDd844033B528D06
validators_contract: 0x4c6a159659CCcb033F4b2e2Be0C16ACC62b89DDB
link_to_other_explorers: false
ps_db: mydb

92
group_vars/infrastructure.yml.example
View File

@ -21,94 +21,13 @@ db_subnet_cidr: "10.0.1.0/16"
## Internal DNS zone will looks like:
dns_zone_name: "poa.internal"
## The following settngs are related to SSL of Application Load Balancer that will be deployed to AWS. If use_ssl is set to false, alb_* variables can be omitted
use_ssl: "false"
alb_ssl_policy: "ELBSecurityPolicy-2016-08"
alb_certificate_arn: "arn:aws:acm:us-east-1:290379793816:certificate/6d1bab74-fb46-4244-aab2-832bf519ab24"
## Size of the EC2 instance EBS root volume
root_block_size: 120
## Number of connections allowed by EC2 instance
pool_size: 30
## The following variable represents the elixir version that will be used to run BlockScout instance. Will be used to download the Elixir at the following link: https://github.com/elixir-lang/elixir/releases/download/{{ elixir_version }}/Precompiled.zip
elixir_version: "v1.7.4"
## Secret key of Explorer. Please, generate your own key here. For example, you can use the following command: openssl rand -base64 64 | tr -d '\n'
secret_key_base: "TPGMvGK0iIwlXBQuQDA5KRqk77VETbEBlG4gAWeb93TvBsYAjvoAvdODMd6ZeguPwf2YTRY3n7uvxXzQP4WayQ=="
## New Relic related configs. Usually you want this empty
new_relic_app_name: ""
new_relic_license_key: ""
# Network related variables
## This variable represents network RPC endpoint in trace mode. Can be the same as the previous variable:
chain_trace_endpoint:
core: "http://10.10.10.11:8545"
sokol: "http://192.168.0.1:8546"
## This variable represents network RPC endpoint in websocket mode:
chain_ws_endpoint:
core: "ws://10.10.10.10/ws"
sokol: "ws://192.168.0.1/ws"
## Next variable represents the client that is used to connect to the chain.
chain_jsonrpc_variant:
core: "parity"
sokol: "geth"
## Place your own logo at apps/block_scout_web/assets/static folder of blockscout repo and specify a relative path here
chain_logo:
core: "/images/core.svg"
sokol: "/images/sokol.svg"
## The following variables represents a name of the coin that will be shown at blockchain explorer
chain_coin:
core: "POA"
sokol: "POA"
## Next variable usually represents the name of the organization/community that hosts the chain
chain_network:
core: "POA Network"
sokol: "POA Network"
## Next variable represents the actual name of the particular network
chain_subnetwork:
core: "POA Core Network"
sokol: "POA Sokol test network"
## The next variable represent a relative URL path which will be used as an endpoint for defined chain. For example, if we will have our blockscout at blockscout.com domain and place "core" network at "/poa/core", then the resulting endpoint will be blockscout.com/poa/core for this network.
chain_network_path:
core: "/poa/core"
sokol: "/poa/sokol"
## The following variable maps the chain name to the network navigation icon at apps/block_scout_web/lib/block_scout_web/templates/icons without .eex extension
chain_network_icon:
core: "_test_network_icon.html"
sokol: "_test_network_icon.html"
## The following variable maps the chain names to random transaction hash on that chain. "chain_graphiql_transaction" is a variable that takes a transaction hash from a network to provide a sample query in the GraphIQL Playground.
chain_graphiql_transaction:
core: "0xbc426b4792c48d8ca31ec9786e403866e14e7f3e4d39c7f2852e518fae529ab4"
sokol: "0xbc426b4792c48d8ca31ec9786e403866e14e7f3e4d39c7f2852e518fae529ab5"
## A variable required in indexer configuration files. Can be either base or clique. Usually you don't want to change this value unless you know what are you doing.
chain_block_transformer:
core: "base"
sokol: "base"
## Heartbeat is an Erlang monitoring service that will restart BlockScout if it becomes unresponsive. The following two variables configures the timeout before Blockscout will be restarted and command to restart. Usually you don't want to change these values.
chain_heart_beat_timeout:
core: 30
sokol: 30
chain_heart_command:
core: "systemctl restart explorer.service"
sokol: "systemctl restart explorer.service"
## This value describes a version of Blockscout that will be shown at the footer. You can write any text there you want to see at the footer.
chain_blockscout_version:
core: "v1.3.7-beta"
sokol: "v1.3.7-beta"
# DB related variables
## This value represents the name of the DB that will be created/attached. Must be unique. Will be prefixed with `prefix` variable.
chain_db_id:
@ -151,7 +70,4 @@ chain_db_storage_type:
## Blockscout uses Postgres as the DB engine. This variable describes the Postgres version used in each particular chain.
chain_db_version:
core: "10.5"
sokol: "10.6"
## The following variable represents the elixir version that will be used to run BlockScout instance. Will be used to download the Elixir at the following link: https://github.com/elixir-lang/elixir/releases/download/{{ elixir_version }}/Precompiled.zip
elixir_version: "v1.7.4"
sokol: "10.6"

1
hosts Normal file
View File

@ -0,0 +1 @@
localhost ansible_connection=local

2
roles/check/tasks/main.yml
View File

@ -7,7 +7,7 @@
fail:
msg: "The prefix '{{ item }}' is invalid. It must consist only of the lowercase characters a-z and digits 0-9, and must not more than 5 characters long."
when: item.key|length > 5 or item.key is not match("^[a-z0-9]+$")
with_dict: "{{ chains }}"
with_dict: "{{ chain_custom_environment }}"
- name: Check if terraform is installed
command: which terraform

5
roles/main_infra/defaults/main.yml
View File

@ -9,8 +9,3 @@ db_subnet_cidr: "10.0.2.0/16"
dns_zone_name: "poa.internal"
instance_type: "m5.large"
root_block_size: 8
pool_size: 30
alb_ssl_policy: "ELBSecurityPolicy-2016-08"
new_relic_app_name: ""
new_relic_license_key: ""
use_ssl: false

232
roles/main_infra/files/config.tf
View File

@ -1,232 +0,0 @@
resource "aws_ssm_parameter" "elixir_version" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/elixir_version"
value = "${var.elixir_version}"
type = "String"
}
resource "aws_ssm_parameter" "block_transformer" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/block_transformer"
value = "${lookup(var.chain_block_transformer,element(keys(var.chains),count.index))}"
type = "String"
}
resource "aws_ssm_parameter" "new_relic_app_name" {
count = "${var.new_relic_app_name == "" ? 0 : length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/new_relic_app_name"
value = "${var.new_relic_app_name}"
type = "String"
}
resource "aws_ssm_parameter" "new_relic_license_key" {
count = "${var.new_relic_license_key == "" ? 0 : length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/new_relic_license_key"
value = "${var.new_relic_license_key}"
type = "String"
}
resource "aws_ssm_parameter" "pool_size" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/pool_size"
value = "${var.pool_size}"
type = "String"
}
resource "aws_ssm_parameter" "ecto_use_ssl" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/ecto_use_ssl"
value = "false"
type = "String"
}
resource "aws_ssm_parameter" "ethereum_jsonrpc_variant" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/ethereum_jsonrpc_variant"
value = "${lookup(var.chain_jsonrpc_variant,element(keys(var.chains),count.index))}"
type = "String"
}
resource "aws_ssm_parameter" "ethereum_url" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/ethereum_jsonrpc_http_url"
value = "${element(values(var.chains),count.index)}"
type = "String"
}
resource "aws_ssm_parameter" "trace_url" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/ethereum_jsonrpc_trace_url"
value = "${lookup(var.chain_trace_endpoint,element(keys(var.chains),count.index))}"
type = "String"
}
resource "aws_ssm_parameter" "ws_url" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/ethereum_jsonrpc_ws_url"
value = "${lookup(var.chain_ws_endpoint,element(keys(var.chains),count.index))}"
type = "String"
}
resource "aws_ssm_parameter" "logo" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/logo"
value = "${lookup(var.chain_logo,element(keys(var.chains),count.index))}"
type = "String"
}
resource "aws_ssm_parameter" "coin" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/coin"
value = "${lookup(var.chain_coin,element(keys(var.chains),count.index))}"
type = "String"
}
resource "aws_ssm_parameter" "network" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/network"
value = "${lookup(var.chain_network,element(keys(var.chains),count.index))}"
type = "String"
}
resource "aws_ssm_parameter" "subnetwork" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/subnetwork"
value = "${lookup(var.chain_subnetwork,element(keys(var.chains),count.index))}"
type = "String"
}
resource "aws_ssm_parameter" "network_path" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/network_path"
value = "${lookup(var.chain_network_path,element(keys(var.chains),count.index))}"
type = "String"
}
resource "aws_ssm_parameter" "network_icon" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/network_icon"
value = "${lookup(var.chain_network_icon,element(keys(var.chains),count.index))}"
type = "String"
}
resource "aws_ssm_parameter" "graphiql_transaction" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/graphiql_transaction"
value = "${lookup(var.chain_graphiql_transaction,element(keys(var.chains),count.index))}"
type = "String"
}
resource "aws_ssm_parameter" "exq_blocks_concurrency" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/exq_blocks_concurrency"
value = "1"
type = "String"
}
resource "aws_ssm_parameter" "exq_concurrency" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/exq_concurrency"
value = "1"
type = "String"
}
resource "aws_ssm_parameter" "exq_internal_transactions_concurrency" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/exq_internal_transactions_concurrency"
value = "1"
type = "String"
}
resource "aws_ssm_parameter" "exq_receipts_concurrency" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/exq_receipts_concurrency"
value = "1"
type = "String"
}
resource "aws_ssm_parameter" "exq_transactions_concurrency" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/exq_transactions_concurrency"
value = "1"
type = "String"
}
resource "aws_ssm_parameter" "secret_key_base" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/secret_key_base"
value = "${var.secret_key_base}"
type = "String"
}
resource "aws_ssm_parameter" "port" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/port"
value = "4000"
type = "String"
}
resource "aws_ssm_parameter" "db_username" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/db_username"
value = "${lookup(var.chain_db_username,element(keys(var.chains),count.index))}"
type = "String"
}
resource "aws_ssm_parameter" "db_password" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/db_password"
value = "${lookup(var.chain_db_password,element(keys(var.chains),count.index))}"
type = "String"
}
resource "aws_ssm_parameter" "db_host" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/db_host"
value = "${aws_route53_record.db.*.fqdn[count.index]}"
type = "String"
}
resource "aws_ssm_parameter" "db_port" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/db_port"
value = "${aws_db_instance.default.*.port[count.index]}"
type = "String"
}
resource "aws_ssm_parameter" "alb_ssl_policy" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/alb_ssl_policy"
value = "${var.alb_ssl_policy}"
type = "String"
}
resource "aws_ssm_parameter" "alb_certificate_arn" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/alb_certificate_arn"
value = "${var.alb_certificate_arn}"
type = "String"
}
resource "aws_ssm_parameter" "heart_beat_timeout" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/heart_beat_timeout"
value = "${lookup(var.chain_heart_beat_timeout,element(keys(var.chains),count.index))}"
type = "String"
}
resource "aws_ssm_parameter" "heart_command" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/heart_command"
value = "${lookup(var.chain_heart_command,element(keys(var.chains),count.index))}"
type = "String"
}
resource "aws_ssm_parameter" "blockscout_version" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/blockscout_version"
value = "${lookup(var.chain_blockscout_version,element(keys(var.chains),count.index))}"
type = "String"
}
resource "aws_ssm_parameter" "db_name" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(keys(var.chains),count.index)}/db_name"
value = "${lookup(var.chain_db_name,element(keys(var.chains),count.index))}"
type = "String"
}

2
roles/main_infra/files/deploy.tf
View File

@ -17,7 +17,7 @@ resource "aws_codedeploy_deployment_group" "explorer" {
app_name = "${aws_codedeploy_app.explorer.name}"
deployment_group_name = "${var.prefix}-explorer-dg${count.index}"
service_role_arn = "${aws_iam_role.deployer.arn}"
autoscaling_groups = ["${aws_autoscaling_group.explorer.*.id[count.index]}"]
autoscaling_groups = ["${aws_launch_configuration.explorer.name}-asg-${element(var.chains,count.index)}"]
deployment_style {
deployment_option = "WITH_TRAFFIC_CONTROL"

4
roles/main_infra/files/libexec/init.sh
View File

@ -187,9 +187,7 @@ log "Creating pgsql database for $CHAIN"
if ! which psql >/dev/null; then
log "Installing psql.."
yum install -y https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/pgdg-redhat10-10-2.noarch.rpm
sed -i "s/rhel-\$releasever-\$basearch/rhel-latest-x86_64/g" "/etc/yum.repos.d/pgdg-10-redhat.repo"
yum install -y postgresql10 >"$LOG"
amazon-linux-extras install postgresql10 >"$LOG"
fi
if ! which g++ >/dev/null; then

2
roles/main_infra/files/outputs.tf
View File

@ -25,7 +25,7 @@ To deploy a new version of the application manually:
4) Once the deployment is complete, you can access each chain explorer from its respective url:
- ${join("\n - ", formatlist("%s: %s", keys(zipmap(keys(var.chains), aws_lb.explorer.*.dns_name)), values(zipmap(keys(var.chains), aws_lb.explorer.*.dns_name))))}
- ${join("\n - ", formatlist("%s: %s", keys(zipmap(var.chains, aws_lb.explorer.*.dns_name)), values(zipmap(var.chains, aws_lb.explorer.*.dns_name))))}
OUTPUT
}

53
roles/main_infra/files/rds.tf
View File

@ -1,20 +1,55 @@
resource "aws_ssm_parameter" "db_host" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(var.chains,count.index)}/db_host"
value = "${aws_route53_record.db.*.fqdn[count.index]}"
type = "String"
}
resource "aws_ssm_parameter" "db_port" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(var.chains,count.index)}/db_port"
value = "${aws_db_instance.default.*.port[count.index]}"
type = "String"
}
resource "aws_ssm_parameter" "db_name" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(var.chains,count.index)}/db_name"
value = "${lookup(var.chain_db_name,element(var.chains,count.index))}"
type = "String"
}
resource "aws_ssm_parameter" "db_username" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(var.chains,count.index)}/db_username"
value = "${lookup(var.chain_db_username,element(var.chains,count.index))}"
type = "String"
}
resource "aws_ssm_parameter" "db_password" {
count = "${length(var.chains)}"
name = "/${var.prefix}/${element(var.chains,count.index)}/db_password"
value = "${lookup(var.chain_db_password,element(var.chains,count.index))}"
type = "String"
}
resource "aws_db_instance" "default" {
count = "${length(var.chains)}"
name = "${lookup(var.chain_db_name,element(keys(var.chains),count.index))}"
identifier = "${var.prefix}-${lookup(var.chain_db_id,element(keys(var.chains),count.index))}"
name = "${lookup(var.chain_db_name,element(var.chains,count.index))}"
identifier = "${var.prefix}-${lookup(var.chain_db_id,element(var.chains,count.index))}"
engine = "postgres"
engine_version = "${lookup(var.chain_db_version,element(keys(var.chains),count.index))}"
instance_class = "${lookup(var.chain_db_instance_class,element(keys(var.chains),count.index))}"
storage_type = "${lookup(var.chain_db_storage_type,element(keys(var.chains),count.index))}"
allocated_storage = "${lookup(var.chain_db_storage,element(keys(var.chains),count.index))}"
engine_version = "${lookup(var.chain_db_version,element(var.chains,count.index))}"
instance_class = "${lookup(var.chain_db_instance_class,element(var.chains,count.index))}"
storage_type = "${lookup(var.chain_db_storage_type,element(var.chains,count.index))}"
allocated_storage = "${lookup(var.chain_db_storage,element(var.chains,count.index))}"
copy_tags_to_snapshot = true
skip_final_snapshot = true
username = "${lookup(var.chain_db_username,element(keys(var.chains),count.index))}"
password = "${lookup(var.chain_db_password,element(keys(var.chains),count.index))}"
username = "${lookup(var.chain_db_username,element(var.chains,count.index))}"
password = "${lookup(var.chain_db_password,element(var.chains,count.index))}"
vpc_security_group_ids = ["${aws_security_group.database.id}"]
db_subnet_group_name = "${aws_db_subnet_group.database.id}"
apply_immediately = true
iops = "${lookup(var.chain_db_iops,element(keys(var.chains),count.index),"0")}"
iops = "${lookup(var.chain_db_iops,element(var.chains,count.index),"0")}"
depends_on = ["aws_security_group.database"]

61
roles/main_infra/files/variables.tf
View File

@ -7,45 +7,19 @@ variable "db_subnet_cidr" {}
variable "dns_zone_name" {}
variable "instance_type" {}
variable "root_block_size" {}
variable "pool_size" {}
variable "pool_size" {
default = {}
}
variable "elixir_version" {}
variable "use_placement_group" {
default = {}
}
variable "key_content" {
default = ""
}
variable "chain_jsonrpc_variant" {
default = {}
}
variable "chains" {
default = {}
}
variable "chain_trace_endpoint" {
default = {}
}
variable "chain_ws_endpoint" {
default = {}
}
variable "chain_logo" {
default = {}
}
variable "chain_coin" {
default = {}
}
variable "chain_network" {
default = {}
}
variable "chain_subnetwork" {
default = {}
}
variable "chain_network_path" {
default = {}
}
variable "chain_network_icon" {
default = {}
}
variable "chain_graphiql_transaction" {
default = {}
default = []
}
variable "chain_db_id" {
@ -84,25 +58,18 @@ variable "chain_db_version" {
default = {}
}
variable "new_relic_app_name" {}
variable "new_relic_license_key" {}
variable "secret_key_base" {}
variable "alb_ssl_policy" {}
variable "alb_certificate_arn" {}
variable "use_ssl" {}
variable "secret_key_base" {
default = {}
}
variable "chain_block_transformer" {
variable "alb_ssl_policy" {
default = {}
}
variable "chain_heart_beat_timeout" {
variable "alb_certificate_arn" {
default = {}
}
variable "chain_heart_command" {
default = {}
}
variable "chain_blockscout_version" {
default = {}
variable "use_ssl" {
default = {}
}

25
roles/main_infra/tasks/main.yml
View File

@ -35,6 +35,12 @@
path: roles/main_infra/files/.terraform/
state: absent
when: stat_result.stat.exists == True
- name: Generate Terraform files
template:
src: "{{ item.key }}"
dest: "{{ item.value }}"
with_dict: {hosts.tf.j2: roles/main_infra/files/hosts.tf,routing.tf.j2: roles/main_infra/files/routing.tf}
#Workaround since terraform module return unexpected error.
- name: Terraform plan construct
@ -44,32 +50,41 @@
chdir: "roles/main_infra/files"
with_items:
- "init{{ ' -backend-config=backend.tfvars' if backend|bool == true else '' }}"
- plan
- plan -out terraform.tfplan
- show terraform.tfplan -no-color
- name: Show Terraform plan
debug:
var: tf_plan.results[1].stdout_lines
var: tf_plan.results[2].stdout_lines
- name: User prompt
pause:
prompt: "Are you absolutely sure you want to execute the deployment plan shown above? [False]"
register: user_answer
- name: Insert vars into parameter store
include: parameter_store.yml
loop: "{{ chain_custom_environment.keys() }}"
loop_control:
loop_var: chain
index_var: index
when: user_answer.user_input|bool == True
- name: Terraform provisioning
shell: "echo yes | {{ terraform_location }} apply"
shell: "echo yes | {{ terraform_location }} apply terraform.tfplan"
args:
chdir: "roles/main_infra/files"
when: user_answer.user_input|bool == True
ignore_errors: True
- name: Ensure Terraform resources being provisioned
- name: Ensure Terraform resources has been provisioned
shell: "echo yes | {{ terraform_location }} apply"
args:
chdir: "roles/main_infra/files"
when: user_answer.user_input|bool == True
- name: Terraform output info into variable
shell: "{{ terraform_location }} output"
shell: "{{ terraform_location }} output -json"
register: output
args:
chdir: "roles/main_infra/files"

16
roles/main_infra/tasks/parameter_store.yml Normal file
View File

@ -0,0 +1,16 @@
- name: Prepare variables for Parameter Store
set_fact:
chain_ps_env: "{{ chain_ps_env | combine ({item.key|lower : item.value}) }}"
with_dict: "{{ chain_custom_environment[chain] }}"
vars:
chain_ps_env: {}
- name: Insert variables in PS
aws_ssm_parameter_store:
name: "/{{ prefix }}/{{ chain }}/{{ item.key }}"
value: "{{ item.value }}"
with_dict: "{{ chain_ps_env }}"
environment:
AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
AWS_REGION: "{{ region }}"

58
roles/main_infra/files/hosts.tf → roles/main_infra/templates/hosts.tf.j2
View File

@ -18,7 +18,7 @@ data "aws_ami" "explorer" {
}
resource "aws_launch_configuration" "explorer" {
name_prefix = "${var.prefix}-explorer-launchconfig-"
name_prefix = "${var.prefix}-explorer-launchconfig"
image_id = "${data.aws_ami.explorer.id}"
instance_type = "${var.instance_type}"
security_groups = ["${aws_security_group.app.id}"]
@ -39,23 +39,24 @@ resource "aws_launch_configuration" "explorer" {
}
}
resource "aws_placement_group" "explorer" {
count = "${length(var.chains)}"
name = "${var.prefix}-explorer-placement-group${count.index}"
{% for key, value in chain_custom_environment.iteritems() %}
resource "aws_placement_group" "explorer-{{key}}" {
name = "${var.prefix}-{{key}}-explorer-pg"
strategy = "cluster"
}
{% endfor %}
resource "aws_autoscaling_group" "explorer" {
count = "${length(var.chains)}"
name = "${aws_launch_configuration.explorer.name}-asg${count.index}"
max_size = "${length(var.chains) * 4}"
min_size = "${length(var.chains)}"
desired_capacity = "${length(var.chains)}"
placement_group = "${aws_placement_group.explorer.*.id[count.index]}"
{% for key, value in chain_custom_environment.iteritems() %}
resource "aws_autoscaling_group" "explorer-{{key}}" {
name = "${aws_launch_configuration.explorer.name}-asg-{{key}}"
max_size = "4"
min_size = "1"
desired_capacity = "1"
{% if value['USE_PLACEMENT_GROUP'] == "true" %} placement_group = "${var.prefix}-{{key}}-explorer-pg" {% endif %}
launch_configuration = "${aws_launch_configuration.explorer.name}"
vpc_zone_identifier = ["${aws_subnet.default.id}"]
availability_zones = ["${data.aws_availability_zones.available.names}"]
target_group_arns = ["${aws_lb_target_group.explorer.*.arn[count.index]}"]
target_group_arns = ["${aws_lb_target_group.explorer.*.arn[{{loop.index-1}}]}"]
# Health checks are performed by CodeDeploy hooks
health_check_type = "EC2"
@ -69,25 +70,11 @@ resource "aws_autoscaling_group" "explorer" {
]
depends_on = [
"aws_ssm_parameter.new_relic_app_name",
"aws_ssm_parameter.new_relic_license_key",
"aws_ssm_parameter.pool_size",
"aws_ssm_parameter.ecto_use_ssl",
"aws_ssm_parameter.exq_blocks_concurrency",
"aws_ssm_parameter.exq_concurrency",
"aws_ssm_parameter.exq_internal_transactions_concurrency",
"aws_ssm_parameter.exq_receipts_concurrency",
"aws_ssm_parameter.exq_transactions_concurrency",
"aws_ssm_parameter.secret_key_base",
"aws_ssm_parameter.port",
"aws_ssm_parameter.db_username",
"aws_ssm_parameter.db_password",
"aws_ssm_parameter.db_host",
"aws_ssm_parameter.db_name",
"aws_ssm_parameter.db_port",
"aws_ssm_parameter.ethereum_url",
"aws_ssm_parameter.trace_url",
"aws_ssm_parameter.ws_url",
"aws_ssm_parameter.network_path",
"aws_ssm_parameter.db_username",
"aws_ssm_parameter.db_password"
]
lifecycle {
@ -102,26 +89,25 @@ resource "aws_autoscaling_group" "explorer" {
tag {
key = "chain"
value = "${element(keys(var.chains),count.index)}"
value = "{{ key }}"
propagate_at_launch = true
}
}
# TODO: These autoscaling policies are not currently wired up to any triggers
resource "aws_autoscaling_policy" "explorer-up" {
count = "${length(var.chains)}"
name = "${var.prefix}-explorer-autoscaling-policy-up${count.index}"
autoscaling_group_name = "${element(aws_autoscaling_group.explorer.*.name, count.index)}"
name = "${var.prefix}-{{key}}-explorer-autoscaling-policy-up"
autoscaling_group_name = "${aws_autoscaling_group.explorer-{{key}}.name}"
adjustment_type = "ChangeInCapacity"
scaling_adjustment = 1
cooldown = 300
}
resource "aws_autoscaling_policy" "explorer-down" {
count = "${length(var.chains)}"
name = "${var.prefix}-explorer-autoscaling-policy-down${count.index}"
autoscaling_group_name = "${element(aws_autoscaling_group.explorer.*.name, count.index)}"
name = "${var.prefix}-{{key}}-explorer-autoscaling-policy-down"
autoscaling_group_name = "${aws_autoscaling_group.explorer-{{key}}.name}"
adjustment_type = "ChangeInCapacity"
scaling_adjustment = -1
cooldown = 300
}
{% endfor %}

37
roles/main_infra/files/routing.tf → roles/main_infra/templates/routing.tf.j2
View File

@ -18,7 +18,7 @@ resource "aws_route" "internet_access" {
# The ALB for the app server
resource "aws_lb" "explorer" {
count = "${length(var.chains)}"
name = "${var.prefix}-explorer-${element(keys(var.chains),count.index)}-alb"
name = "${var.prefix}-explorer-${element(var.chains,count.index)}-alb"
internal = false
load_balancer_type = "application"
security_groups = ["${aws_security_group.alb.id}"]
@ -35,7 +35,7 @@ resource "aws_lb" "explorer" {
# The Target Group for the ALB
resource "aws_lb_target_group" "explorer" {
count = "${length(var.chains)}"
name = "${var.prefix}-explorer-${element(keys(var.chains),count.index)}-alb-target"
name = "${var.prefix}-explorer-${element(var.chains,count.index)}-alb-target"
port = 4000
protocol = "HTTP"
vpc_id = "${aws_vpc.vpc.id}"
@ -58,30 +58,19 @@ resource "aws_lb_target_group" "explorer" {
}
}
# The Listener for the ALB (HTTP protocol)
resource "aws_alb_listener" "alb_listener_http" {
count = "${var.use_ssl == "true" ? 0 : length(var.chains)}"
load_balancer_arn = "${aws_lb.explorer.*.arn[count.index]}"
port = 80
protocol = "HTTP"
{% for key, value in chain_custom_environment.iteritems() %}
resource "aws_alb_listener" "alb_listener{{loop.index-1}}" {
load_balancer_arn = "${aws_lb.explorer.*.arn[{{loop.index-1}}]}"
port = "${lookup(var.use_ssl,element(var.chains,{{loop.index-1}})) ? "443" : "80" }"
protocol = "${lookup(var.use_ssl,element(var.chains,{{loop.index-1}})) ? "HTTPS" : "HTTP" }"
{% if value['ECTO_USE_SSL'] == "true" %}
ssl_policy = "${lookup(var.alb_ssl_policy,element(var.chains,{{loop.index-1}}))}"
certificate_arn = "${lookup(var.alb_certificate_arn,element(var.chains,{{loop.index-1}}))}"
{% endif %}
default_action {
type = "forward"
target_group_arn = "${aws_lb_target_group.explorer.*.arn[count.index]}"
target_group_arn = "${aws_lb_target_group.explorer.*.arn[{{loop.index-1}}]}"
}
}
# The Listener for the ALB (HTTPS protocol)
resource "aws_alb_listener" "alb_listener_https" {
count = "${var.use_ssl == "true" ? length(var.chains) : 0}"
load_balancer_arn = "${aws_lb.explorer.*.arn[count.index]}"
port = 443
protocol = "HTTPS"
ssl_policy = "${var.alb_ssl_policy}"
certificate_arn = "${var.alb_certificate_arn}"
default_action {
type = "forward"
target_group_arn = "${aws_lb_target_group.explorer.*.arn[count.index]}"
}
}
{% endfor %}

100
roles/main_infra/templates/terraform.tfvars.j2
View File

@ -8,105 +8,43 @@ db_subnet_cidr = "{{ db_subnet_cidr }}"
dns_zone_name = "{{ dns_zone_name }}"
instance_type = "{{ instance_type }}"
root_block_size = "{{ root_block_size }}"
pool_size = "{{ pool_size }}"
alb_ssl_policy = "{{ alb_ssl_policy }}"
alb_certificate_arn = "{{ alb_certificate_arn }}"
use_ssl = "{{ use_ssl }}"
new_relic_app_name = "{{ new_relic_app_name }}"
new_relic_license_key = "{{ new_relic_license_key }}"
secret_key_base = "{{ secret_key_base }}"
elixir_version = "{{ elixir_version }}"
chains = {
{% for key, value in chains.iteritems() %}
{{ key }} = "{{ value }}"{% if not loop.last %},{% endif %}
pool_size = {
{% for key, value in chain_custom_environment.iteritems() %}
{{ key }}="{{ value['POOL_SIZE'] }}"{% if not loop.last %},{% endif %}
{% endfor %}
}
chain_trace_endpoint = {
{% for key, value in chain_trace_endpoint.iteritems() %}
{{ key }} = "{{ value }}"{% if not loop.last %},{% endif %}
secret_key_base = {
{% for key, value in chain_custom_environment.iteritems() %}
{{ key }}="{{ value['SECRET_KEY_BASE'] }}"{% if not loop.last %},{% endif %}
{% endfor %}
}
chain_ws_endpoint = {
{% for key, value in chain_ws_endpoint.iteritems() %}
{{ key }} = "{{ value }}"{% if not loop.last %},{% endif %}
use_ssl = {
{% for key, value in chain_custom_environment.iteritems() %}
{{ key }}="{{ value['ECTO_USE_SSL'] }}"{% if not loop.last %},{% endif %}
{% endfor %}
}
chain_jsonrpc_variant = {
{% for key, value in chain_jsonrpc_variant.iteritems() %}
{{ key }} = "{{ value }}"{% if not loop.last %},{% endif %}
alb_ssl_policy = {
{% for key, value in chain_custom_environment.iteritems() %}
{{ key }}="{{ value['ALB_SSL_POLICY'] }}"{% if not loop.last %},{% endif %}
{% endfor %}
}
chain_logo = {
{% for key, value in chain_logo.iteritems() %}
{{ key }} = "{{ value }}"{% if not loop.last %},{% endif %}
alb_certificate_arn = {
{% for key, value in chain_custom_environment.iteritems() %}
{{ key }}="{{ value['ALB_CERTIFICATE_ARN'] }}"{% if not loop.last %},{% endif %}
{% endfor %}
}
chain_coin = {
{% for key, value in chain_coin.iteritems() %}
{{ key }} = "{{ value }}"{% if not loop.last %},{% endif %}
chains = [
{% for key,value in chain_custom_environment.iteritems() %}
"{{ key }}"{% if not loop.last %},{% endif %}
{% endfor %}
}
chain_network = {
{% for key, value in chain_network.iteritems() %}
{{ key }} = "{{ value }}"{% if not loop.last %},{% endif %}
{% endfor %}
}
chain_subnetwork = {
{% for key, value in chain_subnetwork.iteritems() %}
{{ key }} = "{{ value }}"{% if not loop.last %},{% endif %}
{% endfor %}
}
chain_network_path = {
{% for key, value in chain_network_path.iteritems() %}
{{ key }} = "{{ value }}"{% if not loop.last %},{% endif %}
{% endfor %}
}
chain_network_icon = {
{% for key, value in chain_network_icon.iteritems() %}
{{ key }} = "{{ value }}"{% if not loop.last %},{% endif %}
{% endfor %}
}
chain_graphiql_transaction = {
{% for key, value in chain_graphiql_transaction.iteritems() %}
{{ key }} = "{{ value }}"{% if not loop.last %},{% endif %}
{% endfor %}
}
chain_block_transformer = {
{% for key, value in chain_block_transformer.iteritems() %}
{{ key }} = "{{ value }}"{% if not loop.last %},{% endif %}
{% endfor %}
}
chain_heart_beat_timeout = {
{% for key, value in chain_heart_beat_timeout.iteritems() %}
{{ key }} = "{{ value }}"{% if not loop.last %},{% endif %}
{% endfor %}
}
chain_heart_command = {
{% for key, value in chain_heart_command.iteritems() %}
{{ key }} = "{{ value }}"{% if not loop.last %},{% endif %}
{% endfor %}
}
chain_blockscout_version = {
{% for key, value in chain_blockscout_version.iteritems() %}
{{ key }} = "{{ value }}"{% if not loop.last %},{% endif %}
{% endfor %}
}
]
chain_db_id = {
{% for key, value in chain_db_id.iteritems() %}

35
roles/main_software/tasks/main.yml
View File

@ -75,12 +75,18 @@
vars:
path: "/{{ prefix }}/{{ chain }}"
- name: Make config variables lowercase
set_fact:
chain_lower_env: "{{ chain_lower_env | combine ({item.key|lower : item.value}) }}"
with_dict: "{{ chain_custom_environment_chain }}"
vars:
chain_lower_env: {}
chain_custom_environment_chain: "{{ chain_cec[chain] | default({}) }}"
chain_cec: "{{ chain_custom_environment | default ({}) }}"
- name: Override env variables
set_fact:
chain_env: "{{ chain_env | combine(chain_custom_environment_chain) }}"
vars:
chain_custom_environment_chain: "{{ chain_cec[chain] | default({}) }}"
chain_cec: "{{ chain_custom_environment | default ({}) }}"
chain_env: "{{ chain_env | combine(chain_lower_env) }}"
- name: Uppercase chain
set_fact:
@ -122,7 +128,7 @@
- name: User prompt
pause:
prompt: "Would you like to remove staging dependencies? [Yes/No] Default: No"
prompt: "Would you like to remove staging dependencies? [Yes/No] Default: Yes"
register: user_answer
- name: Remove dev dependencies
@ -135,7 +141,14 @@
- "blockscout-{{ chain }}/apps/block_scout_web/assets/node_modules/"
- "blockscout-{{ chain }}/apps/explorer/node_modules/"
- "blockscout-{{ chain }}/logs/dev/"
when: user_answer.user_input|bool == true
when: user_answer.user_input|lower != "false" and user_answer.user_input|lower != "no"
- name: Fix bug with favicon
copy:
src: "{{ item }}"
dest: "blockscout-{{ chain }}/apps/block_scout_web/priv/static/images/"
with_fileglob:
- "blockscout-{{ chain }}/apps/block_scout_web/priv/static/favicon*"
- name: Upload Blockscout to S3
command: "aws deploy push --application-name={{ prefix }}-explorer --s3-location s3://{{ prefix }}-explorer-codedeploy-releases/blockscout-{{ chain }}.zip --source=blockscout-{{ chain }}"
@ -151,7 +164,7 @@
- name: User prompt
pause:
prompt: "Do you want to update the Parameter Store variables? [Yes/No] Default: No"
prompt: "Do you want to update the Parameter Store variables? [Yes/No] Default: Yes"
register: user_answer
- name: Update chain variables
@ -163,16 +176,16 @@
AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
AWS_REGION: "{{ region }}"
when: user_answer.user_input|bool == true
when: user_answer.user_input|lower != "false" and user_answer.user_input|lower != "no"
- name: User prompt
pause:
prompt: "Do you want to deploy BlockScout? [Yes/No] Default: No"
prompt: "Do you want to deploy BlockScout? [Yes/No] Default: Yes"
register: user_answer
- name: Deploy Blockscout
command: "{{ push_output.stdout_lines[1] }} --deployment-group-name {{ prefix }}-explorer-dg{{ index }} --deployment-config-name CodeDeployDefault.OneAtATime --description '{{ chain_env['blockscout_version'] }}'"
when: user_answer.user_input|bool == true
command: "{{ push_output.stdout_lines[1] }} --deployment-group-name {{ prefix }}-explorer-dg{{ index }} --deployment-config-name CodeDeployDefault.OneAtATime --description '{{ chain_upper_env['BLOCKSCOUT_VERSION'] }}'"
when: user_answer.user_input|lower != "false" and user_answer.user_input|lower != "no"
environment:
AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"