Merge pull request #107 from ArseniiPetrovich/upd2

User experience improvement PR

.gitignore

@@ -7,6 +7,7 @@ roles/main_infra/files/remote-backend-selector.tf
 roles/main_infra/files/terraform.tfvars
 roles/main_infra/files/hosts.tf
 roles/main_infra/files/routing.tf
+roles/main_infra/files/provider.tf
 *.backup
 
 # Sensitive information

Makefile

@@ -1,33 +0,0 @@
-.PHONY: help
-
-IMAGE_NAME ?= poa-aws
-INFRA_PREFIX ?= poa-example
-KEY_PAIR ?= poa
-
-help:
-	@echo "$(IMAGE_NAME)"
-	@perl -nle'print $& if m{^[a-zA-Z_-]+:.*?## .*$$}' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
-
-check: lint ## Run linters and validation
-	@bin/infra precheck
-	@terraform validate -var-file=ignore.tfvars base
-	@if [ -f main.tfvars ]; then \
-		terraform validate \
-		  -var='db_password=foo' \
-		  -var='new_relic_app_name=foo' \
-		  -var='new_relic_license_key=foo' \
-		  -var-file=main.tfvars main; \
-	fi
-	@rm ignore.tfvars
-
-format: ## Apply canonical formatting to Terraform files
-	@terraform fmt
-
-lint: shellcheck check-format ## Lint scripts and config files
-
-check-format:
-	@terraform fmt -check=true
-
-shellcheck:
-	@shellcheck --shell=bash bin/infra
-	@shellcheck --shell=bash modules/stack/libexec/init.sh

appspec.yml.example

@@ -1,19 +0,0 @@
-version: 0.0
-os: linux
-files:
-  - source: .
-    destination: /opt/app
-hooks:
-  ApplicationStop:
-    - location: bin/stop.sh
-      timeout: 300
-  AfterInstall:
-    - location: bin/build.sh
-  ApplicationStart:
-    - location: bin/migrate.sh
-      timeout: 300
-    - location: bin/start.sh
-      timeout: 3600
-  ValidateService:
-    - location: bin/health_check.sh
-      timeout: 3600

attach_existing_rds.yml

@@ -9,7 +9,3 @@
     - name: "confirmation"
       prompt: "Are you sure you want to attach the existing RDS? If backend variable is set to True, this action includes creating the S3 and DynamoDB table for storing Terraform state files."
       default: False
-  environment:
-    AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
-    AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
-    AWS_REGION: "{{ region }}"

deploy_infra.yml

@@ -5,7 +5,3 @@
     - { role: s3, when: "backend|bool == true" }
     - { role: dynamodb, when: "backend|bool == true" }
     - { role: main_infra }
-  environment:
-    AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
-    AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
-    AWS_REGION: "{{ region }}"

deploy_software.yml

@@ -2,10 +2,6 @@
   hosts: localhost
   roles:
     - { role: s3, when: "backend|bool == true" }
-  environment:
-    AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
-    AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
-    AWS_REGION: "{{ region }}"
 
 - name: Deploy BlockScout
   hosts: localhost

destroy.yml

@@ -6,7 +6,3 @@
     - name: "confirmation"
       prompt: "Are you sure you want to destroy all the infra?"
       default: False
-  environment:
-    AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
-    AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
-    AWS_REGION: "{{ region }}"

group_vars/all.yml.example

@@ -3,9 +3,11 @@ ansible_python_interpreter: "/usr/bin/python3"
 
 # Common variables
 
-## Credentials to connect to AWS
-aws_access_key: ""
-aws_secret_key: ""
+## Credentials to connect to AWS. Either keypair or CLI profile name should be specified. If nothing is specified, the default AWS keypair is used. Region must be specified in all the cases.
+#aws_access_key: ""
+#aws_secret_key: ""
+#aws_profile: ""
+aws_region: "us-east-1"
 
 ## If set to true backend will be uploaded and stored at S3 bucket, so you can easily manage your deployment from any machine. It is highly recommended to do not change this variable
 backend: true
@@ -19,7 +21,7 @@ bucket: "poa-terraform-state"
 ## All resources will be prefixed with this one
 prefix: "poa"
 
-## This variable represents network RPC endpoint: 
+## This dictionary represents a set of environment variables required for each chain. Variables that commented out are optional. 
 chain_custom_environment:
   core:
     NETWORK: "(POA)" # Name of the organization/community that hosts the chain
@@ -32,38 +34,34 @@ chain_custom_environment:
     ETHEREUM_JSONRPC_WS_URL: "ws://localhost:8546" # Network RPC endpoint in websocket mode
     NETWORK_PATH: "/poa/core" # relative URL path, for example: blockscout.com/$NETWORK_PATH
     SECRET_KEY_BASE: "TPGMvGK0iIwlXBQuQDA5KRqk77VETbEBlG4gAWeb93TvBsYAjvoAvdODMd6ZeguPwf2YTRY3n7uvxXzQP4WayQ==" # Secret key for production assets protection. Use `mix phx.gen.secret` or `openssl rand -base64 64 | tr -d '\n'` to generate
-    #CHECK_ORIGIN: "false" # Used to check the origin of requests when the origin header is present
     PORT: 4000 # Port the application runs on
     COIN: "POA" # Coin name at the Coinmarketcap, used to display current exchange rate
-    #METADATA_CONTRACT: # Address of metadata smart contract. Used by POA Network to obtain Validators information to display in the UI
-    #VALIDATORS_CONTRACT: #Address of the EMission Fund smart contract
-    #SUPPLY_MODULE: "false" # Used by the xDai Chain to calculate the total supply of the chain
-    #SOURCE_MODULE: "false" # Used to calculate the total supply 
-    #DATABASE_URL: # Database URL. Usually generated automatically, but this variable can be used to modify the URL of the databases during the updates.
     POOL_SIZE: 20 # Defines the number of database connections allowed 
     ECTO_USE_SSL: "false" # Specifies whether or not to use SSL on Ecto queries
     ALB_SSL_POLICY: "ELBSecurityPolicy-2016-08" #SSL policy for Load Balancer. Required if ECTO_USE_SSL is set to true
     ALB_CERTIFICATE_ARN: "arn:aws:acm:us-east-1:290379793816:certificate/6d1bab74-fb46-4244-aab2-832bf519ab24" #ARN of the certificate to attach to the LB. Required if ECTO_USE_SSL is set to
  true
-    #DATADOG_HOST: # Host configuration variable for Datadog integration
-    #DATADOG_PORT: # Port configuration variable for Datadog integration
-    #SPANDEX_BATCH_SIZE: # Spandex and Datadog configuration setting.
-    #SPANDEX_SYNC_THRESHOLD: # 	Spandex and Datadog configuration setting.
     HEART_BEAT_TIMEOUT: 30 # Heartbeat is an Erlang monitoring service that will restart BlockScout if it becomes unresponsive. This variables configures the timeout before Blockscout will be restarted.
     HEART_COMMAND: "sudo systemctl restart explorer.service" # This variable represents a command that is used to restart the service
-    BLOCKSCOUT_VERSION: "v1.3.9-beta" # Added to the footer to signify the current BlockScout version
+    BLOCKSCOUT_VERSION: "v1.3.11-beta" # Added to the footer to signify the current BlockScout version
     RELEASE_LINK: "https://github.com/poanetwork/blockscout/releases/tag/v1.3.9-beta" # The link to Blockscout release notes in the footer.
     ELIXIR_VERSION: "v1.8.1" # Elixir version to install on the node before Blockscout deploy
     BLOCK_TRANSFORMER: "base" # Transformer for blocks: base or clique.
     GRAPHIQL_TRANSACTION: "0xbc426b4792c48d8ca31ec9786e403866e14e7f3e4d39c7f2852e518fae529ab4" # Random tx hash on the network, used as default for graphiql tx.
-    FIRST_BLOCK: 0 # The block number, where indexing begins from.
     TXS_COUNT_CACHE_PERIOD: 7200 # Interval in seconds to restart the task, which calculates the total txs count.
     ADDRESS_WITH_BALANCES_UPDATE_INTERVAL: 1800 #Interval in seconds to restart the task, which calculates addresses with balances
     LINK_TO_OTHER_EXPLORERS: "false" # If true, links to other explorers are added in the footer
     USE_PLACEMENT_GROUP: "false" # If true, BlockScout instance will be created in the placement group
-    EXQ_BLOCKS_CONCURRENCY="1"
-    EXQ_INTERNAL_TRANSACTIONS_CONCURRENCY="1"
-    EXQ_TRANSACTIONS_CONCURRENCY="1"
-
-## Region. It is recommended to deploy to us-east-1 as some of the other regions fails due to varied reasons
-region: "us-east-1"
+    #The following variables are optional
+    #FIRST_BLOCK: 0 # The block number, where indexing begins from.
+    #COINMARKETCAP_PAGES: 10 # Sets the number of pages at Coinmarketcap to search coin at. Defaults to 10
+    #METADATA_CONTRACT: # Address of metadata smart contract. Used by POA Network to obtain Validators information to display in the UI
+    #VALIDATORS_CONTRACT: #Address of the EMission Fund smart contract
+    #SUPPLY_MODULE: "false" # Used by the xDai Chain to calculate the total supply of the chain
+    #SOURCE_MODULE: "false" # Used to calculate the total supply 
+    #DATABASE_URL: # Database URL. Usually generated automatically, but this variable can be used to modify the URL of the databases during the updates.
+    #CHECK_ORIGIN: "false" # Used to check the origin of requests when the origin header is present
+    #DATADOG_HOST: # Host configuration variable for Datadog integration
+    #DATADOG_PORT: # Port configuration variable for Datadog integration
+    #SPANDEX_BATCH_SIZE: # Spandex and Datadog configuration setting.
+    #SPANDEX_SYNC_THRESHOLD: # 	Spandex and Datadog configuration setting.

group_vars/infrastructure.yml.example

@@ -24,9 +24,6 @@ dns_zone_name: "poa.internal"
 ## Size of the EC2 instance EBS root volume
 root_block_size: 120
 
-## The following variable represents the elixir version that will be used to run BlockScout instance. Will be used to download the Elixir at the following link: https://github.com/elixir-lang/elixir/releases/download/{{ elixir_version }}/Precompiled.zip
-elixir_version: "v1.7.4"
-
 # DB related variables
 
 ## This value represents the name of the DB that will be created/attached. Must be unique. Will be prefixed with `prefix` variable.

roles/attach_existing_rds/tasks/main.yml

@@ -16,6 +16,8 @@
   template:
     src: roles/main_infra/templates/terraform.tfvars.j2
     dest: roles/main_infra/files/terraform.tfvars
+  vars:
+    db_iops: "{{ chain_db_iops | default({}) }}"
 
 - name: Generating backend file
   template:
@@ -23,6 +25,12 @@
     dest: roles/main_infra/files/backend.tfvars
   when: backend|bool == true
 
+- name: Generate Terraform files
+  template:
+    src: "{{ item.key }}"
+    dest: "{{ item.value }}"
+  with_dict: {roles/main_infra/templates/hosts.tf.j2: roles/main_infra/files/hosts.tf,roles/main_infra/templates/routing.tf.j2: roles/main_infra/files/routing.tf,roles/main_infra/templates/provider.tf.j2: roles/main_infra/files/provider.tf}
+
 #Workaround since terraform module return unexpected error.
 - name: Initialize Terraform
   shell: "echo yes | {{ terraform_location }} init{{ ' -backend-config=backend.tfvars' if backend|bool == true else '' }}"

roles/destroy/tasks/main.yml

@@ -16,6 +16,8 @@
   template:
     src: roles/main_infra/templates/terraform.tfvars.j2
     dest: roles/main_infra/files/terraform.tfvars
+  vars:
+    db_iops: "{{ chain_db_iops | default({}) }}"
 
 - name: Generating backend file
   template:
@@ -23,6 +25,12 @@
     dest: roles/main_infra/files/backend.tfvars
   when: backend|bool == true
 
+- name: Generate Terraform files
+  template:
+    src: "{{ item.key }}"
+    dest: "{{ item.value }}"
+  with_dict: {roles/main_infra/templates/hosts.tf.j2: roles/main_infra/files/hosts.tf,roles/main_infra/templates/routing.tf.j2: roles/main_infra/files/routing.tf,roles/main_infra/templates/provider.tf.j2: roles/main_infra/files/provider.tf}
+
 # This is due to the TF0.11 bug which do not allow to completely destroy resources if interpolation syntax is used in outputs.tf at edge cases
 - name: Check if outputs.tf exists
   stat: path=roles/main_infra/files/outputs.tf
@@ -40,6 +48,13 @@
     - "init {{ '-backend-config=backend.tfvars' if backend|bool == true else '' }}"
     - destroy
 
+- name: Delete vars from parameter store
+  include: parameter_store.yml
+  loop: "{{ chain_custom_environment.keys() }}"
+  loop_control:
+    loop_var: chain
+    index_var: index
+
 - name: Check if outputs.tf.backup exists
   stat: path=roles/main_infra/files/outputs.tf.backup
   register: outputs_backup_stat
@@ -58,9 +73,27 @@
     name: "{{ prefix }}-{{ bucket }}"
     state: absent
     force: yes
+    profile: "{{ profile }}"
+    aws_access_key: "{{ access_key }}"
+    aws_secret_key: "{{ secret_key }}"
+    region: "{{ region }}"
+  vars:
+    access_key: "{{ aws_access_key|default(omit) }}"
+    secret_key: "{{ aws_secret_key|default(omit) }}"
+    profile: "{{ aws_profile|default(omit) }}"
+    region: "{{ aws_region|default(omit) }}"
   when: user_answer.user_input|bool == True
 
 - dynamodb_table:
     name: "{{ prefix }}-{{ dynamodb_table }}"
     state: absent
+    profile: "{{ profile }}"
+    aws_access_key: "{{ access_key }}"
+    aws_secret_key: "{{ secret_key }}"
+    region: "{{ region }}"
+  vars:
+    access_key: "{{ aws_access_key|default(omit) }}"
+    secret_key: "{{ aws_secret_key|default(omit) }}"
+    profile: "{{ aws_profile|default(omit) }}"
+    region: "{{ aws_region|default(omit) }}"
   when: user_answer.user_input|bool == True

roles/destroy/tasks/parameter_store.yml

@@ -0,0 +1,29 @@
+- name: Fetch environment variables (via access key)
+  set_fact:
+    chain_env: "{{ lookup('aws_ssm', path, aws_access_key=aws_access_key, aws_secret_key=aws_secret_key, region=region, shortnames=true, bypath=true, recursive=true  ) }}"
+  vars:
+    path: "/{{ prefix }}/{{ chain }}"
+  when: aws_access_key is defined
+
+- name: Fetch environment variables (via profile)
+  set_fact:
+    chain_env: "{{ lookup('aws_ssm', path, aws_profile=aws_profile, shortnames=true, bypath=true, recursive=true  ) }}"
+  vars:
+    path: "/{{ prefix }}/{{ chain }}"
+  when: aws_profile is defined
+
+- name: Remove chain variables
+  aws_ssm_parameter_store:
+    name: "/{{ prefix }}/{{ chain }}/{{ item.key }}"    
+    value: "{{ item.value }}"
+    state: absent
+    profile: "{{ profile }}"
+    aws_access_key: "{{ access_key }}"
+    aws_secret_key: "{{ secret_key }}"
+    region: "{{ region }}"
+  vars:
+    access_key: "{{ aws_access_key|default(omit) }}"
+    secret_key: "{{ aws_secret_key|default(omit) }}"    
+    profile: "{{ aws_profile|default(omit) }}"
+    region: "{{ aws_region|default(omit) }}"
+  with_dict: "{{ chain_env }}"

roles/dynamodb/tasks/main.yml

@@ -8,3 +8,12 @@
     tags:
       origin: terraform
       prefix: "{{ prefix }}"
+    profile: "{{ profile }}"
+    aws_access_key: "{{ access_key }}"
+    aws_secret_key: "{{ secret_key }}"
+    region: "{{ region }}"
+  vars:
+    access_key: "{{ aws_access_key|default(omit) }}"
+    secret_key: "{{ aws_secret_key|default(omit) }}"
+    profile: "{{ aws_profile|default(omit) }}"
+    region: "{{ aws_region|default(omit) }}"

roles/main_infra/files/provider.tf

@@ -1,5 +0,0 @@
-provider "aws" {
-  version = "~> 1.15"
-
-  region = "${var.region}"
-}

roles/main_infra/files/variables.tf

@@ -1,4 +1,3 @@
-variable "region" {}
 variable "prefix" {}
 variable "key_name" {}
 variable "vpc_cidr" {}
@@ -7,13 +6,15 @@ variable "db_subnet_cidr" {}
 variable "dns_zone_name" {}
 variable "instance_type" {}
 variable "root_block_size" {}
+
 variable "pool_size" {
   default = {} 
 }
-variable "elixir_version" {}
+
 variable "use_placement_group" {
   default = {}
 }
+
 variable "key_content" {
   default = ""
 }

roles/main_infra/tasks/main.yml

@@ -40,7 +40,7 @@
   template:
     src: "{{ item.key }}"
     dest: "{{ item.value }}"
-  with_dict: {hosts.tf.j2: roles/main_infra/files/hosts.tf,routing.tf.j2: roles/main_infra/files/routing.tf}
+  with_dict: {hosts.tf.j2: roles/main_infra/files/hosts.tf,routing.tf.j2: roles/main_infra/files/routing.tf,provider.tf.j2: roles/main_infra/files/provider.tf}
     
 #Workaround since terraform module return unexpected error.
 - name: Terraform plan construct

roles/main_infra/tasks/parameter_store.yml

@@ -9,8 +9,13 @@
   aws_ssm_parameter_store:
     name: "/{{ prefix }}/{{ chain }}/{{ item.key }}"
     value: "{{ item.value }}"
+    profile: "{{ profile }}"
+    aws_access_key: "{{ access_key }}"
+    aws_secret_key: "{{ secret_key }}"
+    region: "{{ region }}"
   with_dict: "{{ chain_ps_env }}"
-  environment:
-    AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
-    AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
-    AWS_REGION: "{{ region }}"
+  vars:
+    access_key: "{{ aws_access_key|default(omit) }}"
+    secret_key: "{{ aws_secret_key|default(omit) }}"
+    profile: "{{ aws_profile|default(omit) }}"
+    region: "{{ aws_region|default(omit) }}"

roles/main_infra/templates/backend.tfvars.j2

@@ -1,4 +1,3 @@
-region         = "{{ ansible_env.AWS_REGION }}"
 bucket         = "{{ prefix }}-{{ bucket }}"
 dynamodb_table = "{{ prefix }}-{{ dynamodb_table }}"
 key            = "terraform.tfstate"

roles/main_infra/templates/hosts.tf.j2

@@ -40,10 +40,12 @@ resource "aws_launch_configuration" "explorer" {
 }
 
 {% for key, value in chain_custom_environment.iteritems() %}
+{% if value['USE_PLACEMENT_GROUP']|default('true') == "true" %}
 resource "aws_placement_group" "explorer-{{key}}" {
   name     = "${var.prefix}-{{key}}-explorer-pg"
   strategy = "cluster"
 }
+{% endif %}
 {% endfor %}
 
 {% for key, value in chain_custom_environment.iteritems() %}
@@ -52,7 +54,7 @@ resource "aws_autoscaling_group" "explorer-{{key}}" {
   max_size             = "4"
   min_size             = "1"
   desired_capacity     = "1"
-{% if value['USE_PLACEMENT_GROUP'] == "true" %}  placement_group      = "${var.prefix}-{{key}}-explorer-pg" {% endif %}
+{% if value['USE_PLACEMENT_GROUP']|default('true') == "true" %}  placement_group      = "${var.prefix}-{{key}}-explorer-pg" {% endif %}
   launch_configuration = "${aws_launch_configuration.explorer.name}"
   vpc_zone_identifier  = ["${aws_subnet.default.id}"]
   availability_zones   = ["${data.aws_availability_zones.available.names}"]
@@ -92,6 +94,12 @@ resource "aws_autoscaling_group" "explorer-{{key}}" {
     value               = "{{ key }}"
     propagate_at_launch = true
   }
+
+  tag {
+    key                 = "Name"
+    value               = "{{ key }} Application"
+    propagate_at_launch = true
+  }
 }
 
 # TODO: These autoscaling policies are not currently wired up to any triggers

roles/main_infra/templates/provider.tf.j2

@@ -0,0 +1,7 @@
+provider "aws" {
+  version  = "~> 1.15"
+{% if aws_access_key is undefined %}
+  profile  = "{{ aws_profile|default("default") }}"
+{% endif %}
+  region   = "{{ aws_region|default("us-east-1") }}"
+}

roles/main_infra/templates/remote-backend-selector.tf.j2

@@ -1,4 +1,11 @@
 terraform {
   backend "s3" {
+    {% if aws_access_key is undefined %}
+      profile    = "{{ aws_profile|default("default") }}"
+    {% else %}
+      access_key = "{{ aws_access_key }}"
+      secret_key = "{{ aws_secret_key }}"
+    {% endif %}
+      region     = "{{ aws_region }}"
   }
 }

roles/main_infra/templates/routing.tf.j2

@@ -63,7 +63,7 @@ resource "aws_alb_listener" "alb_listener{{loop.index-1}}" {
   load_balancer_arn = "${aws_lb.explorer.*.arn[{{loop.index-1}}]}"
   port              = "${lookup(var.use_ssl,element(var.chains,{{loop.index-1}})) ?  "443" : "80" }"
   protocol          = "${lookup(var.use_ssl,element(var.chains,{{loop.index-1}})) ?  "HTTPS" : "HTTP" }"
-{% if value['ECTO_USE_SSL'] == "true" %}
+{% if value['ECTO_USE_SSL']|default('false') == "true" %}
   ssl_policy        = "${lookup(var.alb_ssl_policy,element(var.chains,{{loop.index-1}}))}"
   certificate_arn   = "${lookup(var.alb_certificate_arn,element(var.chains,{{loop.index-1}}))}"
 {% endif %}

roles/main_infra/templates/terraform.tfvars.j2

@@ -1,42 +1,41 @@
-region                = "{{ ansible_env.AWS_REGION }}"
-prefix                = "{{ prefix }}"
-key_name              = "{{ ec2_ssh_key_name }}"
-key_content           = "{{ ec2_ssh_key_content }}"
-vpc_cidr              = "{{ vpc_cidr }}"
-public_subnet_cidr    = "{{ public_subnet_cidr  }}"
-db_subnet_cidr        = "{{ db_subnet_cidr }}"
-dns_zone_name         = "{{ dns_zone_name }}"
-instance_type         = "{{ instance_type }}"
-root_block_size       = "{{ root_block_size }}"
-elixir_version        = "{{ elixir_version }}"
+prefix             = "{{ prefix }}"
+key_name           = "{{ ec2_ssh_key_name }}"
+key_content        = "{{ ec2_ssh_key_content }}"
+vpc_cidr           = "{{ vpc_cidr }}"
+public_subnet_cidr = "{{ public_subnet_cidr  }}"
+db_subnet_cidr     = "{{ db_subnet_cidr }}"
+dns_zone_name      = "{{ dns_zone_name }}"
+instance_type      = "{{ instance_type }}"
+root_block_size    = "{{ root_block_size }}"
 
 pool_size = {
 {% for key, value in chain_custom_environment.iteritems() %}
-{{ key }}="{{ value['POOL_SIZE'] }}"{% if not loop.last %},{% endif %}
+{{ key }}="{{ value['POOL_SIZE']|default('30') }}"{% if not loop.last %},{% endif %}
 {% endfor %}
 }
 
 secret_key_base = {
 {% for key, value in chain_custom_environment.iteritems() %}
-{{ key }}="{{ value['SECRET_KEY_BASE'] }}"{% if not loop.last %},{% endif %}
+{{ key }}="{{ value['SECRET_KEY_BASE']|default('TPGMvGK0iIwlXBQuQDA5KRqk77VETbEBlG4gAWeb93TvBsYAjvoAvdODMd6ZeguPwf2YTRY3n7uvxXzQP4WayQ==') }}"{% if not loop.last %},{% endif %}
 {% endfor %}
 }
 
 use_ssl = {
 {% for key, value in chain_custom_environment.iteritems() %}
-{{ key }}="{{ value['ECTO_USE_SSL'] }}"{% if not loop.last %},{% endif %}
+{{ key }}="{{ value['ECTO_USE_SSL']|default('false') }}"{% if not loop.last %},{% endif %}
 {% endfor %}
 }
 
+
 alb_ssl_policy = {
 {% for key, value in chain_custom_environment.iteritems() %}
-{{ key }}="{{ value['ALB_SSL_POLICY'] }}"{% if not loop.last %},{% endif %}
+{{ key }}="{{ value['ALB_SSL_POLICY']|default('') }}"{% if not loop.last %},{% endif %}
 {% endfor %}
 }
 
 alb_certificate_arn = {
 {% for key, value in chain_custom_environment.iteritems() %}
-{{ key }}="{{ value['ALB_CERTIFICATE_ARN'] }}"{% if not loop.last %},{% endif %}
+{{ key }}="{{ value['ALB_CERTIFICATE_ARN']|default('') }}"{% if not loop.last %},{% endif %}
 {% endfor %}
 }
 

roles/main_software/tasks/main.yml

@@ -30,6 +30,13 @@
   template:
     src: dev.secret.exs.j2 
     dest: "blockscout-{{ chain }}/apps/explorer/config/dev.secret.exs" 
+  when: ps_db is defined 
+
+- name: Copy default explorer config files
+  copy:
+    src: "blockscout-{{ chain }}/apps/explorer/config/dev.secret.exs.example"
+    dest: "blockscout-{{ chain }}/apps/explorer/config/dev.secret.exs"
+  when: ps_db is undefined or ps_db == ""
 
 - name: Remove static assets from previous deployment, if any
   file:
@@ -69,24 +76,34 @@
   args:
     chdir: "blockscout-{{ chain }}/apps/block_scout_web"
 
-- name: Fetch environment variables
+- name: Fetch environment variables (via access key)
   set_fact: 
     chain_env: "{{ lookup('aws_ssm', path, aws_access_key=aws_access_key, aws_secret_key=aws_secret_key, region=region, shortnames=true, bypath=true, recursive=true  ) }}"
   vars:
     path: "/{{ prefix }}/{{ chain }}"
+  when: aws_access_key is defined
+
+- name: Fetch environment variables (via profile)
+  set_fact:
+    chain_env: "{{ lookup('aws_ssm', path, aws_profile=aws_profile, shortnames=true, bypath=true, recursive=true  ) }}"
+  vars:
+    path: "/{{ prefix }}/{{ chain }}"
+  when: aws_profile is defined
 
 - name: Make config variables lowercase
   set_fact:
     chain_lower_env: "{{ chain_lower_env | combine ({item.key|lower : item.value})  }}"
   with_dict: "{{ chain_custom_environment_chain }}"
+  when: chain_custom_environment_chain|length > 0
   vars:
     chain_lower_env: {}
-    chain_custom_environment_chain: "{{ chain_cec[chain] | default({}) }}"
+    chain_custom_environment_chain: "{{ chain_cec[chain] | default({}) if chain_cec[chain]>0 else {} }}"
     chain_cec: "{{ chain_custom_environment | default ({}) }}"
 
 - name: Override env variables
   set_fact:
     chain_env: "{{ chain_env | combine(chain_lower_env) }}"
+  when: chain_lower_env is defined
 
 - name: Uppercase chain 
   set_fact:
@@ -115,11 +132,13 @@
         msg: "Execution aborted."
   always:
     - name: kill server
-      command: "pkill -e {{ item }}"
+      command: "pkill -f {{ item }}"
       with_items:
         - beam.smp
         - node
+        - erlang
       failed_when: false  
+      when: 
  
 - name: Build static assets
   command: mix phx.digest
@@ -144,23 +163,18 @@
   when: user_answer.user_input|lower != "false" and user_answer.user_input|lower != "no"  
 
 - name: Fix bug with favicon 
-  copy:
-    src: "{{ item }}"
-    dest: "blockscout-{{ chain }}/apps/block_scout_web/priv/static/images/"
-  with_fileglob:
-    - "blockscout-{{ chain }}/apps/block_scout_web/priv/static/favicon*"
+  replace:
+    regexp: 'favicon-[a-z0-9]+?\.ico'
+    replace: "favicon.ico"
+    path: "blockscout-{{ chain }}/apps/block_scout_web/priv/static/cache_manifest.json"
 
 - name: Upload Blockscout to S3
-  command: "aws deploy push --application-name={{ prefix }}-explorer --s3-location s3://{{ prefix }}-explorer-codedeploy-releases/blockscout-{{ chain }}.zip --source=blockscout-{{ chain }}"
+  command: "{{ 'AWS_ACCESS_KEY='~aws_access_key~' AWS_SECRET_ACCESS_KEY='~aws_secret_key~' AWS_DEFAULT_REGION='~aws_region if aws_profile is undefined else '' }} aws deploy push --application-name={{ prefix }}-explorer --s3-location s3://{{ prefix }}-explorer-codedeploy-releases/blockscout-{{ chain }}.zip --source=blockscout-{{ chain }} {{ '--profile='~aws_profile if aws_profile is defined else '' }}"
   register: push_output
-  environment:
-    AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
-    AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
-    AWS_REGION: "{{ region }}"
 
 - name: Upload output
   debug:
-    msg: "If deployment will fail, you can try to deploy blockscout manually using the following commands: {{ push_output.stdout_lines }}" 
+    msg: "If deployment will fail, you can try to deploy blockscout manually using the following commands: {{ 'AWS_ACCESS_KEY=XXXXXXXXXXXXXX AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXX AWS_DEFAULT_REGION='~aws_region if aws_profile is undefined else '' }} {{ push_output.stdout_lines }} {{ '--profile='~aws_profile if aws_profile is defined else '' }}" 
 
 - name: User prompt
   pause:
@@ -171,11 +185,17 @@
   aws_ssm_parameter_store:
     name: "/{{ prefix }}/{{ chain }}/{{ item.key }}" 
     value: "{{ item.value }}"
+    profile: "{{ profile }}"
+    aws_access_key: "{{ access_key }}"
+    aws_secret_key: "{{ secret_key }}"
+    region: "{{ region }}"
+  vars:
+    access_key: "{{ aws_access_key|default(omit) }}"
+    secret_key: "{{ aws_secret_key|default(omit) }}"
+    profile: "{{ aws_profile|default(omit) }}"
+    region: "{{ aws_region|default(omit) }}"
   with_dict: "{{ chain_env }}"
-  environment:
-    AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
-    AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
-    AWS_REGION: "{{ region }}"
+  
   when: user_answer.user_input|lower != "false" and user_answer.user_input|lower != "no"
 
 - name: User prompt
@@ -184,9 +204,5 @@
   register: user_answer
 
 - name: Deploy Blockscout
-  command: "{{ push_output.stdout_lines[1] }} --deployment-group-name {{ prefix }}-explorer-dg{{ index }} --deployment-config-name CodeDeployDefault.OneAtATime --description '{{ chain_upper_env['BLOCKSCOUT_VERSION']  }}'" 
+  command: "{{ 'AWS_ACCESS_KEY='~aws_access_key~' AWS_SECRET_ACCESS_KEY='~aws_secret_key~' AWS_DEFAULT_REGION='~aws_region if aws_profile is undefined else '' }} {{ push_output.stdout_lines[1] }} --deployment-group-name {{ prefix }}-explorer-dg{{ index }} --deployment-config-name CodeDeployDefault.OneAtATime --description '{{ chain_upper_env['BLOCKSCOUT_VERSION']  }}' {{ '--profile='~aws_profile if aws_profile is defined else '' }}" 
   when: user_answer.user_input|lower != "false" and user_answer.user_input|lower != "no"
-  environment:
-    AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
-    AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
-    AWS_REGION: "{{ region }}"

roles/s3/tasks/main.yml

@@ -3,6 +3,15 @@
     bucket: "{{ prefix }}-{{ bucket }}" 
     mode: create
     permission: private
+    profile: "{{ profile }}"
+    aws_access_key: "{{ access_key }}"
+    aws_secret_key: "{{ secret_key }}"
+    region: "{{ region }}"
+  vars:
+    access_key: "{{ aws_access_key|default(omit) }}"
+    secret_key: "{{ aws_secret_key|default(omit) }}"
+    profile: "{{ aws_profile|default(omit) }}"
+    region: "{{ aws_region|default(omit) }}"
 
 - name: Apply tags and versioning to create S3 bucket
   s3_bucket:
@@ -11,6 +20,15 @@
     tags:
       origin: terraform
       prefix: "{{ prefix }}"
+    profile: "{{ profile }}"
+    aws_access_key: "{{ access_key }}"
+    aws_secret_key: "{{ secret_key }}"
+    region: "{{ region }}"
+  vars:
+    access_key: "{{ aws_access_key|default(omit) }}"
+    secret_key: "{{ aws_secret_key|default(omit) }}"
+    profile: "{{ aws_profile|default(omit) }}"
+    region: "{{ aws_region|default(omit) }}"
 
 - name: Add lifecycle management policy to created S3 bucket
   s3_lifecycle:
@@ -19,6 +37,15 @@
     noncurrent_version_expiration_days: 90
     status: enabled
     state: present
+    profile: "{{ profile }}"
+    aws_access_key: "{{ access_key }}"
+    aws_secret_key: "{{ secret_key }}"
+    region: "{{ region }}"
+  vars:
+    access_key: "{{ aws_access_key|default(omit) }}"
+    secret_key: "{{ aws_secret_key|default(omit) }}"
+    profile: "{{ aws_profile|default(omit) }}"
+    region: "{{ aws_region|default(omit) }}"
 
 - name: Check if config file exists 
   stat:
@@ -50,6 +77,15 @@
     object: all.yml
     src: "{{ playbook_dir }}/group_vars/all.yml.temp"
     mode: put
+    profile: "{{ profile }}"
+    aws_access_key: "{{ access_key }}"
+    aws_secret_key: "{{ secret_key }}"
+    region: "{{ region }}"
+  vars:
+    access_key: "{{ aws_access_key|default(omit) }}"
+    secret_key: "{{ aws_secret_key|default(omit) }}"
+    profile: "{{ aws_profile|default(omit) }}"
+    region: "{{ aws_region|default(omit) }}"
   when: upload_config_to_s3|bool == True and stat_result.stat.exists == True
 
 - name: Remove temp file