Fix defaults, add SSL variables

group_vars/all.yml.example

@@ -32,16 +32,19 @@ chain_custom_environment:
     ETHEREUM_JSONRPC_WS_URL: "ws://localhost:8546" # Network RPC endpoint in websocket mode
     NETWORK_PATH: "/poa/core" # relative URL path, for example: blockscout.com/$NETWORK_PATH
     SECRET_KEY_BASE: "TPGMvGK0iIwlXBQuQDA5KRqk77VETbEBlG4gAWeb93TvBsYAjvoAvdODMd6ZeguPwf2YTRY3n7uvxXzQP4WayQ==" # Secret key for production assets protection. Use `mix phx.gen.secret` or `openssl rand -base64 64 | tr -d '\n'` to generate
-    CHECK_ORIGIN: false # Used to check the origin of requests when the origin header is present
+    #CHECK_ORIGIN: "false" # Used to check the origin of requests when the origin header is present
     PORT: 4000 # Port the application runs on
     COIN: "POA" # Coin name at the Coinmarketcap, used to display current exchange rate
     #METADATA_CONTRACT: # Address of metadata smart contract. Used by POA Network to obtain Validators information to display in the UI
     #VALIDATORS_CONTRACT: #Address of the EMission Fund smart contract
-    SUPPLY_MODULE: false # Used by the xDai Chain to calculate the total supply of the chain
-    SOURCE_MODULE: false # Used to calculate the total supply 
+    #SUPPLY_MODULE: "false" # Used by the xDai Chain to calculate the total supply of the chain
+    #SOURCE_MODULE: "false" # Used to calculate the total supply 
     #DATABASE_URL: # Database URL. Usually generated automatically, but this variable can be used to modify the URL of the databases during the updates.
     POOL_SIZE: 20 # Defines the number of database connections allowed 
-    ECTO_USE_SSL: false # Specifies whether or not to use SSL on Ecto queries
+    ECTO_USE_SSL: "false" # Specifies whether or not to use SSL on Ecto queries
+    ALB_SSL_POLICY: "ELBSecurityPolicy-2016-08" #SSL policy for Load Balancer. Required if ECTO_USE_SSL is set to true
+    ALB_CERTIFICATE_ARN: "arn:aws:acm:us-east-1:290379793816:certificate/6d1bab74-fb46-4244-aab2-832bf519ab24" #ARN of the certificate to attach to the LB. Required if ECTO_USE_SSL is set to
+ true
     #DATADOG_HOST: # Host configuration variable for Datadog integration
     #DATADOG_PORT: # Port configuration variable for Datadog integration
     #SPANDEX_BATCH_SIZE: # Spandex and Datadog configuration setting.
@@ -58,6 +61,9 @@ chain_custom_environment:
     ADDRESS_WITH_BALANCES_UPDATE_INTERVAL: 1800 #Interval in seconds to restart the task, which calculates addresses with balances
     LINK_TO_OTHER_EXPLORERS: "false" # If true, links to other explorers are added in the footer
     USE_PLACEMENT_GROUP: "false" # If true, BlockScout instance will be created in the placement group
+    EXQ_BLOCKS_CONCURRENCY="1"
+    EXQ_INTERNAL_TRANSACTIONS_CONCURRENCY="1"
+    EXQ_TRANSACTIONS_CONCURRENCY="1"
 
 ## Region. It is recommended to deploy to us-east-1 as some of the other regions fails due to varied reasons
 region: "us-east-1"

group_vars/infrastructure.yml.example

@@ -21,16 +21,9 @@ db_subnet_cidr: "10.0.1.0/16"
 ## Internal DNS zone will looks like:
 dns_zone_name: "poa.internal"
 
-## The following settngs are related to SSL of Application Load Balancer that will be deployed to AWS. If ECTO_USE_SSL is set to false, alb_* variables can be omitted
-alb_ssl_policy: "ELBSecurityPolicy-2016-08"
-alb_certificate_arn: "arn:aws:acm:us-east-1:290379793816:certificate/6d1bab74-fb46-4244-aab2-832bf519ab24"
-
 ## Size of the EC2 instance EBS root volume
 root_block_size: 120
 
-## Number of connections allowed by EC2 instance
-pool_size: 30
-
 ## The following variable represents the elixir version that will be used to run BlockScout instance. Will be used to download the Elixir at the following link: https://github.com/elixir-lang/elixir/releases/download/{{ elixir_version }}/Precompiled.zip
 elixir_version: "v1.7.4"
 

roles/main_infra/defaults/main.yml

@@ -9,8 +9,3 @@ db_subnet_cidr: "10.0.2.0/16"
 dns_zone_name: "poa.internal"
 instance_type: "m5.large"
 root_block_size: 8
-pool_size: 30
-alb_ssl_policy: "ELBSecurityPolicy-2016-08"
-new_relic_app_name: ""
-new_relic_license_key: ""
-use_ssl: false

roles/main_infra/files/variables.tf

@@ -62,8 +62,13 @@ variable "secret_key_base" {
   default = {} 
 }
 
-variable "alb_ssl_policy" {}
-variable "alb_certificate_arn" {}
+variable "alb_ssl_policy" {
+  default = {}
+}
+
+variable "alb_certificate_arn" {
+  default = {}
+}
 
 variable "use_ssl" {
   default = {} 

roles/main_infra/templates/routing.tf.j2

@@ -64,8 +64,8 @@ resource "aws_alb_listener" "alb_listener{{loop.index-1}}" {
   port              = "${lookup(var.use_ssl,element(var.chains,{{loop.index-1}})) ?  "443" : "80" }"
   protocol          = "${lookup(var.use_ssl,element(var.chains,{{loop.index-1}})) ?  "HTTPS" : "HTTP" }"
 {% if value['ECTO_USE_SSL'] == "true" %}
-  ssl_policy        = "${lookup(var.use_ssl,element(var.chains,{{loop.index-1}})) ? var.alb_ssl_policy : "null" }"
-  certificate_arn   = "${lookup(var.use_ssl,element(var.chains,{{loop.index-1}})) ? var.alb_certificate_arn : "null" }"
+  ssl_policy        = "${lookup(var.alb_ssl_policy,element(var.chains,{{loop.index-1}}))}"
+  certificate_arn   = "${lookup(var.alb_certificate_arn,element(var.chains,{{loop.index-1}}))}"
 {% endif %}
   default_action {
     type = "forward"

roles/main_infra/templates/terraform.tfvars.j2

@@ -8,8 +8,6 @@ db_subnet_cidr        = "{{ db_subnet_cidr }}"
 dns_zone_name         = "{{ dns_zone_name }}"
 instance_type         = "{{ instance_type }}"
 root_block_size       = "{{ root_block_size }}"
-alb_ssl_policy        = "{{ alb_ssl_policy }}"
-alb_certificate_arn   = "{{ alb_certificate_arn }}"
 elixir_version        = "{{ elixir_version }}"
 
 pool_size = {
@@ -30,6 +28,18 @@ use_ssl = {
 {% endfor %}
 }
 
+alb_ssl_policy = {
+{% for key, value in chain_custom_environment.iteritems() %}
+{{ key }}="{{ value['ALB_SSL_POLICY'] }}"{% if not loop.last %},{% endif %}
+{% endfor %}
+}
+
+alb_certificate_arn = {
+{% for key, value in chain_custom_environment.iteritems() %}
+{{ key }}="{{ value['ALB_CERTIFICATE_ARN'] }}"{% if not loop.last %},{% endif %}
+{% endfor %}
+}
+
 chains = [
 {% for key,value in chain_custom_environment.iteritems() %}
 "{{ key }}"{% if not loop.last %},{% endif %}