Merge pull request #4 from blockscout/add-verifier

merge

README.md

@@ -77,7 +77,8 @@ module "vpc" {
 
 | Name | Description | Type | Default                                                                                                                                                                                                                                                                                                                                                                                                                                   | Required |
 |------|-------------|------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------:|
-| <a name="input_blockscout_settings"></a> [blockscout\_settings](#input\_blockscout\_settings) | Settings of blockscout app | <pre>object({<br>    postgres_password             = string<br>    postgres_user                 = string<br>    postgres_host                 = string<br>    blockscout_docker_image       = string<br>    rpc_address                   = string<br>    chain_id                      = string<br>    rust_verification_service_url = string<br>    ws_address                    = string<br>  })</pre> | <pre>{<br>  "blockscout_docker_image": "blockscout/blockscout-polygon-supernets:5.1.0-prerelease-26e4d6e4",<br>  "chain_id": "93201",<br>  "postgres_host": "postgres",<br>  "postgres_password": "postgres",<br>  "postgres_user": "postgres",<br>  "rpc_address": "https://rpc-supertestnet.polygon.technology",<br>  "rust_verification_service_url": "https://sc-verifier.aws-k8s.blockscout.com/", <br>  "ws_address": ""<br>}</pre> | no |
+| <a name="input_blockscout_settings"></a> [blockscout\_settings](#input\_blockscout\_settings) | Settings of blockscout app | <pre>object({<br>    postgres_password             = optional(string, "postgres")<br>    postgres_user                 = optional(string, "postgres")<br>    postgres_host                 = optional(string, "postgres")<br>    blockscout_docker_image       = optional(string, "blockscout/blockscout-polygon-supernets:5.1.0-prerelease-26e4d6e4")<br>    rpc_address                   = optional(string, "https://rpc-supertestnet.polygon.technology")<br>    chain_id                      = optional(string, "93201")<br>    rust_verification_service_url = optional(string, "https://sc-verifier.aws-k8s.blockscout.com/")<br>    ws_address                    = optional(string, "")<br>    visualize_sol2uml_service_url = optional(string, "")<br>  })</pre> | `{}` | no |
+| <a name="input_verifier_settings"></a> [verifier\_settings](#input\_verifier\_settings) | Settings of verifier | <pre>object({<br>    docker_image                       = optional(string, "ghcr.io/blockscout/smart-contract-verifier:main")<br>    solidity_fetcher_list_url          = optional(string, "https://solc-bin.ethereum.org/linux-amd64/list.json")<br>    solidity_refresh_versions_schedule = optional(string, "0 0 * * * * *")<br>    vyper_fetcher_list_url             = optional(string, "https://raw.githubusercontent.com/blockscout/solc-bin/main/vyper.list.json")<br>    vyper_refresh_versions_schedule    = optional(string, "0 0 * * * * *")<br>    sourcify_api_url                   = optional(string, "https://sourcify.dev/server/")<br>  })</pre> | `{}` | no |
 | <a name="input_create_iam_instance_profile_ssm_policy"></a> [create\_iam\_instance\_profile\_ssm\_policy](#input\_create\_iam\_instance\_profile\_ssm\_policy) | Determines whether an IAM instance profile with SSM policy is created or to use an existing IAM instance profile | `string` | `false` | no |
 | <a name="input_deploy_ec2_instance_db"></a> [deploy\_ec2\_instance\_db](#input\_deploy\_ec2\_instance\_db) | Create ec2 instance with postgresql db in docker | `bool` | `true` | no |
 | <a name="input_deploy_rds_db"></a> [deploy\_rds\_db](#input\_deploy\_rds\_db) | Enabled deploy rds | `bool` | `false` | no |
@@ -102,10 +103,18 @@ module "vpc" {
 | <a name="input_tags"></a> [tags](#input\_tags) | Add custom tags for all resources managed by this script | `map(string)` | `{}` | no |
 | <a name="input_ui_and_api_instance_type"></a> [ui\_and\_api\_instance\_type](#input\_ui\_and\_api\_instance\_type) | AWS instance type | `string` | `"t2.medium"` | no |
 | <a name="input_user"></a> [user](#input\_user) | What user to service run as | `string` | `"root"` | no |
+| <a name="input_verifier_enabled"></a> [verifier\_enabled](#input\_verifier\_enabled) | Verifier deploy | `bool` | `true` | no |
+| <a name="input_verifier_instance_type"></a> [verifier\_instance\_type](#input\_verifier\_instance\_type) | AWS instance type | `string` | `"t2.medium"` | no |
+| <a name="input_verifier_replicas"></a> [verifier\_replicas](#input\_verifier\_replicas) | Number of verifier replicas | `number` | `2` | no |
+| <a name="input_visualizer_enabled"></a> [visualizer\_enabled](#input\_visualizer\_enabled) | Visualizer deploy | `bool` | `true` | no |
+| <a name="input_visualizer_replicas"></a> [visualizer\_replicas](#input\_visualizer\_replicas) | Number of visualizer replicas | `number` | `2` | no |
 | <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | VPC cidr | `string` | `"10.105.0.0/16"` | no |
 | <a name="input_vpc_name"></a> [vpc\_name](#input\_vpc\_name) | VPC name | `string` | `""` | no |
 | <a name="input_vpc_private_subnet_cidrs"></a> [vpc\_private\_subnet\_cidrs](#input\_vpc\_private\_subnet\_cidrs) | Not required! You can set custom private subnets | `list(string)` | `null` | no |
 | <a name="input_vpc_public_subnet_cidrs"></a> [vpc\_public\_subnet\_cidrs](#input\_vpc\_public\_subnet\_cidrs) | Not required! You can set custom public subnets | `list(string)` | `null` | no |
+| <a name="input_visualizer_docker_image"></a> [visualizer\_docker\_image](#input\_visualizer\_docker\_image) | Docker image of visualizer | `string` | `"ghcr.io/blockscout/visualizer:latest"` | no |
+
+
 
 ## Outputs
 

alb/main.tf

@@ -0,0 +1,55 @@
+module "alb" {
+  source             = "terraform-aws-modules/alb/aws"
+  version            = "8.2.1"
+  name               = var.name
+  internal           = var.internal
+  load_balancer_type = "application"
+  vpc_id             = var.vpc_id
+  subnets            = var.subnets
+  security_groups    = [var.security_groups]
+  target_groups = [
+    {
+      name_prefix      = var.name_prefix
+      backend_protocol = "HTTP"
+      backend_port     = var.backend_port
+      target_type      = "instance"
+      health_check = {
+        enabled             = true
+        interval            = 30
+        path                = var.health_check_path
+        port                = "traffic-port"
+        healthy_threshold   = 3
+        unhealthy_threshold = 3
+        timeout             = 6
+        protocol            = "HTTP"
+        matcher             = "200-399"
+      }
+    }
+  ]
+  http_tcp_listeners = var.ssl_certificate_arn != "" ? [
+    {
+      port        = 80
+      protocol    = "HTTP"
+      action_type = "redirect"
+      redirect = {
+        port        = "443"
+        protocol    = "HTTPS"
+        status_code = "HTTP_301"
+      }
+    }] : [
+    {
+      port        = 80
+      protocol    = "HTTP"
+      action_type = "forward"
+      redirect    = {}
+  }]
+  https_listeners = var.ssl_certificate_arn != "" ? [
+    {
+      port               = 443
+      protocol           = "HTTPS"
+      target_group_index = 0
+      certificate_arn    = var.ssl_certificate_arn
+    }
+  ] : []
+  tags = var.tags
+}

alb/output.tf

@@ -0,0 +1,7 @@
+output "target_group_arns" {
+  value = module.alb.target_group_arns
+}
+
+output "lb_dns_name" {
+  value = module.alb.lb_dns_name
+}

alb/variables.tf

@@ -0,0 +1,31 @@
+variable "name" {
+  type = string
+}
+variable "internal" {
+  type = bool
+}
+variable "vpc_id" {
+  type = string
+}
+variable "subnets" {
+  type = list(any)
+}
+variable "security_groups" {
+  type = string
+}
+variable "name_prefix" {
+  type = string
+}
+variable "backend_port" {
+  type = string
+}
+variable "health_check_path" {
+  type = string
+}
+variable "tags" {
+  type = any
+}
+variable "ssl_certificate_arn" {
+  type    = string
+  default = ""
+}

asg/main.tf

@@ -0,0 +1,78 @@
+module "ec2_asg" {
+  source                    = "terraform-aws-modules/autoscaling/aws"
+  version                   = "v6.7.1"
+  name                      = var.name
+  min_size                  = var.min_size
+  max_size                  = var.max_size
+  wait_for_capacity_timeout = 0
+  health_check_type         = "EC2"
+  vpc_zone_identifier       = var.vpc_zone_identifier
+  instance_refresh = {
+    strategy = "Rolling"
+    preferences = {
+      min_healthy_percentage = 100
+    }
+    triggers = ["tag"]
+  }
+  launch_template_name        = var.launch_template_name
+  launch_template_description = "Launch template"
+  update_default_version      = true
+  image_id                    = var.image_id
+  instance_type               = var.instance_type
+  ebs_optimized               = false
+  enable_monitoring           = false
+  create_iam_instance_profile = var.create_iam_instance_profile
+  iam_instance_profile_arn    = var.iam_instance_profile_arn
+  iam_role_name               = var.iam_role_name
+  iam_role_path               = "/"
+  iam_role_description        = "IAM role"
+  iam_role_tags = {
+    CustomIamRole = "Yes"
+  }
+  iam_role_policies = {
+    AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+  }
+  user_data = base64encode(templatefile(
+    "${path.module}/../templates/init_script.tftpl",
+    {
+      docker_compose_str = templatefile(
+        "${path.module}/../templates/docker_compose${var.docker_compose_file_postfix}.tftpl",
+        var.docker_compose_config
+      )
+      path_docker_compose_files = var.path_docker_compose_files
+      user                      = var.user
+    }
+  ))
+  block_device_mappings = [
+    {
+      device_name = "/dev/xvda"
+      no_device   = 0
+      ebs = {
+        delete_on_termination = true
+        encrypted             = false
+        volume_size           = 30
+        volume_type           = "gp2"
+      }
+    }
+  ]
+  network_interfaces = [
+    {
+      delete_on_termination = true
+      description           = "eth0"
+      device_index          = 0
+      security_groups       = [var.security_groups]
+    }
+  ]
+  tag_specifications = [
+    {
+      resource_type = "instance"
+      tags          = var.tags
+    },
+    {
+      resource_type = "volume"
+      tags          = var.tags
+    }
+  ]
+  target_group_arns = var.target_group_arns
+  tags              = var.tags
+}

asg/variables.tf

@@ -0,0 +1,52 @@
+variable "name" {
+  type = string
+}
+variable "min_size" {
+  type = number
+}
+variable "max_size" {
+  type = number
+}
+variable "vpc_zone_identifier" {
+  type = list(any)
+}
+variable "launch_template_name" {
+  type = string
+}
+variable "image_id" {
+  type = string
+}
+variable "instance_type" {
+  type = string
+}
+variable "create_iam_instance_profile" {
+  type = bool
+}
+variable "iam_instance_profile_arn" {
+  type = string
+}
+variable "iam_role_name" {
+  type = string
+}
+variable "docker_compose_config" {
+  type = any
+}
+variable "path_docker_compose_files" {
+  type = string
+}
+variable "user" {
+  type = string
+}
+variable "security_groups" {
+  type = string
+}
+variable "tags" {
+  type = any
+}
+variable "target_group_arns" {
+  type = list(any)
+}
+variable "docker_compose_file_postfix" {
+  type    = string
+  default = ""
+}

locals.tf

@@ -3,4 +3,6 @@ locals {
   subnets      = cidrsubnets(var.vpc_cidr, 8, 8, 8, 8, 8, 8, 8, 8)
   default_tags = {}
   final_tags   = merge(var.tags, local.default_tags)
+  vpc_id_rule  = var.existed_vpc_id != "" ? var.existed_vpc_id : module.vpc[0].vpc_id
+  subnets_rule = var.existed_vpc_id != "" ? var.existed_public_subnets_ids : module.vpc[0].public_subnets
 }