diff --git a/README.md b/README.md
index e67f8e1..4180c2f 100644
--- a/README.md
+++ b/README.md
@@ -77,7 +77,8 @@ module "vpc" {
| Name | Description | Type | Default | Required |
|------|-------------|------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------:|
-| [blockscout\_settings](#input\_blockscout\_settings) | Settings of blockscout app | object({
postgres_password = string
postgres_user = string
postgres_host = string
blockscout_docker_image = string
rpc_address = string
chain_id = string
rust_verification_service_url = string
ws_address = string
}) | {
"blockscout_docker_image": "blockscout/blockscout-polygon-supernets:5.1.0-prerelease-26e4d6e4",
"chain_id": "93201",
"postgres_host": "postgres",
"postgres_password": "postgres",
"postgres_user": "postgres",
"rpc_address": "https://rpc-supertestnet.polygon.technology",
"rust_verification_service_url": "https://sc-verifier.aws-k8s.blockscout.com/",
"ws_address": ""
} | no |
+| [blockscout\_settings](#input\_blockscout\_settings) | Settings of blockscout app | object({
postgres_password = optional(string, "postgres")
postgres_user = optional(string, "postgres")
postgres_host = optional(string, "postgres")
blockscout_docker_image = optional(string, "blockscout/blockscout-polygon-supernets:5.1.0-prerelease-26e4d6e4")
rpc_address = optional(string, "https://rpc-supertestnet.polygon.technology")
chain_id = optional(string, "93201")
rust_verification_service_url = optional(string, "https://sc-verifier.aws-k8s.blockscout.com/")
ws_address = optional(string, "")
visualize_sol2uml_service_url = optional(string, "")
}) | `{}` | no |
+| [verifier\_settings](#input\_verifier\_settings) | Settings of verifier | object({
docker_image = optional(string, "ghcr.io/blockscout/smart-contract-verifier:main")
solidity_fetcher_list_url = optional(string, "https://solc-bin.ethereum.org/linux-amd64/list.json")
solidity_refresh_versions_schedule = optional(string, "0 0 * * * * *")
vyper_fetcher_list_url = optional(string, "https://raw.githubusercontent.com/blockscout/solc-bin/main/vyper.list.json")
vyper_refresh_versions_schedule = optional(string, "0 0 * * * * *")
sourcify_api_url = optional(string, "https://sourcify.dev/server/")
}) | `{}` | no |
| [create\_iam\_instance\_profile\_ssm\_policy](#input\_create\_iam\_instance\_profile\_ssm\_policy) | Determines whether an IAM instance profile with SSM policy is created or to use an existing IAM instance profile | `string` | `false` | no |
| [deploy\_ec2\_instance\_db](#input\_deploy\_ec2\_instance\_db) | Create ec2 instance with postgresql db in docker | `bool` | `true` | no |
| [deploy\_rds\_db](#input\_deploy\_rds\_db) | Enabled deploy rds | `bool` | `false` | no |
@@ -102,10 +103,18 @@ module "vpc" {
| [tags](#input\_tags) | Add custom tags for all resources managed by this script | `map(string)` | `{}` | no |
| [ui\_and\_api\_instance\_type](#input\_ui\_and\_api\_instance\_type) | AWS instance type | `string` | `"t2.medium"` | no |
| [user](#input\_user) | What user to service run as | `string` | `"root"` | no |
+| [verifier\_enabled](#input\_verifier\_enabled) | Verifier deploy | `bool` | `true` | no |
+| [verifier\_instance\_type](#input\_verifier\_instance\_type) | AWS instance type | `string` | `"t2.medium"` | no |
+| [verifier\_replicas](#input\_verifier\_replicas) | Number of verifier replicas | `number` | `2` | no |
+| [visualizer\_enabled](#input\_visualizer\_enabled) | Visualizer deploy | `bool` | `true` | no |
+| [visualizer\_replicas](#input\_visualizer\_replicas) | Number of visualizer replicas | `number` | `2` | no |
| [vpc\_cidr](#input\_vpc\_cidr) | VPC cidr | `string` | `"10.105.0.0/16"` | no |
| [vpc\_name](#input\_vpc\_name) | VPC name | `string` | `""` | no |
| [vpc\_private\_subnet\_cidrs](#input\_vpc\_private\_subnet\_cidrs) | Not required! You can set custom private subnets | `list(string)` | `null` | no |
| [vpc\_public\_subnet\_cidrs](#input\_vpc\_public\_subnet\_cidrs) | Not required! You can set custom public subnets | `list(string)` | `null` | no |
+| [visualizer\_docker\_image](#input\_visualizer\_docker\_image) | Docker image of visualizer | `string` | `"ghcr.io/blockscout/visualizer:latest"` | no |
+
+
## Outputs
diff --git a/alb/main.tf b/alb/main.tf
new file mode 100644
index 0000000..9efc691
--- /dev/null
+++ b/alb/main.tf
@@ -0,0 +1,55 @@
+module "alb" {
+ source = "terraform-aws-modules/alb/aws"
+ version = "8.2.1"
+ name = var.name
+ internal = var.internal
+ load_balancer_type = "application"
+ vpc_id = var.vpc_id
+ subnets = var.subnets
+ security_groups = [var.security_groups]
+ target_groups = [
+ {
+ name_prefix = var.name_prefix
+ backend_protocol = "HTTP"
+ backend_port = var.backend_port
+ target_type = "instance"
+ health_check = {
+ enabled = true
+ interval = 30
+ path = var.health_check_path
+ port = "traffic-port"
+ healthy_threshold = 3
+ unhealthy_threshold = 3
+ timeout = 6
+ protocol = "HTTP"
+ matcher = "200-399"
+ }
+ }
+ ]
+ http_tcp_listeners = var.ssl_certificate_arn != "" ? [
+ {
+ port = 80
+ protocol = "HTTP"
+ action_type = "redirect"
+ redirect = {
+ port = "443"
+ protocol = "HTTPS"
+ status_code = "HTTP_301"
+ }
+ }] : [
+ {
+ port = 80
+ protocol = "HTTP"
+ action_type = "forward"
+ redirect = {}
+ }]
+ https_listeners = var.ssl_certificate_arn != "" ? [
+ {
+ port = 443
+ protocol = "HTTPS"
+ target_group_index = 0
+ certificate_arn = var.ssl_certificate_arn
+ }
+ ] : []
+ tags = var.tags
+}
\ No newline at end of file
diff --git a/alb/output.tf b/alb/output.tf
new file mode 100644
index 0000000..4d101ca
--- /dev/null
+++ b/alb/output.tf
@@ -0,0 +1,7 @@
+output "target_group_arns" {
+ value = module.alb.target_group_arns
+}
+
+output "lb_dns_name" {
+ value = module.alb.lb_dns_name
+}
\ No newline at end of file
diff --git a/alb/variables.tf b/alb/variables.tf
new file mode 100644
index 0000000..98a858e
--- /dev/null
+++ b/alb/variables.tf
@@ -0,0 +1,31 @@
+variable "name" {
+ type = string
+}
+variable "internal" {
+ type = bool
+}
+variable "vpc_id" {
+ type = string
+}
+variable "subnets" {
+ type = list(any)
+}
+variable "security_groups" {
+ type = string
+}
+variable "name_prefix" {
+ type = string
+}
+variable "backend_port" {
+ type = string
+}
+variable "health_check_path" {
+ type = string
+}
+variable "tags" {
+ type = any
+}
+variable "ssl_certificate_arn" {
+ type = string
+ default = ""
+}
\ No newline at end of file
diff --git a/asg/main.tf b/asg/main.tf
new file mode 100644
index 0000000..78ec14e
--- /dev/null
+++ b/asg/main.tf
@@ -0,0 +1,78 @@
+module "ec2_asg" {
+ source = "terraform-aws-modules/autoscaling/aws"
+ version = "v6.7.1"
+ name = var.name
+ min_size = var.min_size
+ max_size = var.max_size
+ wait_for_capacity_timeout = 0
+ health_check_type = "EC2"
+ vpc_zone_identifier = var.vpc_zone_identifier
+ instance_refresh = {
+ strategy = "Rolling"
+ preferences = {
+ min_healthy_percentage = 100
+ }
+ triggers = ["tag"]
+ }
+ launch_template_name = var.launch_template_name
+ launch_template_description = "Launch template"
+ update_default_version = true
+ image_id = var.image_id
+ instance_type = var.instance_type
+ ebs_optimized = false
+ enable_monitoring = false
+ create_iam_instance_profile = var.create_iam_instance_profile
+ iam_instance_profile_arn = var.iam_instance_profile_arn
+ iam_role_name = var.iam_role_name
+ iam_role_path = "/"
+ iam_role_description = "IAM role"
+ iam_role_tags = {
+ CustomIamRole = "Yes"
+ }
+ iam_role_policies = {
+ AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+ }
+ user_data = base64encode(templatefile(
+ "${path.module}/../templates/init_script.tftpl",
+ {
+ docker_compose_str = templatefile(
+ "${path.module}/../templates/docker_compose${var.docker_compose_file_postfix}.tftpl",
+ var.docker_compose_config
+ )
+ path_docker_compose_files = var.path_docker_compose_files
+ user = var.user
+ }
+ ))
+ block_device_mappings = [
+ {
+ device_name = "/dev/xvda"
+ no_device = 0
+ ebs = {
+ delete_on_termination = true
+ encrypted = false
+ volume_size = 30
+ volume_type = "gp2"
+ }
+ }
+ ]
+ network_interfaces = [
+ {
+ delete_on_termination = true
+ description = "eth0"
+ device_index = 0
+ security_groups = [var.security_groups]
+ }
+ ]
+ tag_specifications = [
+ {
+ resource_type = "instance"
+ tags = var.tags
+ },
+ {
+ resource_type = "volume"
+ tags = var.tags
+ }
+ ]
+ target_group_arns = var.target_group_arns
+ tags = var.tags
+}
\ No newline at end of file
diff --git a/asg/variables.tf b/asg/variables.tf
new file mode 100644
index 0000000..41d1ec9
--- /dev/null
+++ b/asg/variables.tf
@@ -0,0 +1,52 @@
+variable "name" {
+ type = string
+}
+variable "min_size" {
+ type = number
+}
+variable "max_size" {
+ type = number
+}
+variable "vpc_zone_identifier" {
+ type = list(any)
+}
+variable "launch_template_name" {
+ type = string
+}
+variable "image_id" {
+ type = string
+}
+variable "instance_type" {
+ type = string
+}
+variable "create_iam_instance_profile" {
+ type = bool
+}
+variable "iam_instance_profile_arn" {
+ type = string
+}
+variable "iam_role_name" {
+ type = string
+}
+variable "docker_compose_config" {
+ type = any
+}
+variable "path_docker_compose_files" {
+ type = string
+}
+variable "user" {
+ type = string
+}
+variable "security_groups" {
+ type = string
+}
+variable "tags" {
+ type = any
+}
+variable "target_group_arns" {
+ type = list(any)
+}
+variable "docker_compose_file_postfix" {
+ type = string
+ default = ""
+}
\ No newline at end of file
diff --git a/locals.tf b/locals.tf
index 924ca36..692cd0e 100644
--- a/locals.tf
+++ b/locals.tf
@@ -3,4 +3,6 @@ locals {
subnets = cidrsubnets(var.vpc_cidr, 8, 8, 8, 8, 8, 8, 8, 8)
default_tags = {}
final_tags = merge(var.tags, local.default_tags)
+ vpc_id_rule = var.existed_vpc_id != "" ? var.existed_vpc_id : module.vpc[0].vpc_id
+ subnets_rule = var.existed_vpc_id != "" ? var.existed_public_subnets_ids : module.vpc[0].public_subnets
}
\ No newline at end of file
diff --git a/main.tf b/main.tf
index 3f8c26a..3ac0f6d 100644
--- a/main.tf
+++ b/main.tf
@@ -1,3 +1,8 @@
+resource "random_string" "secret_key_base" {
+ length = 64
+ special = false
+}
+
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "3.18.1"
@@ -34,6 +39,56 @@ module "lb-sg" {
tags = local.final_tags
}
+module "lb-microservices-sg" {
+ source = "terraform-aws-modules/security-group/aws"
+ version = "4.16.0"
+ name = "${var.vpc_name}-lb-sg"
+ description = "SG for LB"
+ vpc_id = var.existed_vpc_id == "" ? module.vpc[0].vpc_id : var.existed_vpc_id
+ ingress_cidr_blocks = [var.existed_vpc_id == "" ? var.vpc_cidr : data.aws_vpc.selected[0].cidr_block]
+ ingress_rules = ["http-80-tcp"]
+ egress_with_cidr_blocks = [
+ {
+ from_port = 8050
+ to_port = 8050
+ protocol = "tcp"
+ description = "Microservices port"
+ cidr_blocks = var.existed_vpc_id == "" ? var.vpc_cidr : data.aws_vpc.selected[0].cidr_block
+ }
+ ]
+ tags = local.final_tags
+}
+
+module "microservices-sg" {
+ source = "terraform-aws-modules/security-group/aws"
+ version = "4.16.0"
+ name = "${var.vpc_name}-application-sg"
+ description = "SG for instances of verifier"
+ vpc_id = var.existed_vpc_id == "" ? module.vpc[0].vpc_id : var.existed_vpc_id
+ egress_cidr_blocks = ["0.0.0.0/0"] # internet access
+ egress_rules = ["all-all"] # internet access
+ ingress_with_cidr_blocks = [
+ {
+ from_port = 8050
+ to_port = 8050
+ protocol = "tcp"
+ description = "Microservices port"
+ cidr_blocks = var.existed_vpc_id == "" ? var.vpc_cidr : data.aws_vpc.selected[0].cidr_block
+ self = true
+ }
+ ]
+ ingress_with_source_security_group_id = [
+ {
+ from_port = 8050
+ to_port = 8050
+ protocol = "tcp"
+ description = "Microservices port"
+ source_security_group_id = module.lb-microservices-sg.security_group_id
+ }
+ ]
+ tags = local.final_tags
+}
+
module "application-sg" {
source = "terraform-aws-modules/security-group/aws"
version = "4.16.0"
@@ -156,224 +211,176 @@ module "ec2_database" {
}
module "ec2_asg_indexer" {
- source = "terraform-aws-modules/autoscaling/aws"
- version = "v6.7.1"
- name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-asg-indexer-instance"
- min_size = 1
- max_size = 1
- wait_for_capacity_timeout = 0
- health_check_type = "EC2"
- vpc_zone_identifier = var.existed_vpc_id != "" ? slice(var.existed_private_subnets_ids, 0, 1) : slice(module.vpc[0].private_subnets, 0, 1)
- instance_refresh = {
- strategy = "Rolling"
- preferences = {
- min_healthy_percentage = 100
- }
- triggers = ["tag"]
- }
- launch_template_name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-indexer-launch-template"
- launch_template_description = "Launch template indexer"
- update_default_version = true
+ source = "./asg"
+ ## ASG settings
+ name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-asg-indexer-instance"
+ min_size = 1
+ max_size = 1
+ vpc_zone_identifier = var.existed_vpc_id != "" ? slice(var.existed_private_subnets_ids, 0, 1) : slice(module.vpc[0].private_subnets, 0, 1)
+ launch_template_name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-indexer-launch-template"
+ target_group_arns = []
+ ## Instance settings
image_id = data.aws_ami.ubuntu.id
instance_type = var.ui_and_api_instance_type
- ebs_optimized = false
- enable_monitoring = false
create_iam_instance_profile = var.create_iam_instance_profile_ssm_policy
iam_instance_profile_arn = var.iam_instance_profile_arn
- iam_role_name = "role-${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-indexer"
- iam_role_path = "/"
- iam_role_description = "IAM role for indexer instance"
- iam_role_tags = {
- CustomIamRole = "Yes"
- }
- iam_role_policies = {
- AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+ iam_role_name = "role-${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-api-and-ui"
+ ## Init settings
+ path_docker_compose_files = var.path_docker_compose_files
+ user = var.user
+ security_groups = module.application-sg.security_group_id
+ docker_compose_config = {
+ postgres_password = var.deploy_rds_db ? module.rds[0].db_instance_password : var.blockscout_settings["postgres_password"]
+ postgres_user = var.deploy_rds_db ? module.rds[0].db_instance_username : var.blockscout_settings["postgres_user"]
+ blockscout_docker_image = var.blockscout_settings["blockscout_docker_image"]
+ rpc_address = var.blockscout_settings["rpc_address"]
+ ws_address = var.blockscout_settings["ws_address"]
+ postgres_host = var.deploy_rds_db ? module.rds[0].db_instance_address : module.ec2_database[0].private_dns
+ chain_id = var.blockscout_settings["chain_id"]
+ rust_verification_service_url = var.blockscout_settings["rust_verification_service_url"]
+ secret_key_base = random_string.secret_key_base.result
+ visualizer_enabled = false
+ visualize_sol2uml_service_url = var.visualizer_enabled ? module.alb-visualizer[0].lb_dns_name : var.blockscout_settings["visualize_sol2uml_service_url"]
+ indexer = true
+ api_and_ui = false
}
- user_data = base64encode(templatefile(
- "${path.module}/templates/init_script.tftpl",
- {
- docker_compose_str = templatefile(
- "${path.module}/templates/docker_compose.tftpl",
- {
- postgres_password = var.deploy_rds_db ? module.rds[0].db_instance_password : var.blockscout_settings["postgres_password"]
- postgres_user = var.deploy_rds_db ? module.rds[0].db_instance_username : var.blockscout_settings["postgres_user"]
- blockscout_docker_image = var.blockscout_settings["blockscout_docker_image"]
- rpc_address = var.blockscout_settings["rpc_address"]
- ws_address = var.blockscout_settings["ws_address"]
- postgres_host = var.deploy_rds_db ? module.rds[0].db_instance_address : module.ec2_database[0].private_dns
- chain_id = var.blockscout_settings["chain_id"]
- rust_verification_service_url = var.blockscout_settings["rust_verification_service_url"]
- indexer = true
- api_and_ui = false
- }
- )
- path_docker_compose_files = var.path_docker_compose_files
- user = var.user
- }
- ))
- block_device_mappings = [
- {
- device_name = "/dev/xvda"
- no_device = 0
- ebs = {
- delete_on_termination = true
- encrypted = false
- volume_size = 30
- volume_type = "gp2"
- }
- }
- ]
- network_interfaces = [
- {
- delete_on_termination = true
- description = "eth0"
- device_index = 0
- security_groups = [module.application-sg.security_group_id]
- }
- ]
- tag_specifications = [
- {
- resource_type = "instance"
- tags = local.final_tags
- },
- {
- resource_type = "volume"
- tags = local.final_tags
- }
- ]
tags = local.final_tags
}
module "ec2_asg_api-and-ui" {
- source = "terraform-aws-modules/autoscaling/aws"
- version = "v6.7.1"
- name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-asg-api-and-ui-instances"
- min_size = length(var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets)
- max_size = length(var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets)
- wait_for_capacity_timeout = 0
- health_check_type = "EC2"
- vpc_zone_identifier = var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets
- instance_refresh = {
- strategy = "Rolling"
- preferences = {
- min_healthy_percentage = 100
- }
- triggers = ["tag"]
- }
- launch_template_name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-api-and-ui-launch-template"
- launch_template_description = "Launch template api-and-ui"
- update_default_version = true
+ source = "./asg"
+ ## ASG settings
+ name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-asg-api-and-ui-instances"
+ min_size = length(var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets)
+ max_size = length(var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets)
+ vpc_zone_identifier = var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets
+ launch_template_name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-api-and-ui-launch-template"
+ target_group_arns = module.alb.target_group_arns
+ ## Instance settings
image_id = data.aws_ami.ubuntu.id
instance_type = var.ui_and_api_instance_type
- ebs_optimized = false
- enable_monitoring = false
create_iam_instance_profile = var.create_iam_instance_profile_ssm_policy
iam_instance_profile_arn = var.iam_instance_profile_arn
iam_role_name = "role-${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-api-and-ui"
- iam_role_path = "/"
- iam_role_description = "IAM role for api-and-ui-instances"
- iam_role_tags = {
- CustomIamRole = "Yes"
+ ## Init settings
+ path_docker_compose_files = var.path_docker_compose_files
+ user = var.user
+ security_groups = module.application-sg.security_group_id
+ docker_compose_config = {
+ postgres_password = var.deploy_rds_db ? module.rds[0].db_instance_password : var.blockscout_settings["postgres_password"]
+ postgres_user = var.deploy_rds_db ? module.rds[0].db_instance_username : var.blockscout_settings["postgres_user"]
+ blockscout_docker_image = var.blockscout_settings["blockscout_docker_image"]
+ rpc_address = var.blockscout_settings["rpc_address"]
+ ws_address = var.blockscout_settings["ws_address"]
+ postgres_host = var.deploy_rds_db ? module.rds[0].db_instance_address : module.ec2_database[0].private_dns
+ chain_id = var.blockscout_settings["chain_id"]
+ rust_verification_service_url = var.verifier_enabled ? module.alb-verifier[0].lb_dns_name : var.blockscout_settings["rust_verification_service_url"]
+ secret_key_base = random_string.secret_key_base.result
+ visualizer_enabled = var.visualizer_enabled
+ visualize_sol2uml_service_url = var.visualizer_enabled ? module.alb-visualizer[0].lb_dns_name : var.blockscout_settings["visualize_sol2uml_service_url"]
+ indexer = false
+ api_and_ui = true
}
- iam_role_policies = {
- AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+ tags = local.final_tags
+}
+
+module "ec2_asg_verifier" {
+ count = var.verifier_enabled ? 1 : 0
+ source = "./asg"
+ ## ASG settings
+ name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-asg-verifier-instance"
+ min_size = var.verifier_replicas
+ max_size = var.verifier_replicas
+ vpc_zone_identifier = var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets
+ launch_template_name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-verifier-launch-template"
+ target_group_arns = module.alb-verifier[0].target_group_arns
+ ## Instance settings
+ image_id = data.aws_ami.ubuntu.id
+ instance_type = var.verifier_instance_type
+ create_iam_instance_profile = var.create_iam_instance_profile_ssm_policy
+ iam_instance_profile_arn = var.iam_instance_profile_arn
+ iam_role_name = "role-${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-verifier"
+ ## Init settings
+ docker_compose_file_postfix = "_verifier"
+ path_docker_compose_files = var.path_docker_compose_files
+ user = var.user
+ security_groups = module.microservices-sg.security_group_id
+ docker_compose_config = {
+ docker_image = var.verifier_settings["docker_image"]
+ solidity_fetcher_list_url = var.verifier_settings["solidity_fetcher_list_url"]
+ solidity_refresh_versions_schedule = var.verifier_settings["solidity_refresh_versions_schedule"]
+ vyper_refresh_versions_schedule = var.verifier_settings["vyper_refresh_versions_schedule"]
+ vyper_fetcher_list_url = var.verifier_settings["vyper_fetcher_list_url"]
+ sourcify_api_url = var.verifier_settings["sourcify_api_url"]
}
- user_data = base64encode(templatefile(
- "${path.module}/templates/init_script.tftpl",
- {
- docker_compose_str = templatefile(
- "${path.module}/templates/docker_compose.tftpl",
- {
- postgres_password = var.deploy_rds_db ? module.rds[0].db_instance_password : var.blockscout_settings["postgres_password"]
- postgres_user = var.deploy_rds_db ? module.rds[0].db_instance_username : var.blockscout_settings["postgres_user"]
- blockscout_docker_image = var.blockscout_settings["blockscout_docker_image"]
- rpc_address = var.blockscout_settings["rpc_address"]
- ws_address = var.blockscout_settings["ws_address"]
- postgres_host = var.deploy_rds_db ? module.rds[0].db_instance_address : module.ec2_database[0].private_dns
- chain_id = var.blockscout_settings["chain_id"]
- rust_verification_service_url = var.blockscout_settings["rust_verification_service_url"]
- indexer = false
- api_and_ui = true
- }
- )
- path_docker_compose_files = var.path_docker_compose_files
- user = var.user
- }
- ))
- block_device_mappings = [
- {
- device_name = "/dev/xvda"
- no_device = 0
- ebs = {
- delete_on_termination = true
- encrypted = false
- volume_size = 30
- volume_type = "gp2"
- }
- }
- ]
- network_interfaces = [
- {
- delete_on_termination = true
- description = "eth0"
- device_index = 0
- security_groups = [module.application-sg.security_group_id]
- }
- ]
- tag_specifications = [
- {
- resource_type = "instance"
- tags = local.final_tags
- },
- {
- resource_type = "volume"
- tags = local.final_tags
- }
- ]
- target_group_arns = module.alb.target_group_arns
- tags = local.final_tags
+ tags = local.final_tags
}
-module "alb" {
- source = "terraform-aws-modules/alb/aws"
- version = "8.2.1"
- name = "supernet-test"
- load_balancer_type = "application"
- vpc_id = var.existed_vpc_id != "" ? var.existed_vpc_id : module.vpc[0].vpc_id
- subnets = var.existed_vpc_id != "" ? var.existed_public_subnets_ids : module.vpc[0].public_subnets
- security_groups = [module.lb-sg.security_group_id]
- target_groups = [
- {
- name_prefix = "apiui-"
- backend_protocol = "HTTP"
- backend_port = 4000
- target_type = "instance"
- }
- ]
- http_tcp_listeners = var.ssl_certificate_arn != "" ? [
- {
- port = 80
- protocol = "HTTP"
- action_type = "redirect"
- redirect = {
- port = "443"
- protocol = "HTTPS"
- status_code = "HTTP_301"
- }
- }] : [
- {
- port = 80
- protocol = "HTTP"
- action_type = "forward"
- redirect = {}
- }]
- https_listeners = var.ssl_certificate_arn != "" ? [
- {
- port = 443
- protocol = "HTTPS"
- target_group_index = 0
- certificate_arn = var.ssl_certificate_arn
- }
- ] : []
+module "ec2_asg_visualizer" {
+ count = var.visualizer_enabled ? 1 : 0
+ source = "./asg"
+ ## ASG settings
+ name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-asg-visualizer-instance"
+ min_size = var.visualizer_replicas
+ max_size = var.visualizer_replicas
+ vpc_zone_identifier = var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets
+ launch_template_name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-verifier-launch-template"
+ target_group_arns = module.alb-visualizer[0].target_group_arns
+ ## Instance settings
+ image_id = data.aws_ami.ubuntu.id
+ instance_type = var.verifier_instance_type
+ create_iam_instance_profile = var.create_iam_instance_profile_ssm_policy
+ iam_instance_profile_arn = var.iam_instance_profile_arn
+ iam_role_name = "role-${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-verifier"
+ ## Init settings
+ docker_compose_file_postfix = "_visualizer"
+ path_docker_compose_files = var.path_docker_compose_files
+ user = var.user
+ security_groups = module.microservices-sg.security_group_id
+ docker_compose_config = {
+ docker_image = var.visualizer_docker_image
+ }
tags = local.final_tags
+}
+
+module "alb" {
+ source = "./alb"
+ name = "supernet"
+ internal = false
+ vpc_id = local.vpc_id_rule
+ subnets = local.subnets_rule
+ backend_port = 4000
+ health_check_path = "/"
+ name_prefix = "apiui-"
+ security_groups = module.lb-sg.security_group_id
+ ssl_certificate_arn = var.ssl_certificate_arn
+ tags = local.final_tags
+}
+
+module "alb-verifier" {
+ count = var.verifier_enabled ? 1 : 0
+ source = "./alb"
+ name = "verifier"
+ internal = true
+ vpc_id = local.vpc_id_rule
+ subnets = local.subnets_rule
+ backend_port = 8050
+ health_check_path = "/api/v2/verifier/solidity/versions"
+ name_prefix = "verif-"
+ security_groups = module.lb-microservices-sg.security_group_id
+ tags = local.final_tags
+}
+
+module "alb-visualizer" {
+ count = var.visualizer_enabled ? 1 : 0
+ source = "./alb"
+ name = "visualizer"
+ internal = true
+ vpc_id = local.vpc_id_rule
+ subnets = local.subnets_rule
+ backend_port = 8050
+ health_check_path = "/health"
+ name_prefix = "viz-"
+ security_groups = module.lb-microservices-sg.security_group_id
+ tags = local.final_tags
}
\ No newline at end of file
diff --git a/templates/docker_compose.tftpl b/templates/docker_compose.tftpl
index 987824b..09f8fc5 100644
--- a/templates/docker_compose.tftpl
+++ b/templates/docker_compose.tftpl
@@ -18,6 +18,11 @@ services:
%{ endif ~}
%{ if api_and_ui ~}
DISABLE_INDEXER: "true"
+ SECRET_KEY_BASE: '${secret_key_base}'
+%{ if visualizer_enabled ~}
+ VISUALIZE_SOL2UML_ENABLED: "true"
+ VISUALIZE_SOL2UML_SERVICE_URL: '${visualize_sol2uml_service_url}'
+%{ endif ~}
%{ endif ~}
%{ if indexer ~}
DISABLE_WEBAPP: "true"
diff --git a/templates/docker_compose_verifier.tftpl b/templates/docker_compose_verifier.tftpl
new file mode 100644
index 0000000..379613b
--- /dev/null
+++ b/templates/docker_compose_verifier.tftpl
@@ -0,0 +1,30 @@
+version: '3.8'
+services:
+ smart-contract-verifier:
+ container_name: 'smart-contract-verifier'
+ image: ${docker_image}
+ restart: always
+ environment:
+ SMART_CONTRACT_VERIFIER__SERVER__HTTP__ENABLED: "true"
+ SMART_CONTRACT_VERIFIER__SERVER__HTTP__ADDR: "0.0.0.0:8050"
+ SMART_CONTRACT_VERIFIER__SERVER__HTTP__MAX_BODY_SIZE: "2097152"
+ SMART_CONTRACT_VERIFIER__SERVER__GRPC__ENABLED: "false"
+ SMART_CONTRACT_VERIFIER__SERVER__GRPC__ADDR: "0.0.0.0:8051"
+ SMART_CONTRACT_VERIFIER__SOLIDITY__ENABLED: "true"
+ SMART_CONTRACT_VERIFIER__SOLIDITY__COMPILERS_DIR: "/tmp/solidity-compilers"
+ SMART_CONTRACT_VERIFIER__SOLIDITY__REFRESH_VERSIONS_SCHEDULE: '${solidity_refresh_versions_schedule}'
+ SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__LIST__LIST_URL: '${solidity_fetcher_list_url}'
+ SMART_CONTRACT_VERIFIER__VYPER__ENABLED: "true"
+ SMART_CONTRACT_VERIFIER__VYPER__COMPILERS_DIR: "/tmp/vyper-compilers"
+ SMART_CONTRACT_VERIFIER__VYPER__REFRESH_VERSIONS_SCHEDULE: "0 0 * * * * *"
+ SMART_CONTRACT_VERIFIER__VYPER__FETCHER__LIST__LIST_URL: '${vyper_fetcher_list_url}'
+ SMART_CONTRACT_VERIFIER__SOURCIFY__ENABLED: "true"
+ SMART_CONTRACT_VERIFIER__SOURCIFY__API_URL: '${sourcify_api_url}'
+ SMART_CONTRACT_VERIFIER__SOURCIFY__VERIFICATION_ATTEMPTS: "3"
+ SMART_CONTRACT_VERIFIER__SOURCIFY__REQUEST_TIMEOUT: "10"
+ SMART_CONTRACT_VERIFIER__METRICS__ENABLED: "false"
+ SMART_CONTRACT_VERIFIER__JAEGER__ENABLED: "false"
+ ports:
+ - 8050:8050
+ volumes:
+ - ./logs/:/app/logs/
\ No newline at end of file
diff --git a/templates/docker_compose_visualizer.tftpl b/templates/docker_compose_visualizer.tftpl
new file mode 100644
index 0000000..09a9045
--- /dev/null
+++ b/templates/docker_compose_visualizer.tftpl
@@ -0,0 +1,12 @@
+version: '3.8'
+services:
+ visualizer:
+ container_name: 'visualizer'
+ image: ${docker_image}
+ restart: always
+ environment:
+ VISUALIZER__SERVER__GRPC__ENABLED: "false"
+ ports:
+ - 8050:8050
+ volumes:
+ - ./logs/:/app/logs/
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 7da7644..cc8cd01 100644
--- a/variables.tf
+++ b/variables.tf
@@ -85,25 +85,17 @@ variable "enabled_dns_hostnames" {
variable "blockscout_settings" {
description = "Settings of blockscout app"
type = object({
- postgres_password = string
- postgres_user = string
- postgres_host = string
- blockscout_docker_image = string
- rpc_address = string
- chain_id = string
- rust_verification_service_url = string
- ws_address = string
+ postgres_password = optional(string, "postgres")
+ postgres_user = optional(string, "postgres")
+ postgres_host = optional(string, "postgres")
+ blockscout_docker_image = optional(string, "blockscout/blockscout-polygon-supernets:5.1.0-prerelease-26e4d6e4")
+ rpc_address = optional(string, "https://rpc-supertestnet.polygon.technology")
+ chain_id = optional(string, "93201")
+ rust_verification_service_url = optional(string, "https://sc-verifier.aws-k8s.blockscout.com/")
+ ws_address = optional(string, "")
+ visualize_sol2uml_service_url = optional(string, "")
})
- default = {
- blockscout_docker_image = "blockscout/blockscout-polygon-supernets:5.1.0-prerelease-26e4d6e4"
- postgres_host = "postgres"
- postgres_password = "postgres"
- postgres_user = "postgres"
- rpc_address = "https://rpc-supertestnet.polygon.technology"
- chain_id = "93201"
- rust_verification_service_url = "https://sc-verifier.aws-k8s.blockscout.com/"
- ws_address = ""
- }
+ default = {}
}
variable "tags" {
@@ -154,6 +146,12 @@ variable "ui_and_api_instance_type" {
default = "t2.medium"
}
+variable "verifier_instance_type" {
+ description = "AWS instance type"
+ type = string
+ default = "t2.medium"
+}
+
variable "rds_instance_type" {
description = "AWS RDS instance type"
type = string
@@ -189,3 +187,46 @@ variable "create_iam_instance_profile_ssm_policy" {
type = string
default = false
}
+
+variable "verifier_settings" {
+ description = "Settings of verifier"
+ type = object({
+ docker_image = optional(string, "ghcr.io/blockscout/smart-contract-verifier:main")
+ solidity_fetcher_list_url = optional(string, "https://solc-bin.ethereum.org/linux-amd64/list.json")
+ solidity_refresh_versions_schedule = optional(string, "0 0 * * * * *")
+ vyper_fetcher_list_url = optional(string, "https://raw.githubusercontent.com/blockscout/solc-bin/main/vyper.list.json")
+ vyper_refresh_versions_schedule = optional(string, "0 0 * * * * *")
+ sourcify_api_url = optional(string, "https://sourcify.dev/server/")
+ })
+ default = {}
+}
+
+variable "verifier_enabled" {
+ description = "Verifier deploy"
+ type = bool
+ default = true
+}
+
+variable "verifier_replicas" {
+ description = "Number of verifier replicas"
+ type = number
+ default = 2
+}
+
+variable "visualizer_enabled" {
+ description = "Visualizer deploy"
+ type = bool
+ default = true
+}
+
+variable "visualizer_replicas" {
+ description = "Number of visualizer replicas"
+ type = number
+ default = 2
+}
+
+variable "visualizer_docker_image" {
+ description = "Docker image of visualizer"
+ type = string
+ default = "ghcr.io/blockscout/visualizer:latest"
+}
\ No newline at end of file