From 5a177176ddee31b10a3fb17f2135b977ae3522ba Mon Sep 17 00:00:00 2001 From: MicleMaslow Date: Mon, 6 Mar 2023 15:27:52 +0400 Subject: [PATCH 1/5] Add verifier --- main.tf | 169 +++++++++++++++++++++++- templates/docker_compose_verifier.tftpl | 30 +++++ variables.tf | 32 +++++ 3 files changed, 229 insertions(+), 2 deletions(-) create mode 100644 templates/docker_compose_verifier.tftpl diff --git a/main.tf b/main.tf index 3f8c26a..16ff264 100644 --- a/main.tf +++ b/main.tf @@ -34,6 +34,57 @@ module "lb-sg" { tags = local.final_tags } +module "lb-verifier-sg" { + source = "terraform-aws-modules/security-group/aws" + version = "4.16.0" + name = "${var.vpc_name}-lb-sg" + description = "SG for LB" + vpc_id = var.existed_vpc_id == "" ? module.vpc[0].vpc_id : var.existed_vpc_id + ingress_cidr_blocks = [var.existed_vpc_id == "" ? var.vpc_cidr : data.aws_vpc.selected[0].cidr_block] + ingress_rules = ["http-80-tcp"] + egress_with_cidr_blocks = [ + { + from_port = 8050 + to_port = 8050 + protocol = "tcp" + description = "Verifier port" + cidr_blocks = var.existed_vpc_id == "" ? var.vpc_cidr : data.aws_vpc.selected[0].cidr_block + } + ] + tags = local.final_tags +} + +module "verifier-sg" { + count = var.verifier_enabled ? 1 : 0 + source = "terraform-aws-modules/security-group/aws" + version = "4.16.0" + name = "${var.vpc_name}-application-sg" + description = "SG for instances of verifier" + vpc_id = var.existed_vpc_id == "" ? module.vpc[0].vpc_id : var.existed_vpc_id + egress_cidr_blocks = ["0.0.0.0/0"] # internet access + egress_rules = ["all-all"] # internet access + ingress_with_cidr_blocks = [ + { + from_port = 8050 + to_port = 8050 + protocol = "tcp" + description = "Verifier port" + cidr_blocks = var.existed_vpc_id == "" ? var.vpc_cidr : data.aws_vpc.selected[0].cidr_block + self = true + } + ] + ingress_with_source_security_group_id = [ + { + from_port = 8050 + to_port = 8050 + protocol = "tcp" + description = "Verifier port" + source_security_group_id = module.lb-verifier-sg.security_group_id + } + ] + tags = local.final_tags +} + module "application-sg" { source = "terraform-aws-modules/security-group/aws" version = "4.16.0" @@ -244,6 +295,92 @@ module "ec2_asg_indexer" { tags = local.final_tags } +module "ec2_asg_verifier" { + source = "terraform-aws-modules/autoscaling/aws" + version = "v6.7.1" + name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-asg-verifier-instance" + min_size = length(var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets) + max_size = length(var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets) + wait_for_capacity_timeout = 0 + health_check_type = "EC2" + vpc_zone_identifier = var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets + instance_refresh = { + strategy = "Rolling" + preferences = { + min_healthy_percentage = 100 + } + triggers = ["tag"] + } + launch_template_name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-verifier-launch-template" + launch_template_description = "Launch template verifier" + update_default_version = true + image_id = data.aws_ami.ubuntu.id + instance_type = var.verifier_instance_type + ebs_optimized = false + enable_monitoring = false + create_iam_instance_profile = var.create_iam_instance_profile_ssm_policy + iam_instance_profile_arn = var.iam_instance_profile_arn + iam_role_name = "role-${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-verifier" + iam_role_path = "/" + iam_role_description = "IAM role for verifier instance" + iam_role_tags = { + CustomIamRole = "Yes" + } + iam_role_policies = { + AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" + } + user_data = base64encode(templatefile( + "${path.module}/templates/init_script.tftpl", + { + docker_compose_str = templatefile( + "${path.module}/templates/docker_compose_verifier.tftpl", + { + docker_image = var.verifier_settings["docker_image"] + solidity_fetcher_list_url = var.verifier_settings["solidity_fetcher_list_url"] + solidity_refresh_versions_schedule = var.verifier_settings["solidity_refresh_versions_schedule"] + vyper_refresh_versions_schedule = var.verifier_settings["vyper_refresh_versions_schedule"] + vyper_fetcher_list_url = var.verifier_settings["vyper_fetcher_list_url"] + sourcify_api_url = var.verifier_settings["sourcify_api_url"] + } + ) + path_docker_compose_files = var.path_docker_compose_files + user = var.user + } + )) + block_device_mappings = [ + { + device_name = "/dev/xvda" + no_device = 0 + ebs = { + delete_on_termination = true + encrypted = false + volume_size = 30 + volume_type = "gp2" + } + } + ] + network_interfaces = [ + { + delete_on_termination = true + description = "eth0" + device_index = 0 + security_groups = [module.verifier-sg[0].security_group_id] + } + ] + tag_specifications = [ + { + resource_type = "instance" + tags = local.final_tags + }, + { + resource_type = "volume" + tags = local.final_tags + } + ] + target_group_arns = module.alb-verifier.target_group_arns + tags = local.final_tags +} + module "ec2_asg_api-and-ui" { source = "terraform-aws-modules/autoscaling/aws" version = "v6.7.1" @@ -291,7 +428,7 @@ module "ec2_asg_api-and-ui" { ws_address = var.blockscout_settings["ws_address"] postgres_host = var.deploy_rds_db ? module.rds[0].db_instance_address : module.ec2_database[0].private_dns chain_id = var.blockscout_settings["chain_id"] - rust_verification_service_url = var.blockscout_settings["rust_verification_service_url"] + rust_verification_service_url = var.verifier_enabled ? module.alb-verifier.lb_dns_name : var.blockscout_settings["rust_verification_service_url"] indexer = false api_and_ui = true } @@ -337,7 +474,7 @@ module "ec2_asg_api-and-ui" { module "alb" { source = "terraform-aws-modules/alb/aws" version = "8.2.1" - name = "supernet-test" + name = "supernet" load_balancer_type = "application" vpc_id = var.existed_vpc_id != "" ? var.existed_vpc_id : module.vpc[0].vpc_id subnets = var.existed_vpc_id != "" ? var.existed_public_subnets_ids : module.vpc[0].public_subnets @@ -376,4 +513,32 @@ module "alb" { } ] : [] tags = local.final_tags +} + +module "alb-verifier" { + source = "terraform-aws-modules/alb/aws" + version = "8.2.1" + name = "verifier" + internal = true + load_balancer_type = "application" + vpc_id = var.existed_vpc_id != "" ? var.existed_vpc_id : module.vpc[0].vpc_id + subnets = var.existed_vpc_id != "" ? var.existed_public_subnets_ids : module.vpc[0].public_subnets + security_groups = [module.lb-verifier-sg.security_group_id] + target_groups = [ + { + name_prefix = "verif-" + backend_protocol = "HTTP" + backend_port = 8050 + target_type = "instance" + } + ] + http_tcp_listeners = [ + { + port = 80 + protocol = "HTTP" + action_type = "forward" + redirect = {} + } + ] + tags = local.final_tags } \ No newline at end of file diff --git a/templates/docker_compose_verifier.tftpl b/templates/docker_compose_verifier.tftpl new file mode 100644 index 0000000..379613b --- /dev/null +++ b/templates/docker_compose_verifier.tftpl @@ -0,0 +1,30 @@ +version: '3.8' +services: + smart-contract-verifier: + container_name: 'smart-contract-verifier' + image: ${docker_image} + restart: always + environment: + SMART_CONTRACT_VERIFIER__SERVER__HTTP__ENABLED: "true" + SMART_CONTRACT_VERIFIER__SERVER__HTTP__ADDR: "0.0.0.0:8050" + SMART_CONTRACT_VERIFIER__SERVER__HTTP__MAX_BODY_SIZE: "2097152" + SMART_CONTRACT_VERIFIER__SERVER__GRPC__ENABLED: "false" + SMART_CONTRACT_VERIFIER__SERVER__GRPC__ADDR: "0.0.0.0:8051" + SMART_CONTRACT_VERIFIER__SOLIDITY__ENABLED: "true" + SMART_CONTRACT_VERIFIER__SOLIDITY__COMPILERS_DIR: "/tmp/solidity-compilers" + SMART_CONTRACT_VERIFIER__SOLIDITY__REFRESH_VERSIONS_SCHEDULE: '${solidity_refresh_versions_schedule}' + SMART_CONTRACT_VERIFIER__SOLIDITY__FETCHER__LIST__LIST_URL: '${solidity_fetcher_list_url}' + SMART_CONTRACT_VERIFIER__VYPER__ENABLED: "true" + SMART_CONTRACT_VERIFIER__VYPER__COMPILERS_DIR: "/tmp/vyper-compilers" + SMART_CONTRACT_VERIFIER__VYPER__REFRESH_VERSIONS_SCHEDULE: "0 0 * * * * *" + SMART_CONTRACT_VERIFIER__VYPER__FETCHER__LIST__LIST_URL: '${vyper_fetcher_list_url}' + SMART_CONTRACT_VERIFIER__SOURCIFY__ENABLED: "true" + SMART_CONTRACT_VERIFIER__SOURCIFY__API_URL: '${sourcify_api_url}' + SMART_CONTRACT_VERIFIER__SOURCIFY__VERIFICATION_ATTEMPTS: "3" + SMART_CONTRACT_VERIFIER__SOURCIFY__REQUEST_TIMEOUT: "10" + SMART_CONTRACT_VERIFIER__METRICS__ENABLED: "false" + SMART_CONTRACT_VERIFIER__JAEGER__ENABLED: "false" + ports: + - 8050:8050 + volumes: + - ./logs/:/app/logs/ \ No newline at end of file diff --git a/variables.tf b/variables.tf index 7da7644..b6917cb 100644 --- a/variables.tf +++ b/variables.tf @@ -154,6 +154,12 @@ variable "ui_and_api_instance_type" { default = "t2.medium" } +variable "verifier_instance_type" { + description = "AWS instance type" + type = string + default = "t2.medium" +} + variable "rds_instance_type" { description = "AWS RDS instance type" type = string @@ -189,3 +195,29 @@ variable "create_iam_instance_profile_ssm_policy" { type = string default = false } + +variable "verifier_settings" { + description = "Settings of verifier" + type = object({ + docker_image = string + solidity_fetcher_list_url = string + solidity_refresh_versions_schedule = string + vyper_fetcher_list_url = string + vyper_refresh_versions_schedule = string + sourcify_api_url = string + }) + default = { + docker_image = "ghcr.io/blockscout/smart-contract-verifier:main" + solidity_fetcher_list_url = "https://solc-bin.ethereum.org/linux-amd64/list.json" + solidity_refresh_versions_schedule = "0 0 * * * * *" + vyper_refresh_versions_schedule = "0 0 * * * * *" + vyper_fetcher_list_url = "https://raw.githubusercontent.com/blockscout/solc-bin/main/vyper.list.json" + sourcify_api_url = "https://sourcify.dev/server/" + } +} + +variable "verifier_enabled" { + description = "Verifier deploy" + type = bool + default = true +} \ No newline at end of file From 892b24525137be7468d2ddf02a2ce971239d9821 Mon Sep 17 00:00:00 2001 From: MicleMaslow Date: Mon, 6 Mar 2023 16:42:19 +0400 Subject: [PATCH 2/5] Fix defaults --- variables.tf | 48 ++++++++++++++++-------------------------------- 1 file changed, 16 insertions(+), 32 deletions(-) diff --git a/variables.tf b/variables.tf index b6917cb..60006c0 100644 --- a/variables.tf +++ b/variables.tf @@ -85,25 +85,16 @@ variable "enabled_dns_hostnames" { variable "blockscout_settings" { description = "Settings of blockscout app" type = object({ - postgres_password = string - postgres_user = string - postgres_host = string - blockscout_docker_image = string - rpc_address = string - chain_id = string - rust_verification_service_url = string - ws_address = string + postgres_password = optional(string, "postgres") + postgres_user = optional(string, "postgres") + postgres_host = optional(string, "postgres") + blockscout_docker_image = optional(string, "blockscout/blockscout-polygon-supernets:5.1.0-prerelease-26e4d6e4") + rpc_address = optional(string, "https://rpc-supertestnet.polygon.technology") + chain_id = optional(string, "93201") + rust_verification_service_url = optional(string, "https://sc-verifier.aws-k8s.blockscout.com/") + ws_address = optional(string, "") }) - default = { - blockscout_docker_image = "blockscout/blockscout-polygon-supernets:5.1.0-prerelease-26e4d6e4" - postgres_host = "postgres" - postgres_password = "postgres" - postgres_user = "postgres" - rpc_address = "https://rpc-supertestnet.polygon.technology" - chain_id = "93201" - rust_verification_service_url = "https://sc-verifier.aws-k8s.blockscout.com/" - ws_address = "" - } + default = {} } variable "tags" { @@ -199,21 +190,14 @@ variable "create_iam_instance_profile_ssm_policy" { variable "verifier_settings" { description = "Settings of verifier" type = object({ - docker_image = string - solidity_fetcher_list_url = string - solidity_refresh_versions_schedule = string - vyper_fetcher_list_url = string - vyper_refresh_versions_schedule = string - sourcify_api_url = string + docker_image = optional(string, "https://sc-verifier.aws-k8s.blockscout.com/") + solidity_fetcher_list_url = optional(string, "https://solc-bin.ethereum.org/linux-amd64/list.json") + solidity_refresh_versions_schedule = optional(string, "0 0 * * * * *") + vyper_fetcher_list_url = optional(string, "https://raw.githubusercontent.com/blockscout/solc-bin/main/vyper.list.json") + vyper_refresh_versions_schedule = optional(string, "0 0 * * * * *") + sourcify_api_url = optional(string, "https://sourcify.dev/server/") }) - default = { - docker_image = "ghcr.io/blockscout/smart-contract-verifier:main" - solidity_fetcher_list_url = "https://solc-bin.ethereum.org/linux-amd64/list.json" - solidity_refresh_versions_schedule = "0 0 * * * * *" - vyper_refresh_versions_schedule = "0 0 * * * * *" - vyper_fetcher_list_url = "https://raw.githubusercontent.com/blockscout/solc-bin/main/vyper.list.json" - sourcify_api_url = "https://sourcify.dev/server/" - } + default = {} } variable "verifier_enabled" { From b7f37098f787b9cd9183cd7f7959a495a4d1d476 Mon Sep 17 00:00:00 2001 From: MicleMaslow Date: Tue, 7 Mar 2023 11:17:25 +0400 Subject: [PATCH 3/5] Refactoring --- alb/main.tf | 55 +++ alb/output.tf | 7 + alb/variables.tf | 40 ++ asg/main.tf | 78 ++++ asg/variables.tf | 52 +++ locals.tf | 2 + main.tf | 471 ++++++++-------------- templates/docker_compose.tftpl | 5 + templates/docker_compose_visualizer.tftpl | 12 + variables.tf | 27 +- 10 files changed, 435 insertions(+), 314 deletions(-) create mode 100644 alb/main.tf create mode 100644 alb/output.tf create mode 100644 alb/variables.tf create mode 100644 asg/main.tf create mode 100644 asg/variables.tf create mode 100644 templates/docker_compose_visualizer.tftpl diff --git a/alb/main.tf b/alb/main.tf new file mode 100644 index 0000000..9efc691 --- /dev/null +++ b/alb/main.tf @@ -0,0 +1,55 @@ +module "alb" { + source = "terraform-aws-modules/alb/aws" + version = "8.2.1" + name = var.name + internal = var.internal + load_balancer_type = "application" + vpc_id = var.vpc_id + subnets = var.subnets + security_groups = [var.security_groups] + target_groups = [ + { + name_prefix = var.name_prefix + backend_protocol = "HTTP" + backend_port = var.backend_port + target_type = "instance" + health_check = { + enabled = true + interval = 30 + path = var.health_check_path + port = "traffic-port" + healthy_threshold = 3 + unhealthy_threshold = 3 + timeout = 6 + protocol = "HTTP" + matcher = "200-399" + } + } + ] + http_tcp_listeners = var.ssl_certificate_arn != "" ? [ + { + port = 80 + protocol = "HTTP" + action_type = "redirect" + redirect = { + port = "443" + protocol = "HTTPS" + status_code = "HTTP_301" + } + }] : [ + { + port = 80 + protocol = "HTTP" + action_type = "forward" + redirect = {} + }] + https_listeners = var.ssl_certificate_arn != "" ? [ + { + port = 443 + protocol = "HTTPS" + target_group_index = 0 + certificate_arn = var.ssl_certificate_arn + } + ] : [] + tags = var.tags +} \ No newline at end of file diff --git a/alb/output.tf b/alb/output.tf new file mode 100644 index 0000000..4d101ca --- /dev/null +++ b/alb/output.tf @@ -0,0 +1,7 @@ +output "target_group_arns" { + value = module.alb.target_group_arns +} + +output "lb_dns_name" { + value = module.alb.lb_dns_name +} \ No newline at end of file diff --git a/alb/variables.tf b/alb/variables.tf new file mode 100644 index 0000000..10e74f8 --- /dev/null +++ b/alb/variables.tf @@ -0,0 +1,40 @@ +variable "name" { + type = string +} + +variable "internal" { + type = bool +} + +variable "vpc_id" { + type = string +} + +variable "subnets" { + type = list(any) +} + +variable "security_groups" { + type = string +} + +variable "name_prefix" { + type = string +} + +variable "backend_port" { + type = string +} + +variable "health_check_path" { + type = string +} + +variable "tags" { + type = any +} + +variable "ssl_certificate_arn" { + type = string + default = "" +} \ No newline at end of file diff --git a/asg/main.tf b/asg/main.tf new file mode 100644 index 0000000..78ec14e --- /dev/null +++ b/asg/main.tf @@ -0,0 +1,78 @@ +module "ec2_asg" { + source = "terraform-aws-modules/autoscaling/aws" + version = "v6.7.1" + name = var.name + min_size = var.min_size + max_size = var.max_size + wait_for_capacity_timeout = 0 + health_check_type = "EC2" + vpc_zone_identifier = var.vpc_zone_identifier + instance_refresh = { + strategy = "Rolling" + preferences = { + min_healthy_percentage = 100 + } + triggers = ["tag"] + } + launch_template_name = var.launch_template_name + launch_template_description = "Launch template" + update_default_version = true + image_id = var.image_id + instance_type = var.instance_type + ebs_optimized = false + enable_monitoring = false + create_iam_instance_profile = var.create_iam_instance_profile + iam_instance_profile_arn = var.iam_instance_profile_arn + iam_role_name = var.iam_role_name + iam_role_path = "/" + iam_role_description = "IAM role" + iam_role_tags = { + CustomIamRole = "Yes" + } + iam_role_policies = { + AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" + } + user_data = base64encode(templatefile( + "${path.module}/../templates/init_script.tftpl", + { + docker_compose_str = templatefile( + "${path.module}/../templates/docker_compose${var.docker_compose_file_postfix}.tftpl", + var.docker_compose_config + ) + path_docker_compose_files = var.path_docker_compose_files + user = var.user + } + )) + block_device_mappings = [ + { + device_name = "/dev/xvda" + no_device = 0 + ebs = { + delete_on_termination = true + encrypted = false + volume_size = 30 + volume_type = "gp2" + } + } + ] + network_interfaces = [ + { + delete_on_termination = true + description = "eth0" + device_index = 0 + security_groups = [var.security_groups] + } + ] + tag_specifications = [ + { + resource_type = "instance" + tags = var.tags + }, + { + resource_type = "volume" + tags = var.tags + } + ] + target_group_arns = var.target_group_arns + tags = var.tags +} \ No newline at end of file diff --git a/asg/variables.tf b/asg/variables.tf new file mode 100644 index 0000000..41d1ec9 --- /dev/null +++ b/asg/variables.tf @@ -0,0 +1,52 @@ +variable "name" { + type = string +} +variable "min_size" { + type = number +} +variable "max_size" { + type = number +} +variable "vpc_zone_identifier" { + type = list(any) +} +variable "launch_template_name" { + type = string +} +variable "image_id" { + type = string +} +variable "instance_type" { + type = string +} +variable "create_iam_instance_profile" { + type = bool +} +variable "iam_instance_profile_arn" { + type = string +} +variable "iam_role_name" { + type = string +} +variable "docker_compose_config" { + type = any +} +variable "path_docker_compose_files" { + type = string +} +variable "user" { + type = string +} +variable "security_groups" { + type = string +} +variable "tags" { + type = any +} +variable "target_group_arns" { + type = list(any) +} +variable "docker_compose_file_postfix" { + type = string + default = "" +} \ No newline at end of file diff --git a/locals.tf b/locals.tf index 924ca36..692cd0e 100644 --- a/locals.tf +++ b/locals.tf @@ -3,4 +3,6 @@ locals { subnets = cidrsubnets(var.vpc_cidr, 8, 8, 8, 8, 8, 8, 8, 8) default_tags = {} final_tags = merge(var.tags, local.default_tags) + vpc_id_rule = var.existed_vpc_id != "" ? var.existed_vpc_id : module.vpc[0].vpc_id + subnets_rule = var.existed_vpc_id != "" ? var.existed_public_subnets_ids : module.vpc[0].public_subnets } \ No newline at end of file diff --git a/main.tf b/main.tf index 16ff264..4b3cd4f 100644 --- a/main.tf +++ b/main.tf @@ -1,3 +1,8 @@ +resource "random_string" "secret_key_base" { + length = 64 + special = false +} + module "vpc" { source = "terraform-aws-modules/vpc/aws" version = "3.18.1" @@ -34,7 +39,7 @@ module "lb-sg" { tags = local.final_tags } -module "lb-verifier-sg" { +module "lb-microservices-sg" { source = "terraform-aws-modules/security-group/aws" version = "4.16.0" name = "${var.vpc_name}-lb-sg" @@ -47,15 +52,14 @@ module "lb-verifier-sg" { from_port = 8050 to_port = 8050 protocol = "tcp" - description = "Verifier port" + description = "Microservices port" cidr_blocks = var.existed_vpc_id == "" ? var.vpc_cidr : data.aws_vpc.selected[0].cidr_block } ] tags = local.final_tags } -module "verifier-sg" { - count = var.verifier_enabled ? 1 : 0 +module "microservices-sg" { source = "terraform-aws-modules/security-group/aws" version = "4.16.0" name = "${var.vpc_name}-application-sg" @@ -68,7 +72,7 @@ module "verifier-sg" { from_port = 8050 to_port = 8050 protocol = "tcp" - description = "Verifier port" + description = "Microservices port" cidr_blocks = var.existed_vpc_id == "" ? var.vpc_cidr : data.aws_vpc.selected[0].cidr_block self = true } @@ -78,8 +82,8 @@ module "verifier-sg" { from_port = 8050 to_port = 8050 protocol = "tcp" - description = "Verifier port" - source_security_group_id = module.lb-verifier-sg.security_group_id + description = "Microservices port" + source_security_group_id = module.lb-microservices-sg.security_group_id } ] tags = local.final_tags @@ -207,338 +211,179 @@ module "ec2_database" { } module "ec2_asg_indexer" { - source = "terraform-aws-modules/autoscaling/aws" - version = "v6.7.1" - name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-asg-indexer-instance" - min_size = 1 - max_size = 1 - wait_for_capacity_timeout = 0 - health_check_type = "EC2" - vpc_zone_identifier = var.existed_vpc_id != "" ? slice(var.existed_private_subnets_ids, 0, 1) : slice(module.vpc[0].private_subnets, 0, 1) - instance_refresh = { - strategy = "Rolling" - preferences = { - min_healthy_percentage = 100 - } - triggers = ["tag"] - } - launch_template_name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-indexer-launch-template" - launch_template_description = "Launch template indexer" - update_default_version = true + source = "./asg" + ## ASG settings + name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-asg-indexer-instance" + min_size = 1 + max_size = 1 + vpc_zone_identifier = var.existed_vpc_id != "" ? slice(var.existed_private_subnets_ids, 0, 1) : slice(module.vpc[0].private_subnets, 0, 1) + launch_template_name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-indexer-launch-template" + target_group_arns = [] + ## Instance settings image_id = data.aws_ami.ubuntu.id instance_type = var.ui_and_api_instance_type - ebs_optimized = false - enable_monitoring = false create_iam_instance_profile = var.create_iam_instance_profile_ssm_policy iam_instance_profile_arn = var.iam_instance_profile_arn - iam_role_name = "role-${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-indexer" - iam_role_path = "/" - iam_role_description = "IAM role for indexer instance" - iam_role_tags = { - CustomIamRole = "Yes" + iam_role_name = "role-${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-api-and-ui" + ## Init settings + path_docker_compose_files = var.path_docker_compose_files + user = var.user + security_groups = module.application-sg.security_group_id + docker_compose_config = { + postgres_password = var.deploy_rds_db ? module.rds[0].db_instance_password : var.blockscout_settings["postgres_password"] + postgres_user = var.deploy_rds_db ? module.rds[0].db_instance_username : var.blockscout_settings["postgres_user"] + blockscout_docker_image = var.blockscout_settings["blockscout_docker_image"] + rpc_address = var.blockscout_settings["rpc_address"] + ws_address = var.blockscout_settings["ws_address"] + postgres_host = var.deploy_rds_db ? module.rds[0].db_instance_address : module.ec2_database[0].private_dns + chain_id = var.blockscout_settings["chain_id"] + rust_verification_service_url = var.blockscout_settings["rust_verification_service_url"] + secret_key_base = random_string.secret_key_base.result + visualize_sol2uml_enabled = false + visualize_sol2uml_service_url = var.visualize_sol2uml_enabled ? module.alb-visualizer.lb_dns_name : var.blockscout_settings["visualize_sol2uml_service_url"] + indexer = true + api_and_ui = false } - iam_role_policies = { - AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" + tags = local.final_tags +} + +module "ec2_asg_api-and-ui" { + source = "./asg" + ## ASG settings + name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-asg-api-and-ui-instances" + min_size = length(var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets) + max_size = length(var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets) + vpc_zone_identifier = var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets + launch_template_name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-api-and-ui-launch-template" + target_group_arns = module.alb.target_group_arns + ## Instance settings + image_id = data.aws_ami.ubuntu.id + instance_type = var.ui_and_api_instance_type + create_iam_instance_profile = var.create_iam_instance_profile_ssm_policy + iam_instance_profile_arn = var.iam_instance_profile_arn + iam_role_name = "role-${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-api-and-ui" + ## Init settings + path_docker_compose_files = var.path_docker_compose_files + user = var.user + security_groups = module.application-sg.security_group_id + docker_compose_config = { + postgres_password = var.deploy_rds_db ? module.rds[0].db_instance_password : var.blockscout_settings["postgres_password"] + postgres_user = var.deploy_rds_db ? module.rds[0].db_instance_username : var.blockscout_settings["postgres_user"] + blockscout_docker_image = var.blockscout_settings["blockscout_docker_image"] + rpc_address = var.blockscout_settings["rpc_address"] + ws_address = var.blockscout_settings["ws_address"] + postgres_host = var.deploy_rds_db ? module.rds[0].db_instance_address : module.ec2_database[0].private_dns + chain_id = var.blockscout_settings["chain_id"] + rust_verification_service_url = var.verifier_enabled ? module.alb-verifier.lb_dns_name : var.blockscout_settings["rust_verification_service_url"] + secret_key_base = random_string.secret_key_base.result + visualize_sol2uml_enabled = var.visualize_sol2uml_enabled + visualize_sol2uml_service_url = var.visualize_sol2uml_enabled ? module.alb-visualizer.lb_dns_name : var.blockscout_settings["visualize_sol2uml_service_url"] + indexer = false + api_and_ui = true } - user_data = base64encode(templatefile( - "${path.module}/templates/init_script.tftpl", - { - docker_compose_str = templatefile( - "${path.module}/templates/docker_compose.tftpl", - { - postgres_password = var.deploy_rds_db ? module.rds[0].db_instance_password : var.blockscout_settings["postgres_password"] - postgres_user = var.deploy_rds_db ? module.rds[0].db_instance_username : var.blockscout_settings["postgres_user"] - blockscout_docker_image = var.blockscout_settings["blockscout_docker_image"] - rpc_address = var.blockscout_settings["rpc_address"] - ws_address = var.blockscout_settings["ws_address"] - postgres_host = var.deploy_rds_db ? module.rds[0].db_instance_address : module.ec2_database[0].private_dns - chain_id = var.blockscout_settings["chain_id"] - rust_verification_service_url = var.blockscout_settings["rust_verification_service_url"] - indexer = true - api_and_ui = false - } - ) - path_docker_compose_files = var.path_docker_compose_files - user = var.user - } - )) - block_device_mappings = [ - { - device_name = "/dev/xvda" - no_device = 0 - ebs = { - delete_on_termination = true - encrypted = false - volume_size = 30 - volume_type = "gp2" - } - } - ] - network_interfaces = [ - { - delete_on_termination = true - description = "eth0" - device_index = 0 - security_groups = [module.application-sg.security_group_id] - } - ] - tag_specifications = [ - { - resource_type = "instance" - tags = local.final_tags - }, - { - resource_type = "volume" - tags = local.final_tags - } - ] tags = local.final_tags } module "ec2_asg_verifier" { - source = "terraform-aws-modules/autoscaling/aws" - version = "v6.7.1" - name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-asg-verifier-instance" - min_size = length(var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets) - max_size = length(var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets) - wait_for_capacity_timeout = 0 - health_check_type = "EC2" - vpc_zone_identifier = var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets - instance_refresh = { - strategy = "Rolling" - preferences = { - min_healthy_percentage = 100 - } - triggers = ["tag"] - } - launch_template_name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-verifier-launch-template" - launch_template_description = "Launch template verifier" - update_default_version = true + count = var.verifier_enabled ? 1 : 0 + source = "./asg" + ## ASG settings + name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-asg-verifier-instance" + min_size = var.verifier_replicas + max_size = var.verifier_replicas + vpc_zone_identifier = var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets + launch_template_name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-verifier-launch-template" + target_group_arns = module.alb-verifier.target_group_arns + ## Instance settings image_id = data.aws_ami.ubuntu.id instance_type = var.verifier_instance_type - ebs_optimized = false - enable_monitoring = false create_iam_instance_profile = var.create_iam_instance_profile_ssm_policy iam_instance_profile_arn = var.iam_instance_profile_arn iam_role_name = "role-${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-verifier" - iam_role_path = "/" - iam_role_description = "IAM role for verifier instance" - iam_role_tags = { - CustomIamRole = "Yes" + ## Init settings + docker_compose_file_postfix = "_verifier" + path_docker_compose_files = var.path_docker_compose_files + user = var.user + security_groups = module.microservices-sg.security_group_id + docker_compose_config = { + docker_image = var.verifier_settings["docker_image"] + solidity_fetcher_list_url = var.verifier_settings["solidity_fetcher_list_url"] + solidity_refresh_versions_schedule = var.verifier_settings["solidity_refresh_versions_schedule"] + vyper_refresh_versions_schedule = var.verifier_settings["vyper_refresh_versions_schedule"] + vyper_fetcher_list_url = var.verifier_settings["vyper_fetcher_list_url"] + sourcify_api_url = var.verifier_settings["sourcify_api_url"] } - iam_role_policies = { - AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" - } - user_data = base64encode(templatefile( - "${path.module}/templates/init_script.tftpl", - { - docker_compose_str = templatefile( - "${path.module}/templates/docker_compose_verifier.tftpl", - { - docker_image = var.verifier_settings["docker_image"] - solidity_fetcher_list_url = var.verifier_settings["solidity_fetcher_list_url"] - solidity_refresh_versions_schedule = var.verifier_settings["solidity_refresh_versions_schedule"] - vyper_refresh_versions_schedule = var.verifier_settings["vyper_refresh_versions_schedule"] - vyper_fetcher_list_url = var.verifier_settings["vyper_fetcher_list_url"] - sourcify_api_url = var.verifier_settings["sourcify_api_url"] - } - ) - path_docker_compose_files = var.path_docker_compose_files - user = var.user - } - )) - block_device_mappings = [ - { - device_name = "/dev/xvda" - no_device = 0 - ebs = { - delete_on_termination = true - encrypted = false - volume_size = 30 - volume_type = "gp2" - } - } - ] - network_interfaces = [ - { - delete_on_termination = true - description = "eth0" - device_index = 0 - security_groups = [module.verifier-sg[0].security_group_id] - } - ] - tag_specifications = [ - { - resource_type = "instance" - tags = local.final_tags - }, - { - resource_type = "volume" - tags = local.final_tags - } - ] - target_group_arns = module.alb-verifier.target_group_arns - tags = local.final_tags + tags = local.final_tags } -module "ec2_asg_api-and-ui" { - source = "terraform-aws-modules/autoscaling/aws" - version = "v6.7.1" - name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-asg-api-and-ui-instances" - min_size = length(var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets) - max_size = length(var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets) - wait_for_capacity_timeout = 0 - health_check_type = "EC2" - vpc_zone_identifier = var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets - instance_refresh = { - strategy = "Rolling" - preferences = { - min_healthy_percentage = 100 - } - triggers = ["tag"] - } - launch_template_name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-api-and-ui-launch-template" - launch_template_description = "Launch template api-and-ui" - update_default_version = true +module "ec2_asg_visualizer" { + count = var.visualizer_enabled ? 1 : 0 + source = "./asg" + ## ASG settings + name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-asg-visualizer-instance" + min_size = var.visualizer_replicas + max_size = var.visualizer_replicas + vpc_zone_identifier = var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets + launch_template_name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-verifier-launch-template" + target_group_arns = module.alb-visualizer.target_group_arns + ## Instance settings image_id = data.aws_ami.ubuntu.id - instance_type = var.ui_and_api_instance_type - ebs_optimized = false - enable_monitoring = false + instance_type = var.verifier_instance_type create_iam_instance_profile = var.create_iam_instance_profile_ssm_policy iam_instance_profile_arn = var.iam_instance_profile_arn - iam_role_name = "role-${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-api-and-ui" - iam_role_path = "/" - iam_role_description = "IAM role for api-and-ui-instances" - iam_role_tags = { - CustomIamRole = "Yes" - } - iam_role_policies = { - AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" + iam_role_name = "role-${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-verifier" + ## Init settings + docker_compose_file_postfix = "_visualizer" + path_docker_compose_files = var.path_docker_compose_files + user = var.user + security_groups = module.microservices-sg.security_group_id + docker_compose_config = { + docker_image = var.verifier_settings["docker_image"] + solidity_fetcher_list_url = var.verifier_settings["solidity_fetcher_list_url"] + solidity_refresh_versions_schedule = var.verifier_settings["solidity_refresh_versions_schedule"] + vyper_refresh_versions_schedule = var.verifier_settings["vyper_refresh_versions_schedule"] + vyper_fetcher_list_url = var.verifier_settings["vyper_fetcher_list_url"] + sourcify_api_url = var.verifier_settings["sourcify_api_url"] } - user_data = base64encode(templatefile( - "${path.module}/templates/init_script.tftpl", - { - docker_compose_str = templatefile( - "${path.module}/templates/docker_compose.tftpl", - { - postgres_password = var.deploy_rds_db ? module.rds[0].db_instance_password : var.blockscout_settings["postgres_password"] - postgres_user = var.deploy_rds_db ? module.rds[0].db_instance_username : var.blockscout_settings["postgres_user"] - blockscout_docker_image = var.blockscout_settings["blockscout_docker_image"] - rpc_address = var.blockscout_settings["rpc_address"] - ws_address = var.blockscout_settings["ws_address"] - postgres_host = var.deploy_rds_db ? module.rds[0].db_instance_address : module.ec2_database[0].private_dns - chain_id = var.blockscout_settings["chain_id"] - rust_verification_service_url = var.verifier_enabled ? module.alb-verifier.lb_dns_name : var.blockscout_settings["rust_verification_service_url"] - indexer = false - api_and_ui = true - } - ) - path_docker_compose_files = var.path_docker_compose_files - user = var.user - } - )) - block_device_mappings = [ - { - device_name = "/dev/xvda" - no_device = 0 - ebs = { - delete_on_termination = true - encrypted = false - volume_size = 30 - volume_type = "gp2" - } - } - ] - network_interfaces = [ - { - delete_on_termination = true - description = "eth0" - device_index = 0 - security_groups = [module.application-sg.security_group_id] - } - ] - tag_specifications = [ - { - resource_type = "instance" - tags = local.final_tags - }, - { - resource_type = "volume" - tags = local.final_tags - } - ] - target_group_arns = module.alb.target_group_arns - tags = local.final_tags + tags = local.final_tags } module "alb" { - source = "terraform-aws-modules/alb/aws" - version = "8.2.1" - name = "supernet" - load_balancer_type = "application" - vpc_id = var.existed_vpc_id != "" ? var.existed_vpc_id : module.vpc[0].vpc_id - subnets = var.existed_vpc_id != "" ? var.existed_public_subnets_ids : module.vpc[0].public_subnets - security_groups = [module.lb-sg.security_group_id] - target_groups = [ - { - name_prefix = "apiui-" - backend_protocol = "HTTP" - backend_port = 4000 - target_type = "instance" - } - ] - http_tcp_listeners = var.ssl_certificate_arn != "" ? [ - { - port = 80 - protocol = "HTTP" - action_type = "redirect" - redirect = { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" - } - }] : [ - { - port = 80 - protocol = "HTTP" - action_type = "forward" - redirect = {} - }] - https_listeners = var.ssl_certificate_arn != "" ? [ - { - port = 443 - protocol = "HTTPS" - target_group_index = 0 - certificate_arn = var.ssl_certificate_arn - } - ] : [] - tags = local.final_tags + source = "./alb" + name = "supernet" + internal = false + vpc_id = local.vpc_id_rule + subnets = local.subnets_rule + backend_port = 4000 + health_check_path = "/" + name_prefix = "apiui-" + security_groups = module.lb-sg.security_group_id + ssl_certificate_arn = var.ssl_certificate_arn + tags = local.final_tags } module "alb-verifier" { - source = "terraform-aws-modules/alb/aws" - version = "8.2.1" - name = "verifier" - internal = true - load_balancer_type = "application" - vpc_id = var.existed_vpc_id != "" ? var.existed_vpc_id : module.vpc[0].vpc_id - subnets = var.existed_vpc_id != "" ? var.existed_public_subnets_ids : module.vpc[0].public_subnets - security_groups = [module.lb-verifier-sg.security_group_id] - target_groups = [ - { - name_prefix = "verif-" - backend_protocol = "HTTP" - backend_port = 8050 - target_type = "instance" - } - ] - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - action_type = "forward" - redirect = {} - } - ] - tags = local.final_tags + source = "./alb" + name = "verifier" + internal = true + vpc_id = local.vpc_id_rule + subnets = local.subnets_rule + backend_port = 8050 + health_check_path = "/api/v2/verifier/solidity/versions" + name_prefix = "verif-" + security_groups = module.lb-microservices-sg.security_group_id + tags = local.final_tags +} + +module "alb-visualizer" { + source = "./alb" + name = "visualizer" + internal = true + vpc_id = local.vpc_id_rule + subnets = local.subnets_rule + backend_port = 8050 + health_check_path = "/" + name_prefix = "viz-" + security_groups = module.lb-microservices-sg.security_group_id + tags = local.final_tags } \ No newline at end of file diff --git a/templates/docker_compose.tftpl b/templates/docker_compose.tftpl index 987824b..e0bc57e 100644 --- a/templates/docker_compose.tftpl +++ b/templates/docker_compose.tftpl @@ -18,6 +18,11 @@ services: %{ endif ~} %{ if api_and_ui ~} DISABLE_INDEXER: "true" + SECRET_KEY_BASE: '${secret_key_base}' +%{ if visualize_sol2uml_enabled ~} + VISUALIZE_SOL2UML_ENABLED: "true" + VISUALIZE_SOL2UML_SERVICE_URL: '${visualize_sol2uml_service_url}' +%{ endif ~} %{ endif ~} %{ if indexer ~} DISABLE_WEBAPP: "true" diff --git a/templates/docker_compose_visualizer.tftpl b/templates/docker_compose_visualizer.tftpl new file mode 100644 index 0000000..09a9045 --- /dev/null +++ b/templates/docker_compose_visualizer.tftpl @@ -0,0 +1,12 @@ +version: '3.8' +services: + visualizer: + container_name: 'visualizer' + image: ${docker_image} + restart: always + environment: + VISUALIZER__SERVER__GRPC__ENABLED: "false" + ports: + - 8050:8050 + volumes: + - ./logs/:/app/logs/ \ No newline at end of file diff --git a/variables.tf b/variables.tf index 60006c0..0f5f1cb 100644 --- a/variables.tf +++ b/variables.tf @@ -93,6 +93,7 @@ variable "blockscout_settings" { chain_id = optional(string, "93201") rust_verification_service_url = optional(string, "https://sc-verifier.aws-k8s.blockscout.com/") ws_address = optional(string, "") + visualize_sol2uml_service_url = optional(string, "") }) default = {} } @@ -190,7 +191,7 @@ variable "create_iam_instance_profile_ssm_policy" { variable "verifier_settings" { description = "Settings of verifier" type = object({ - docker_image = optional(string, "https://sc-verifier.aws-k8s.blockscout.com/") + docker_image = optional(string, "ghcr.io/blockscout/smart-contract-verifier:main") solidity_fetcher_list_url = optional(string, "https://solc-bin.ethereum.org/linux-amd64/list.json") solidity_refresh_versions_schedule = optional(string, "0 0 * * * * *") vyper_fetcher_list_url = optional(string, "https://raw.githubusercontent.com/blockscout/solc-bin/main/vyper.list.json") @@ -204,4 +205,28 @@ variable "verifier_enabled" { description = "Verifier deploy" type = bool default = true +} + +variable "visualize_sol2uml_enabled" { + description = "Visualizer deploy" + type = bool + default = true +} + +variable "verifier_replicas" { + description = "Number of verifier replicas" + type = number + default = 2 +} + +variable "visualizer_enabled" { + description = "Visualizer deploy" + type = bool + default = true +} + +variable "visualizer_replicas" { + description = "Number of visualizer replicas" + type = number + default = 2 } \ No newline at end of file From 53eff0a71b38b82fcd65d3d5f2a426c185fe2a08 Mon Sep 17 00:00:00 2001 From: MicleMaslow Date: Tue, 7 Mar 2023 11:35:26 +0400 Subject: [PATCH 4/5] Readme and some fixes --- README.md | 9 ++++++++- alb/variables.tf | 9 --------- main.tf | 16 +++++++++------- templates/docker_compose.tftpl | 2 +- variables.tf | 6 ------ 5 files changed, 18 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index e67f8e1..873eea8 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,8 @@ module "vpc" { | Name | Description | Type | Default | Required | |------|-------------|------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------:| -| [blockscout\_settings](#input\_blockscout\_settings) | Settings of blockscout app | 
object({
    postgres_password             = string
    postgres_user                 = string
    postgres_host                 = string
    blockscout_docker_image       = string
    rpc_address                   = string
    chain_id                      = string
    rust_verification_service_url = string
    ws_address                    = string
  })
| 
{
  "blockscout_docker_image": "blockscout/blockscout-polygon-supernets:5.1.0-prerelease-26e4d6e4",
  "chain_id": "93201",
  "postgres_host": "postgres",
  "postgres_password": "postgres",
  "postgres_user": "postgres",
  "rpc_address": "https://rpc-supertestnet.polygon.technology",
  "rust_verification_service_url": "https://sc-verifier.aws-k8s.blockscout.com/", 
  "ws_address": ""
}
| no | +| [blockscout\_settings](#input\_blockscout\_settings) | Settings of blockscout app | 
object({
    postgres_password             = optional(string, "postgres")
    postgres_user                 = optional(string, "postgres")
    postgres_host                 = optional(string, "postgres")
    blockscout_docker_image       = optional(string, "blockscout/blockscout-polygon-supernets:5.1.0-prerelease-26e4d6e4")
    rpc_address                   = optional(string, "https://rpc-supertestnet.polygon.technology")
    chain_id                      = optional(string, "93201")
    rust_verification_service_url = optional(string, "https://sc-verifier.aws-k8s.blockscout.com/")
    ws_address                    = optional(string, "")
    visualize_sol2uml_service_url = optional(string, "")
  })
| `{}` | no | +| [verifier\_settings](#input\_verifier\_settings) | Settings of verifier | 
object({
    docker_image                       = optional(string, "ghcr.io/blockscout/smart-contract-verifier:main")
    solidity_fetcher_list_url          = optional(string, "https://solc-bin.ethereum.org/linux-amd64/list.json")
    solidity_refresh_versions_schedule = optional(string, "0 0 * * * * *")
    vyper_fetcher_list_url             = optional(string, "https://raw.githubusercontent.com/blockscout/solc-bin/main/vyper.list.json")
    vyper_refresh_versions_schedule    = optional(string, "0 0 * * * * *")
    sourcify_api_url                   = optional(string, "https://sourcify.dev/server/")
  })
| `{}` | no | | [create\_iam\_instance\_profile\_ssm\_policy](#input\_create\_iam\_instance\_profile\_ssm\_policy) | Determines whether an IAM instance profile with SSM policy is created or to use an existing IAM instance profile | `string` | `false` | no | | [deploy\_ec2\_instance\_db](#input\_deploy\_ec2\_instance\_db) | Create ec2 instance with postgresql db in docker | `bool` | `true` | no | | [deploy\_rds\_db](#input\_deploy\_rds\_db) | Enabled deploy rds | `bool` | `false` | no | @@ -102,11 +103,17 @@ module "vpc" { | [tags](#input\_tags) | Add custom tags for all resources managed by this script | `map(string)` | `{}` | no | | [ui\_and\_api\_instance\_type](#input\_ui\_and\_api\_instance\_type) | AWS instance type | `string` | `"t2.medium"` | no | | [user](#input\_user) | What user to service run as | `string` | `"root"` | no | +| [verifier\_enabled](#input\_verifier\_enabled) | Verifier deploy | `bool` | `true` | no | +| [verifier\_instance\_type](#input\_verifier\_instance\_type) | AWS instance type | `string` | `"t2.medium"` | no | +| [verifier\_replicas](#input\_verifier\_replicas) | Number of verifier replicas | `number` | `2` | no | +| [visualizer\_enabled](#input\_visualizer\_enabled) | Visualizer deploy | `bool` | `true` | no | +| [visualizer\_replicas](#input\_visualizer\_replicas) | Number of visualizer replicas | `number` | `2` | no | | [vpc\_cidr](#input\_vpc\_cidr) | VPC cidr | `string` | `"10.105.0.0/16"` | no | | [vpc\_name](#input\_vpc\_name) | VPC name | `string` | `""` | no | | [vpc\_private\_subnet\_cidrs](#input\_vpc\_private\_subnet\_cidrs) | Not required! You can set custom private subnets | `list(string)` | `null` | no | | [vpc\_public\_subnet\_cidrs](#input\_vpc\_public\_subnet\_cidrs) | Not required! You can set custom public subnets | `list(string)` | `null` | no | + ## Outputs No outputs. diff --git a/alb/variables.tf b/alb/variables.tf index 10e74f8..98a858e 100644 --- a/alb/variables.tf +++ b/alb/variables.tf @@ -1,39 +1,30 @@ variable "name" { type = string } - variable "internal" { type = bool } - variable "vpc_id" { type = string } - variable "subnets" { type = list(any) } - variable "security_groups" { type = string } - variable "name_prefix" { type = string } - variable "backend_port" { type = string } - variable "health_check_path" { type = string } - variable "tags" { type = any } - variable "ssl_certificate_arn" { type = string default = "" diff --git a/main.tf b/main.tf index 4b3cd4f..4bd6cf6 100644 --- a/main.tf +++ b/main.tf @@ -239,8 +239,8 @@ module "ec2_asg_indexer" { chain_id = var.blockscout_settings["chain_id"] rust_verification_service_url = var.blockscout_settings["rust_verification_service_url"] secret_key_base = random_string.secret_key_base.result - visualize_sol2uml_enabled = false - visualize_sol2uml_service_url = var.visualize_sol2uml_enabled ? module.alb-visualizer.lb_dns_name : var.blockscout_settings["visualize_sol2uml_service_url"] + visualizer_enabled = false + visualize_sol2uml_service_url = var.visualizer_enabled ? module.alb-visualizer[0].lb_dns_name : var.blockscout_settings["visualize_sol2uml_service_url"] indexer = true api_and_ui = false } @@ -274,10 +274,10 @@ module "ec2_asg_api-and-ui" { ws_address = var.blockscout_settings["ws_address"] postgres_host = var.deploy_rds_db ? module.rds[0].db_instance_address : module.ec2_database[0].private_dns chain_id = var.blockscout_settings["chain_id"] - rust_verification_service_url = var.verifier_enabled ? module.alb-verifier.lb_dns_name : var.blockscout_settings["rust_verification_service_url"] + rust_verification_service_url = var.verifier_enabled ? module.alb-verifier[0].lb_dns_name : var.blockscout_settings["rust_verification_service_url"] secret_key_base = random_string.secret_key_base.result - visualize_sol2uml_enabled = var.visualize_sol2uml_enabled - visualize_sol2uml_service_url = var.visualize_sol2uml_enabled ? module.alb-visualizer.lb_dns_name : var.blockscout_settings["visualize_sol2uml_service_url"] + visualizer_enabled = var.visualizer_enabled + visualize_sol2uml_service_url = var.visualizer_enabled ? module.alb-visualizer[0].lb_dns_name : var.blockscout_settings["visualize_sol2uml_service_url"] indexer = false api_and_ui = true } @@ -293,7 +293,7 @@ module "ec2_asg_verifier" { max_size = var.verifier_replicas vpc_zone_identifier = var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets launch_template_name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-verifier-launch-template" - target_group_arns = module.alb-verifier.target_group_arns + target_group_arns = module.alb-verifier[0].target_group_arns ## Instance settings image_id = data.aws_ami.ubuntu.id instance_type = var.verifier_instance_type @@ -325,7 +325,7 @@ module "ec2_asg_visualizer" { max_size = var.visualizer_replicas vpc_zone_identifier = var.existed_vpc_id != "" ? var.existed_private_subnets_ids : module.vpc[0].private_subnets launch_template_name = "${var.vpc_name != "" ? var.vpc_name : "existed-vpc"}-verifier-launch-template" - target_group_arns = module.alb-visualizer.target_group_arns + target_group_arns = module.alb-visualizer[0].target_group_arns ## Instance settings image_id = data.aws_ami.ubuntu.id instance_type = var.verifier_instance_type @@ -363,6 +363,7 @@ module "alb" { } module "alb-verifier" { + count = var.verifier_enabled ? 1 : 0 source = "./alb" name = "verifier" internal = true @@ -376,6 +377,7 @@ module "alb-verifier" { } module "alb-visualizer" { + count = var.visualizer_enabled ? 1 : 0 source = "./alb" name = "visualizer" internal = true diff --git a/templates/docker_compose.tftpl b/templates/docker_compose.tftpl index e0bc57e..09f8fc5 100644 --- a/templates/docker_compose.tftpl +++ b/templates/docker_compose.tftpl @@ -19,7 +19,7 @@ services: %{ if api_and_ui ~} DISABLE_INDEXER: "true" SECRET_KEY_BASE: '${secret_key_base}' -%{ if visualize_sol2uml_enabled ~} +%{ if visualizer_enabled ~} VISUALIZE_SOL2UML_ENABLED: "true" VISUALIZE_SOL2UML_SERVICE_URL: '${visualize_sol2uml_service_url}' %{ endif ~} diff --git a/variables.tf b/variables.tf index 0f5f1cb..261a97c 100644 --- a/variables.tf +++ b/variables.tf @@ -207,12 +207,6 @@ variable "verifier_enabled" { default = true } -variable "visualize_sol2uml_enabled" { - description = "Visualizer deploy" - type = bool - default = true -} - variable "verifier_replicas" { description = "Number of verifier replicas" type = number From 50b4e7a9f9a859c0b05e1ee349b65d6b496196a6 Mon Sep 17 00:00:00 2001 From: MicleMaslow Date: Tue, 7 Mar 2023 14:16:09 +0400 Subject: [PATCH 5/5] Readme and some fixes --- README.md | 2 ++ main.tf | 9 ++------- variables.tf | 6 ++++++ 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 873eea8..4180c2f 100644 --- a/README.md +++ b/README.md @@ -112,6 +112,8 @@ module "vpc" { | [vpc\_name](#input\_vpc\_name) | VPC name | `string` | `""` | no | | [vpc\_private\_subnet\_cidrs](#input\_vpc\_private\_subnet\_cidrs) | Not required! You can set custom private subnets | `list(string)` | `null` | no | | [vpc\_public\_subnet\_cidrs](#input\_vpc\_public\_subnet\_cidrs) | Not required! You can set custom public subnets | `list(string)` | `null` | no | +| [visualizer\_docker\_image](#input\_visualizer\_docker\_image) | Docker image of visualizer | `string` | `"ghcr.io/blockscout/visualizer:latest"` | no | + ## Outputs diff --git a/main.tf b/main.tf index 4bd6cf6..3ac0f6d 100644 --- a/main.tf +++ b/main.tf @@ -338,12 +338,7 @@ module "ec2_asg_visualizer" { user = var.user security_groups = module.microservices-sg.security_group_id docker_compose_config = { - docker_image = var.verifier_settings["docker_image"] - solidity_fetcher_list_url = var.verifier_settings["solidity_fetcher_list_url"] - solidity_refresh_versions_schedule = var.verifier_settings["solidity_refresh_versions_schedule"] - vyper_refresh_versions_schedule = var.verifier_settings["vyper_refresh_versions_schedule"] - vyper_fetcher_list_url = var.verifier_settings["vyper_fetcher_list_url"] - sourcify_api_url = var.verifier_settings["sourcify_api_url"] + docker_image = var.visualizer_docker_image } tags = local.final_tags } @@ -384,7 +379,7 @@ module "alb-visualizer" { vpc_id = local.vpc_id_rule subnets = local.subnets_rule backend_port = 8050 - health_check_path = "/" + health_check_path = "/health" name_prefix = "viz-" security_groups = module.lb-microservices-sg.security_group_id tags = local.final_tags diff --git a/variables.tf b/variables.tf index 261a97c..cc8cd01 100644 --- a/variables.tf +++ b/variables.tf @@ -223,4 +223,10 @@ variable "visualizer_replicas" { description = "Number of visualizer replicas" type = number default = 2 +} + +variable "visualizer_docker_image" { + description = "Docker image of visualizer" + type = string + default = "ghcr.io/blockscout/visualizer:latest" } \ No newline at end of file