remove-ec2-rpcs (#793)

Co-authored-by: liam.lai <liam.lai@us>

cicd/terraform/.env

@@ -1 +0,0 @@
-log_level=3

cicd/terraform/iam.tf

@@ -1,28 +0,0 @@
-# IAM policies
-data "aws_iam_policy_document" "xdc_ecs_tasks_execution_role" {
-  statement {
-    actions = ["sts:AssumeRole"]
-
-    principals {
-      type        = "Service"
-      identifiers = ["ecs-tasks.amazonaws.com"]
-    }
-  }
-}
-
-# Create the role
-resource "aws_iam_role" "xdc_ecs_tasks_execution_role" {
-  name               = "xdc-ecs-task-execution-role"
-  assume_role_policy = "${data.aws_iam_policy_document.xdc_ecs_tasks_execution_role.json}"
-}
-
-# Attached the AWS managed policies to the new role
-resource "aws_iam_role_policy_attachment" "xdc_ecs_tasks_execution_role" {
-  for_each = toset([
-    "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientFullAccess", 
-    "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
-    "arn:aws:iam::aws:policy/AmazonElasticFileSystemsUtils"
-  ])
-  role       = aws_iam_role.xdc_ecs_tasks_execution_role.name
-  policy_arn = each.value
-}

cicd/terraform/main.tf

@@ -1,66 +0,0 @@
-terraform {
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "~> 5.13.1"
-    }
-  }
-}
-
-# Default
-provider "aws" {
-  region  = "us-east-1"
-}
-
-provider "aws" {
-  alias = "ap-southeast-1"
-  region  = "ap-southeast-1"
-}
-
-module "devnet_rpc" {
-  source = "./module/ec2_rpc"
-  network = "devnet"
-  vpc_id = local.vpc_id
-  aws_subnet_id = local.aws_subnet_id
-  ami_id = local.ami_id
-  instance_type = "t3.large"
-  ssh_key_name = local.ssh_key_name
-  rpc_image = local.rpc_image
-  volume_size = 1500
-
-  providers = {
-    aws = aws.ap-southeast-1
-  }
-}
-
-module "testnet_rpc" {
-  source = "./module/ec2_rpc"
-  network = "testnet"
-  vpc_id = local.vpc_id
-  aws_subnet_id = local.aws_subnet_id
-  ami_id = local.ami_id
-  instance_type = "t3.large"
-  ssh_key_name = local.ssh_key_name
-  rpc_image = local.rpc_image
-  volume_size = 1500
-
-  providers = {
-    aws = aws.ap-southeast-1
-  }
-}
-
-module "mainnet_rpc" {
-  source = "./module/ec2_rpc"
-  network = "mainnet"
-  vpc_id = local.vpc_id
-  aws_subnet_id = local.aws_subnet_id
-  ami_id = local.ami_id
-  instance_type = "t3.large"
-  ssh_key_name = local.ssh_key_name
-  rpc_image = local.rpc_image
-  volume_size = 3000
-
-  providers = {
-    aws = aws.ap-southeast-1
-  }
-}

cicd/terraform/module/ec2_rpc/main.tf

@@ -1,109 +0,0 @@
-terraform {
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "~> 5.13.1"
-    }
-  }
-}
-variable network {
-  type = string
-}
-variable vpc_id {
-  type = string
-}
-variable aws_subnet_id {
-  type = string
-}
-variable ami_id {
-  type = string
-}
-variable instance_type {
-  type = string
-}
-variable ssh_key_name {
-  type = string
-}
-variable rpc_image {
-  type = string
-}
-variable volume_size{
-  type = number
-}
-
-resource "aws_security_group" "rpc_sg" {
-  name_prefix = "${var.network}_rpc_sg"
-
-  ingress {
-    from_port   = 22
-    to_port     = 22
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-  
-  ingress {
-    from_port   = 30303
-    to_port     = 30303
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  ingress {
-    from_port   = 8545
-    to_port     = 8545
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  ingress {
-    from_port   = 8555
-    to_port     = 8555
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-}
-
-resource "aws_instance" "rpc_instance" {
-  instance_type           = var.instance_type 
-  ami                     = var.ami_id
-  tags                    = {
-                              Name = var.network
-                            }
-  key_name                = var.ssh_key_name
-  vpc_security_group_ids  = [aws_security_group.rpc_sg.id]
-
-  root_block_device {
-    volume_size = var.volume_size
-  }
-
-
-  #below still need to remove git checkout {{branch}} after files merged to master
-  user_data = <<-EOF
-              #!/bin/bash
-              sudo yum update -y
-              sudo yum upgrade -y
-              sudo yum install git -y
-              sudo yum install docker -y
-              mkdir -p /root/.docker/cli-plugins
-              curl -SL https://github.com/docker/compose/releases/download/v2.25.0/docker-compose-linux-x86_64 -o /root/.docker/cli-plugins/docker-compose
-              sudo chmod +x /root/.docker/cli-plugins/docker-compose
-              echo checking compose version
-              docker compose version
-              sudo systemctl enable docker
-              sudo systemctl start docker
-              mkdir -p /work
-              cd /work
-              git clone https://github.com/XinFinOrg/XinFin-Node
-              cd /work/XinFin-Node/${var.network}
-              export RPC_IMAGE="${var.rpc_image}"
-              echo RPC_IMAGE=$RPC_IMAGE
-              ./docker-up-hash.sh
-              EOF
-}

cicd/terraform/module/region/container-definition.tpl

@@ -1,44 +0,0 @@
-[
-  {
-    "name": "tfXdcNode",
-    "image": "xinfinorg/${image_environment}:${image_tag}",
-    "environment": [
-      {"name": "PRIVATE_KEY", "value": "${private_key}"},
-      {"name": "LOG_LEVEL", "value": "${log_level}"},
-      {"name": "NODE_NAME", "value": "${node_name}"},
-      {"name": "NETWORK", "value": "${chain_network}"}
-    ],
-    "essential": true,
-    "logConfiguration": {
-      "logDriver": "awslogs",
-      "options": {
-        "awslogs-group": "${cloudwatch_group}",
-        "awslogs-region": "${cloudwatch_region}",
-        "awslogs-stream-prefix": "ecs"
-      }
-    },
-    "portMappings": [
-      {
-        "hostPort": 8555,
-        "protocol": "tcp",
-        "containerPort": 8555
-      },
-      {
-        "hostPort": 8545,
-        "protocol": "tcp",
-        "containerPort": 8545
-      },
-      {
-        "hostPort": 30303,
-        "protocol": "tcp",
-        "containerPort": 30303
-      }
-    ],
-    "mountPoints": [
-      {
-        "containerPath": "/work/xdcchain",
-        "sourceVolume": "efs"
-      }
-    ]
-  }
-]

cicd/terraform/module/region/ecs.tf

@@ -1,96 +0,0 @@
-data template_file container_definition {
-  for_each = var.nodeKeys
-  template = "${file("${path.module}/container-definition.tpl")}"
-
-  vars = {
-    image_environment = "${lookup(each.value, "imageEnvironment", "devnet")}"
-    image_tag = "${lookup(each.value, "imageTag", "latest")}"
-    node_name = "${each.key}"
-    private_key = "${each.value.pk}"
-    cloudwatch_group = "tf-${each.key}"
-    cloudwatch_region = "${var.region}"
-    log_level = "${lookup(each.value, "logLevel", "${var.logLevel}")}"
-    chain_network = var.network
-  }
-}
-
-resource "aws_ecs_task_definition" "task_definition_group" {
-  for_each = var.nodeKeys
-  
-  family = "${var.network}-${each.key}"
-  requires_compatibilities = ["FARGATE"]
-  network_mode = "awsvpc"
-  container_definitions = data.template_file.container_definition[each.key].rendered
-  execution_role_arn = var.xdc_ecs_tasks_execution_role_arn
-  task_role_arn = var.xdc_ecs_tasks_execution_role_arn
-  
-  # New nodes will consume a lot more CPU usage than existing nodes. 
-  # This is due to sync is resource heavy. Recommending set to below if doing sync:
-  # CPU = 2048, Memory = 4096
-  # Please set it back to cpu 256 and memory of 2048 after sync is done to save the cost
-  # cpu = 256
-  # memory = 2048
-  cpu = var.cpu
-  memory = var.memory
-  volume {
-    name = "efs"
-
-    efs_volume_configuration {
-      file_system_id          = aws_efs_file_system.efs[each.key].id
-      root_directory          = "/"
-      transit_encryption      = "ENABLED"
-      authorization_config {
-        access_point_id = aws_efs_access_point.efs_access_point[each.key].id
-        iam             = "DISABLED"
-      }
-    }
-  }
-  
-  tags = {
-       Name = "Tf${var.network}Ecs-${each.key}"
-   }
-}
-
-data "aws_ecs_task_definition" "ecs_task_definition" {
-  for_each = var.nodeKeys
-  task_definition = aws_ecs_task_definition.task_definition_group[each.key].family
-}
-
-# ECS cluster
-resource "aws_ecs_cluster" "ecs_cluster" {
-  name    = "${var.network}-xdcnode-cluster"
-  tags    = {
-    Name        = "Tf${var.network}EcsCluster"
-  }
-}
-
-
-resource "aws_ecs_service" "ecs_service" {
-  for_each             = var.enableFixedIp ? {} : var.nodeKeys
-  name                 = "ecs-service-${each.key}"
-  cluster              = aws_ecs_cluster.ecs_cluster.id
-  task_definition      = "${aws_ecs_task_definition.task_definition_group[each.key].family}:${max(aws_ecs_task_definition.task_definition_group[each.key].revision, data.aws_ecs_task_definition.ecs_task_definition[each.key].revision)}"
-  launch_type          = "FARGATE"
-  scheduling_strategy  = "REPLICA"
-  desired_count        = 1
-  force_new_deployment = true
-  deployment_minimum_healthy_percent = 0
-  deployment_maximum_percent = 100
-
-  network_configuration {
-    subnets          = [aws_subnet.subnet.id]
-    assign_public_ip = true
-    security_groups = [
-      aws_default_security_group.xdcnode_security_group.id
-    ]
-  }
-
-  deployment_circuit_breaker {
-    enable = true
-    rollback = false
-  }
-
-  tags = {
-    Name        = "Tf${var.network}EcsService-${each.key}"
-  }
-}

cicd/terraform/module/region/efs.tf

@@ -1,67 +0,0 @@
-
-# EFS
-resource "aws_security_group" "efs_security_group" {
-  name = "Tf${var.network}EfsSecurityGroup"
-  description = "Allow HTTP in and out of ${var.network} EFS"
-  vpc_id = aws_vpc.vpc.id
-
-  ingress {
-    from_port   = 2049
-    to_port     = 2049
-    protocol    = "TCP"
-    security_groups = [aws_default_security_group.xdcnode_security_group.id]
-  }
-
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-  tags = {
-    Name = "Tf${var.network}Efs"
-  }
-}
-
-resource "aws_efs_file_system" "efs" {
-  for_each = var.nodeKeys
-  creation_token = "efs-${each.key}"
-  performance_mode = "generalPurpose"
-  throughput_mode = "bursting"
-  encrypted = "true"
-  lifecycle_policy {
-    transition_to_ia = "AFTER_30_DAYS"
-  }
-  tags = {
-    Name = "Tf${var.network}Efs${each.key}"
-  }
- }
-
-resource "aws_efs_mount_target" "efs_efs_mount_target" {
-  for_each = var.nodeKeys
-  file_system_id = aws_efs_file_system.efs[each.key].id
-  subnet_id      = aws_subnet.subnet.id
-  security_groups = [aws_security_group.efs_security_group.id]
-}
-
-resource "aws_efs_access_point" "efs_access_point" {
-  for_each = var.nodeKeys
-  file_system_id = aws_efs_file_system.efs[each.key].id
-  root_directory {
-    path = "/${each.key}/database"
-    creation_info {
-      owner_gid = 1001
-      owner_uid = 1001
-      permissions = 777
-    }
-  }
-  posix_user {
-    gid = 1001
-    uid = 1001
-    secondary_gids = [0]
-  }
-  
-  tags = {
-       Name = "Tf${var.network}EfsAccessPoint${each.key}"
-   }
-}

cicd/terraform/module/region/main.tf

@@ -1,103 +0,0 @@
-terraform {
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "~> 5.13.1"
-    }
-  }
-}
-
-resource "aws_vpc" "vpc" {
-  cidr_block = var.vpc_cidr
-  instance_tenancy = "default"
-  enable_dns_hostnames = true
-
-  tags = {
-    Name = "Tf${var.network}Vpc"
-  }
-}
-
-resource "aws_subnet" "subnet" {
-  vpc_id = aws_vpc.vpc.id
-  cidr_block = var.subnet_cidr
-  map_public_ip_on_launch = true
-
-  tags = {
-    Name = "Tf${var.network}VpcSubnet"
-  }
-}
-
-resource "aws_internet_gateway" "gatewat" {
-  vpc_id = aws_vpc.vpc.id
-
-  tags = {
-    Name = "Tf${var.network}Gateway"
-  }
-}
-
-resource "aws_route_table" "route_table" {
-  vpc_id = aws_vpc.vpc.id
-
-  route {
-    cidr_block = "0.0.0.0/0"
-    gateway_id = aws_internet_gateway.gatewat.id
-  }
-
-  tags = {
-    Name = "Tf${var.network}VpcRoutingTable"
-  }
-}
-
-resource "aws_route_table_association" "route_table_association" {
-  subnet_id      = aws_subnet.subnet.id
-  route_table_id = aws_route_table.route_table.id
-}
-
-resource "aws_default_security_group" "xdcnode_security_group" {
-  vpc_id = aws_vpc.vpc.id
-
-  ingress {
-    description = "listener port"
-    from_port   = 30303
-    to_port     = 30303
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  ingress {
-    description = "discovery port"
-    from_port   = 30303
-    to_port     = 30303
-    protocol    = "udp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  ingress {
-    description = "rpc port"
-    from_port   = 8545
-    to_port     = 8545
-    protocol    = "tcp"
-    cidr_blocks = [var.vpc_cidr]
-  }
-
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-  tags = {
-    Name = "Tf${var.network}Node"
-  }
-}
-
-# Logs
-resource "aws_cloudwatch_log_group" "cloud_watch_group" {
-  for_each = var.nodeKeys
-
-  name = "tf-${each.key}"
-  retention_in_days = 14 # Logs are only kept for 14 days
-  tags = {
-    Name = "Tf${var.network}CloudWatchGroup${each.key}"
-  }
-}

cicd/terraform/module/region/rpc.tf

@@ -1,104 +0,0 @@
-# Allocate an Elastic IP for the NLB
-resource "aws_eip" "nlb_eip" {
-  domain = "vpc"
-}
-
-
-# Create a Network Load Balancer
-resource "aws_lb" "rpc_node_nlb" {
-  count = var.enableFixedIp ? 1 : 0
-  name               = "${var.network}-rpc-node-nlb"
-  load_balancer_type = "network"
-
-  enable_deletion_protection = false
-
-  subnet_mapping {
-    subnet_id     = aws_subnet.subnet.id
-    allocation_id = aws_eip.nlb_eip.id
-  }
-}
-
-# Listener and Target Group for the rpc node container
-resource "aws_lb_target_group" "rpc_node_tg_8545" {
-  count = var.enableFixedIp ? 1 : 0
-  name     = "${var.network}-rpc-node-tg"
-  port     = 8545
-  protocol = "TCP"
-  vpc_id   = aws_vpc.vpc.id
-  target_type = "ip"
-}
-
-resource "aws_lb_listener" "rpc_node_listener_8545" {
-  count = var.enableFixedIp ? 1 : 0
-  load_balancer_arn = aws_lb.rpc_node_nlb[0].arn
-  port              = 8545
-  protocol          = "TCP"
-
-  default_action {
-    type             = "forward"
-    target_group_arn = aws_lb_target_group.rpc_node_tg_8545[0].arn
-  }
-}
-
-resource "aws_ecs_service" "rpc_node_ecs_service" {
-  for_each             = var.enableFixedIp ? var.nodeKeys : {}
-  name                 = "ecs-service-${each.key}"
-  cluster              = aws_ecs_cluster.ecs_cluster.id
-  task_definition      = "${aws_ecs_task_definition.task_definition_group[each.key].family}:${max(aws_ecs_task_definition.task_definition_group[each.key].revision, data.aws_ecs_task_definition.ecs_task_definition[each.key].revision)}"
-  launch_type          = "FARGATE"
-  scheduling_strategy  = "REPLICA"
-  desired_count        = 1
-  force_new_deployment = true
-  deployment_minimum_healthy_percent = 0
-  deployment_maximum_percent = 100
-
-  network_configuration {
-    subnets          = [aws_subnet.subnet.id]
-    assign_public_ip = true
-    security_groups = [
-      aws_default_security_group.xdcnode_security_group.id
-    ]
-  }
-
-  deployment_circuit_breaker {
-    enable = true
-    rollback = false
-  }
-  
-  load_balancer {
-    target_group_arn = aws_lb_target_group.rpc_node_tg_8545[0].arn
-    container_name   = "tfXdcNode"
-    container_port   = 8545
-  }
-
-  depends_on = [
-    aws_lb_listener.rpc_node_listener_8545
-  ]
-
-  tags = {
-    Name        = "TfRpcNodeEcsService-${each.key}"
-  }
-}
-
-# Target Group for port 30303
-resource "aws_lb_target_group" "rpc_node_tg_30303" {
-  count = var.enableFixedIp ? 1 : 0
-  name     = "${var.network}-rpc-node-tg-30303"
-  port     = 30303
-  protocol = "TCP"
-  vpc_id   = aws_vpc.vpc.id
-  target_type = "ip"
-}
-
-# Listener for port 30303
-resource "aws_lb_listener" "rpc_node_listener_30303" {
-  count = var.enableFixedIp ? 1 : 0
-  load_balancer_arn = aws_lb.rpc_node_nlb[0].arn
-  port              = 30303
-  protocol          = "TCP"
-
-  default_action {
-    type             = "forward"
-    target_group_arn = aws_lb_target_group.rpc_node_tg_30303[0].arn
-  }
-}

cicd/terraform/module/region/variables.tf

@@ -1,50 +0,0 @@
-variable "region" {
-  description = "AWS region"
-  type        = string
-}
-
-variable "nodeKeys" {
-  description = "each miner's key"
-  type        = map
-}
-
-variable "logLevel" {
-  description = "containers log level"
-  type        = string
-}
-
-variable "xdc_ecs_tasks_execution_role_arn" {
-  description = "aws iam role resource arn"
-  type        = string
-}
-
-variable "enableFixedIp" {
-  description = "a flag to indicate whether fixed ip should be associated to the nodes. This is used for RPC node"
-  type = bool
-  default = false
-}
-
-variable "network" {
-  description = "blockchain network"
-  type = string
-}
-
-variable "cpu" {
-  description = "container cpu"
-  type = number
-}
-
-variable "memory" {
-  description = "container memory"
-  type = number
-}
-
-variable "vpc_cidr" {
-  description = "vpc cidr"
-  type = string
-}
-
-variable "subnet_cidr" {
-  description = "subnet cidr"
-  type = string
-}

cicd/terraform/s3.tf

@@ -1,14 +0,0 @@
-# Bucket need to be created first. If first time run terraform init, need to comment out the below section
-terraform {
-  backend "s3" {
-    bucket = "tf-xinfin-bucket"
-    key    = "tf/terraform_rpc.tfstate"
-    region = "us-east-1"
-    encrypt = true
-  }
-}
-
-data "aws_s3_object" "xdc_node_config" {
-  bucket = "tf-xinfin-bucket"
-  key    = "node-config.json"
-}

cicd/terraform/variables.tf

@@ -1,17 +0,0 @@
-locals {
-    predefinedNodesConfig = jsondecode(data.aws_s3_object.xdc_node_config.body)
-    envs = { for tuple in regexall("(.*)=(.*)", file(".env")) : tuple[0] => tuple[1] }
-    logLevel = local.envs["log_level"]
-
-    rpcDevnetNodeKeys = { "devnet-rpc1": local.predefinedNodesConfig["devnet-rpc1"]} // we hardcode the rpc to a single node for now
-    rpcTestnetNodeKeys = { "testnet-rpc1": local.predefinedNodesConfig["testnet-rpc1"]} // we hardcode the rpc to a single node for now
-    rpcMainnetNodeKeys = { "mainnet-rpc1": local.predefinedNodesConfig["mainnet-rpc1"]} // we hardcode the rpc to a single node for now
-}
-
-locals {
-  ami_id = "ami-097c4e1feeea169e5"
-  rpc_image = "xinfinorg/xdposchain:v2.2.0-beta1"
-  vpc_id = "vpc-20a06846"
-  aws_subnet_id = "subnet-4653ee20"
-  ssh_key_name = "devnetkey"
-}