From 38f4c98740655be12ed62a082391b39e12bcd616 Mon Sep 17 00:00:00 2001 From: benjamin202410 Date: Wed, 15 Jan 2025 19:47:58 -0800 Subject: [PATCH] remove-ec2-rpcs (#793) Co-authored-by: liam.lai --- cicd/terraform/.env | 1 - cicd/terraform/iam.tf | 28 ----- cicd/terraform/main.tf | 66 ----------- cicd/terraform/module/ec2_rpc/main.tf | 109 ------------------ .../module/region/container-definition.tpl | 44 ------- cicd/terraform/module/region/ecs.tf | 96 --------------- cicd/terraform/module/region/efs.tf | 67 ----------- cicd/terraform/module/region/main.tf | 103 ----------------- cicd/terraform/module/region/rpc.tf | 104 ----------------- cicd/terraform/module/region/variables.tf | 50 -------- cicd/terraform/s3.tf | 14 --- cicd/terraform/variables.tf | 17 --- 12 files changed, 699 deletions(-) delete mode 100644 cicd/terraform/.env delete mode 100644 cicd/terraform/iam.tf delete mode 100644 cicd/terraform/main.tf delete mode 100644 cicd/terraform/module/ec2_rpc/main.tf delete mode 100644 cicd/terraform/module/region/container-definition.tpl delete mode 100644 cicd/terraform/module/region/ecs.tf delete mode 100644 cicd/terraform/module/region/efs.tf delete mode 100644 cicd/terraform/module/region/main.tf delete mode 100644 cicd/terraform/module/region/rpc.tf delete mode 100644 cicd/terraform/module/region/variables.tf delete mode 100644 cicd/terraform/s3.tf delete mode 100644 cicd/terraform/variables.tf diff --git a/cicd/terraform/.env b/cicd/terraform/.env deleted file mode 100644 index bffc1dd977..0000000000 --- a/cicd/terraform/.env +++ /dev/null @@ -1 +0,0 @@ -log_level=3 diff --git a/cicd/terraform/iam.tf b/cicd/terraform/iam.tf deleted file mode 100644 index f5c5ee2fe0..0000000000 --- a/cicd/terraform/iam.tf +++ /dev/null @@ -1,28 +0,0 @@ -# IAM policies -data "aws_iam_policy_document" "xdc_ecs_tasks_execution_role" { - statement { - actions = ["sts:AssumeRole"] - - principals { - type = "Service" - identifiers = ["ecs-tasks.amazonaws.com"] - } - } -} - -# Create the role -resource "aws_iam_role" "xdc_ecs_tasks_execution_role" { - name = "xdc-ecs-task-execution-role" - assume_role_policy = "${data.aws_iam_policy_document.xdc_ecs_tasks_execution_role.json}" -} - -# Attached the AWS managed policies to the new role -resource "aws_iam_role_policy_attachment" "xdc_ecs_tasks_execution_role" { - for_each = toset([ - "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientFullAccess", - "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", - "arn:aws:iam::aws:policy/AmazonElasticFileSystemsUtils" - ]) - role = aws_iam_role.xdc_ecs_tasks_execution_role.name - policy_arn = each.value -} diff --git a/cicd/terraform/main.tf b/cicd/terraform/main.tf deleted file mode 100644 index 7fc541fb7f..0000000000 --- a/cicd/terraform/main.tf +++ /dev/null @@ -1,66 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.13.1" - } - } -} - -# Default -provider "aws" { - region = "us-east-1" -} - -provider "aws" { - alias = "ap-southeast-1" - region = "ap-southeast-1" -} - -module "devnet_rpc" { - source = "./module/ec2_rpc" - network = "devnet" - vpc_id = local.vpc_id - aws_subnet_id = local.aws_subnet_id - ami_id = local.ami_id - instance_type = "t3.large" - ssh_key_name = local.ssh_key_name - rpc_image = local.rpc_image - volume_size = 1500 - - providers = { - aws = aws.ap-southeast-1 - } -} - -module "testnet_rpc" { - source = "./module/ec2_rpc" - network = "testnet" - vpc_id = local.vpc_id - aws_subnet_id = local.aws_subnet_id - ami_id = local.ami_id - instance_type = "t3.large" - ssh_key_name = local.ssh_key_name - rpc_image = local.rpc_image - volume_size = 1500 - - providers = { - aws = aws.ap-southeast-1 - } -} - -module "mainnet_rpc" { - source = "./module/ec2_rpc" - network = "mainnet" - vpc_id = local.vpc_id - aws_subnet_id = local.aws_subnet_id - ami_id = local.ami_id - instance_type = "t3.large" - ssh_key_name = local.ssh_key_name - rpc_image = local.rpc_image - volume_size = 3000 - - providers = { - aws = aws.ap-southeast-1 - } -} \ No newline at end of file diff --git a/cicd/terraform/module/ec2_rpc/main.tf b/cicd/terraform/module/ec2_rpc/main.tf deleted file mode 100644 index 00594517ac..0000000000 --- a/cicd/terraform/module/ec2_rpc/main.tf +++ /dev/null @@ -1,109 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.13.1" - } - } -} -variable network { - type = string -} -variable vpc_id { - type = string -} -variable aws_subnet_id { - type = string -} -variable ami_id { - type = string -} -variable instance_type { - type = string -} -variable ssh_key_name { - type = string -} -variable rpc_image { - type = string -} -variable volume_size{ - type = number -} - -resource "aws_security_group" "rpc_sg" { - name_prefix = "${var.network}_rpc_sg" - - ingress { - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - ingress { - from_port = 30303 - to_port = 30303 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - ingress { - from_port = 8545 - to_port = 8545 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - ingress { - from_port = 8555 - to_port = 8555 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } -} - -resource "aws_instance" "rpc_instance" { - instance_type = var.instance_type - ami = var.ami_id - tags = { - Name = var.network - } - key_name = var.ssh_key_name - vpc_security_group_ids = [aws_security_group.rpc_sg.id] - - root_block_device { - volume_size = var.volume_size - } - - - #below still need to remove git checkout {{branch}} after files merged to master - user_data = <<-EOF - #!/bin/bash - sudo yum update -y - sudo yum upgrade -y - sudo yum install git -y - sudo yum install docker -y - mkdir -p /root/.docker/cli-plugins - curl -SL https://github.com/docker/compose/releases/download/v2.25.0/docker-compose-linux-x86_64 -o /root/.docker/cli-plugins/docker-compose - sudo chmod +x /root/.docker/cli-plugins/docker-compose - echo checking compose version - docker compose version - sudo systemctl enable docker - sudo systemctl start docker - mkdir -p /work - cd /work - git clone https://github.com/XinFinOrg/XinFin-Node - cd /work/XinFin-Node/${var.network} - export RPC_IMAGE="${var.rpc_image}" - echo RPC_IMAGE=$RPC_IMAGE - ./docker-up-hash.sh - EOF -} \ No newline at end of file diff --git a/cicd/terraform/module/region/container-definition.tpl b/cicd/terraform/module/region/container-definition.tpl deleted file mode 100644 index 008e98522a..0000000000 --- a/cicd/terraform/module/region/container-definition.tpl +++ /dev/null @@ -1,44 +0,0 @@ -[ - { - "name": "tfXdcNode", - "image": "xinfinorg/${image_environment}:${image_tag}", - "environment": [ - {"name": "PRIVATE_KEY", "value": "${private_key}"}, - {"name": "LOG_LEVEL", "value": "${log_level}"}, - {"name": "NODE_NAME", "value": "${node_name}"}, - {"name": "NETWORK", "value": "${chain_network}"} - ], - "essential": true, - "logConfiguration": { - "logDriver": "awslogs", - "options": { - "awslogs-group": "${cloudwatch_group}", - "awslogs-region": "${cloudwatch_region}", - "awslogs-stream-prefix": "ecs" - } - }, - "portMappings": [ - { - "hostPort": 8555, - "protocol": "tcp", - "containerPort": 8555 - }, - { - "hostPort": 8545, - "protocol": "tcp", - "containerPort": 8545 - }, - { - "hostPort": 30303, - "protocol": "tcp", - "containerPort": 30303 - } - ], - "mountPoints": [ - { - "containerPath": "/work/xdcchain", - "sourceVolume": "efs" - } - ] - } -] \ No newline at end of file diff --git a/cicd/terraform/module/region/ecs.tf b/cicd/terraform/module/region/ecs.tf deleted file mode 100644 index d529cafb47..0000000000 --- a/cicd/terraform/module/region/ecs.tf +++ /dev/null @@ -1,96 +0,0 @@ -data template_file container_definition { - for_each = var.nodeKeys - template = "${file("${path.module}/container-definition.tpl")}" - - vars = { - image_environment = "${lookup(each.value, "imageEnvironment", "devnet")}" - image_tag = "${lookup(each.value, "imageTag", "latest")}" - node_name = "${each.key}" - private_key = "${each.value.pk}" - cloudwatch_group = "tf-${each.key}" - cloudwatch_region = "${var.region}" - log_level = "${lookup(each.value, "logLevel", "${var.logLevel}")}" - chain_network = var.network - } -} - -resource "aws_ecs_task_definition" "task_definition_group" { - for_each = var.nodeKeys - - family = "${var.network}-${each.key}" - requires_compatibilities = ["FARGATE"] - network_mode = "awsvpc" - container_definitions = data.template_file.container_definition[each.key].rendered - execution_role_arn = var.xdc_ecs_tasks_execution_role_arn - task_role_arn = var.xdc_ecs_tasks_execution_role_arn - - # New nodes will consume a lot more CPU usage than existing nodes. - # This is due to sync is resource heavy. Recommending set to below if doing sync: - # CPU = 2048, Memory = 4096 - # Please set it back to cpu 256 and memory of 2048 after sync is done to save the cost - # cpu = 256 - # memory = 2048 - cpu = var.cpu - memory = var.memory - volume { - name = "efs" - - efs_volume_configuration { - file_system_id = aws_efs_file_system.efs[each.key].id - root_directory = "/" - transit_encryption = "ENABLED" - authorization_config { - access_point_id = aws_efs_access_point.efs_access_point[each.key].id - iam = "DISABLED" - } - } - } - - tags = { - Name = "Tf${var.network}Ecs-${each.key}" - } -} - -data "aws_ecs_task_definition" "ecs_task_definition" { - for_each = var.nodeKeys - task_definition = aws_ecs_task_definition.task_definition_group[each.key].family -} - -# ECS cluster -resource "aws_ecs_cluster" "ecs_cluster" { - name = "${var.network}-xdcnode-cluster" - tags = { - Name = "Tf${var.network}EcsCluster" - } -} - - -resource "aws_ecs_service" "ecs_service" { - for_each = var.enableFixedIp ? {} : var.nodeKeys - name = "ecs-service-${each.key}" - cluster = aws_ecs_cluster.ecs_cluster.id - task_definition = "${aws_ecs_task_definition.task_definition_group[each.key].family}:${max(aws_ecs_task_definition.task_definition_group[each.key].revision, data.aws_ecs_task_definition.ecs_task_definition[each.key].revision)}" - launch_type = "FARGATE" - scheduling_strategy = "REPLICA" - desired_count = 1 - force_new_deployment = true - deployment_minimum_healthy_percent = 0 - deployment_maximum_percent = 100 - - network_configuration { - subnets = [aws_subnet.subnet.id] - assign_public_ip = true - security_groups = [ - aws_default_security_group.xdcnode_security_group.id - ] - } - - deployment_circuit_breaker { - enable = true - rollback = false - } - - tags = { - Name = "Tf${var.network}EcsService-${each.key}" - } -} \ No newline at end of file diff --git a/cicd/terraform/module/region/efs.tf b/cicd/terraform/module/region/efs.tf deleted file mode 100644 index 11b426ff37..0000000000 --- a/cicd/terraform/module/region/efs.tf +++ /dev/null @@ -1,67 +0,0 @@ - -# EFS -resource "aws_security_group" "efs_security_group" { - name = "Tf${var.network}EfsSecurityGroup" - description = "Allow HTTP in and out of ${var.network} EFS" - vpc_id = aws_vpc.vpc.id - - ingress { - from_port = 2049 - to_port = 2049 - protocol = "TCP" - security_groups = [aws_default_security_group.xdcnode_security_group.id] - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - tags = { - Name = "Tf${var.network}Efs" - } -} - -resource "aws_efs_file_system" "efs" { - for_each = var.nodeKeys - creation_token = "efs-${each.key}" - performance_mode = "generalPurpose" - throughput_mode = "bursting" - encrypted = "true" - lifecycle_policy { - transition_to_ia = "AFTER_30_DAYS" - } - tags = { - Name = "Tf${var.network}Efs${each.key}" - } - } - -resource "aws_efs_mount_target" "efs_efs_mount_target" { - for_each = var.nodeKeys - file_system_id = aws_efs_file_system.efs[each.key].id - subnet_id = aws_subnet.subnet.id - security_groups = [aws_security_group.efs_security_group.id] -} - -resource "aws_efs_access_point" "efs_access_point" { - for_each = var.nodeKeys - file_system_id = aws_efs_file_system.efs[each.key].id - root_directory { - path = "/${each.key}/database" - creation_info { - owner_gid = 1001 - owner_uid = 1001 - permissions = 777 - } - } - posix_user { - gid = 1001 - uid = 1001 - secondary_gids = [0] - } - - tags = { - Name = "Tf${var.network}EfsAccessPoint${each.key}" - } -} \ No newline at end of file diff --git a/cicd/terraform/module/region/main.tf b/cicd/terraform/module/region/main.tf deleted file mode 100644 index 5c6e0a47cd..0000000000 --- a/cicd/terraform/module/region/main.tf +++ /dev/null @@ -1,103 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.13.1" - } - } -} - -resource "aws_vpc" "vpc" { - cidr_block = var.vpc_cidr - instance_tenancy = "default" - enable_dns_hostnames = true - - tags = { - Name = "Tf${var.network}Vpc" - } -} - -resource "aws_subnet" "subnet" { - vpc_id = aws_vpc.vpc.id - cidr_block = var.subnet_cidr - map_public_ip_on_launch = true - - tags = { - Name = "Tf${var.network}VpcSubnet" - } -} - -resource "aws_internet_gateway" "gatewat" { - vpc_id = aws_vpc.vpc.id - - tags = { - Name = "Tf${var.network}Gateway" - } -} - -resource "aws_route_table" "route_table" { - vpc_id = aws_vpc.vpc.id - - route { - cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.gatewat.id - } - - tags = { - Name = "Tf${var.network}VpcRoutingTable" - } -} - -resource "aws_route_table_association" "route_table_association" { - subnet_id = aws_subnet.subnet.id - route_table_id = aws_route_table.route_table.id -} - -resource "aws_default_security_group" "xdcnode_security_group" { - vpc_id = aws_vpc.vpc.id - - ingress { - description = "listener port" - from_port = 30303 - to_port = 30303 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - ingress { - description = "discovery port" - from_port = 30303 - to_port = 30303 - protocol = "udp" - cidr_blocks = ["0.0.0.0/0"] - } - - ingress { - description = "rpc port" - from_port = 8545 - to_port = 8545 - protocol = "tcp" - cidr_blocks = [var.vpc_cidr] - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - tags = { - Name = "Tf${var.network}Node" - } -} - -# Logs -resource "aws_cloudwatch_log_group" "cloud_watch_group" { - for_each = var.nodeKeys - - name = "tf-${each.key}" - retention_in_days = 14 # Logs are only kept for 14 days - tags = { - Name = "Tf${var.network}CloudWatchGroup${each.key}" - } -} \ No newline at end of file diff --git a/cicd/terraform/module/region/rpc.tf b/cicd/terraform/module/region/rpc.tf deleted file mode 100644 index 901b3b9c0b..0000000000 --- a/cicd/terraform/module/region/rpc.tf +++ /dev/null @@ -1,104 +0,0 @@ -# Allocate an Elastic IP for the NLB -resource "aws_eip" "nlb_eip" { - domain = "vpc" -} - - -# Create a Network Load Balancer -resource "aws_lb" "rpc_node_nlb" { - count = var.enableFixedIp ? 1 : 0 - name = "${var.network}-rpc-node-nlb" - load_balancer_type = "network" - - enable_deletion_protection = false - - subnet_mapping { - subnet_id = aws_subnet.subnet.id - allocation_id = aws_eip.nlb_eip.id - } -} - -# Listener and Target Group for the rpc node container -resource "aws_lb_target_group" "rpc_node_tg_8545" { - count = var.enableFixedIp ? 1 : 0 - name = "${var.network}-rpc-node-tg" - port = 8545 - protocol = "TCP" - vpc_id = aws_vpc.vpc.id - target_type = "ip" -} - -resource "aws_lb_listener" "rpc_node_listener_8545" { - count = var.enableFixedIp ? 1 : 0 - load_balancer_arn = aws_lb.rpc_node_nlb[0].arn - port = 8545 - protocol = "TCP" - - default_action { - type = "forward" - target_group_arn = aws_lb_target_group.rpc_node_tg_8545[0].arn - } -} - -resource "aws_ecs_service" "rpc_node_ecs_service" { - for_each = var.enableFixedIp ? var.nodeKeys : {} - name = "ecs-service-${each.key}" - cluster = aws_ecs_cluster.ecs_cluster.id - task_definition = "${aws_ecs_task_definition.task_definition_group[each.key].family}:${max(aws_ecs_task_definition.task_definition_group[each.key].revision, data.aws_ecs_task_definition.ecs_task_definition[each.key].revision)}" - launch_type = "FARGATE" - scheduling_strategy = "REPLICA" - desired_count = 1 - force_new_deployment = true - deployment_minimum_healthy_percent = 0 - deployment_maximum_percent = 100 - - network_configuration { - subnets = [aws_subnet.subnet.id] - assign_public_ip = true - security_groups = [ - aws_default_security_group.xdcnode_security_group.id - ] - } - - deployment_circuit_breaker { - enable = true - rollback = false - } - - load_balancer { - target_group_arn = aws_lb_target_group.rpc_node_tg_8545[0].arn - container_name = "tfXdcNode" - container_port = 8545 - } - - depends_on = [ - aws_lb_listener.rpc_node_listener_8545 - ] - - tags = { - Name = "TfRpcNodeEcsService-${each.key}" - } -} - -# Target Group for port 30303 -resource "aws_lb_target_group" "rpc_node_tg_30303" { - count = var.enableFixedIp ? 1 : 0 - name = "${var.network}-rpc-node-tg-30303" - port = 30303 - protocol = "TCP" - vpc_id = aws_vpc.vpc.id - target_type = "ip" -} - -# Listener for port 30303 -resource "aws_lb_listener" "rpc_node_listener_30303" { - count = var.enableFixedIp ? 1 : 0 - load_balancer_arn = aws_lb.rpc_node_nlb[0].arn - port = 30303 - protocol = "TCP" - - default_action { - type = "forward" - target_group_arn = aws_lb_target_group.rpc_node_tg_30303[0].arn - } -} \ No newline at end of file diff --git a/cicd/terraform/module/region/variables.tf b/cicd/terraform/module/region/variables.tf deleted file mode 100644 index 3f09785b81..0000000000 --- a/cicd/terraform/module/region/variables.tf +++ /dev/null @@ -1,50 +0,0 @@ -variable "region" { - description = "AWS region" - type = string -} - -variable "nodeKeys" { - description = "each miner's key" - type = map -} - -variable "logLevel" { - description = "containers log level" - type = string -} - -variable "xdc_ecs_tasks_execution_role_arn" { - description = "aws iam role resource arn" - type = string -} - -variable "enableFixedIp" { - description = "a flag to indicate whether fixed ip should be associated to the nodes. This is used for RPC node" - type = bool - default = false -} - -variable "network" { - description = "blockchain network" - type = string -} - -variable "cpu" { - description = "container cpu" - type = number -} - -variable "memory" { - description = "container memory" - type = number -} - -variable "vpc_cidr" { - description = "vpc cidr" - type = string -} - -variable "subnet_cidr" { - description = "subnet cidr" - type = string -} \ No newline at end of file diff --git a/cicd/terraform/s3.tf b/cicd/terraform/s3.tf deleted file mode 100644 index 5c1fc49115..0000000000 --- a/cicd/terraform/s3.tf +++ /dev/null @@ -1,14 +0,0 @@ -# Bucket need to be created first. If first time run terraform init, need to comment out the below section -terraform { - backend "s3" { - bucket = "tf-xinfin-bucket" - key = "tf/terraform_rpc.tfstate" - region = "us-east-1" - encrypt = true - } -} - -data "aws_s3_object" "xdc_node_config" { - bucket = "tf-xinfin-bucket" - key = "node-config.json" -} diff --git a/cicd/terraform/variables.tf b/cicd/terraform/variables.tf deleted file mode 100644 index 02bf5bdcf4..0000000000 --- a/cicd/terraform/variables.tf +++ /dev/null @@ -1,17 +0,0 @@ -locals { - predefinedNodesConfig = jsondecode(data.aws_s3_object.xdc_node_config.body) - envs = { for tuple in regexall("(.*)=(.*)", file(".env")) : tuple[0] => tuple[1] } - logLevel = local.envs["log_level"] - - rpcDevnetNodeKeys = { "devnet-rpc1": local.predefinedNodesConfig["devnet-rpc1"]} // we hardcode the rpc to a single node for now - rpcTestnetNodeKeys = { "testnet-rpc1": local.predefinedNodesConfig["testnet-rpc1"]} // we hardcode the rpc to a single node for now - rpcMainnetNodeKeys = { "mainnet-rpc1": local.predefinedNodesConfig["mainnet-rpc1"]} // we hardcode the rpc to a single node for now -} - -locals { - ami_id = "ami-097c4e1feeea169e5" - rpc_image = "xinfinorg/xdposchain:v2.2.0-beta1" - vpc_id = "vpc-20a06846" - aws_subnet_id = "subnet-4653ee20" - ssh_key_name = "devnetkey" -} \ No newline at end of file