Mainnet testnet infra changes

[DaMandal0rian]

PR Type

enhancement

---

Description

• Added comprehensive AWS instance configurations for various node types including bootstrap, RPC, EVM, and farmer nodes.
• Defined variables for node configurations, including instance types, counts, and AWS regions, with sensitive variables for API keys and credentials.
• Configured network infrastructure with VPC, subnets, internet gateway, and security groups.
• Implemented provisioner resources for setting up nodes, including SSH connections, file transfers, and Docker installation.
• Updated Cloudflare DNS records for node IP addresses with appropriate domain prefixes and labels.

---

Changes walkthrough 📝

	Relevant files
Enhancement	13 files instances.tf Add AWS Instance Configurations for Mainnet Nodes                templates/terraform/mainnet-primitives/instances.tf Added AWS instance configurations for various node types including bootstrap, RPC, EVM, and farmer nodes. Configured security groups, SSH connections, and provisioner scripts for node setup. Included tags and lifecycle management for instances. +569/-0  nova_indexer_node_provisioner.tf Add Provisioner for Nova Indexer Nodes Setup                          templates/terraform/mainnet-primitives/nova_indexer_node_provisioner.tf Added provisioner resources for setting up Nova indexer nodes. Configured SSH connections and file transfers for node setup. Included scripts for Docker installation and node startup. +185/-0  network.tf Configure Network Infrastructure for Mainnet                          templates/terraform/mainnet-primitives/network.tf Added resources for VPC, subnets, and internet gateway setup. Configured security groups with ingress and egress rules. Included route tables and associations for public subnets. +222/-0  autoid_node_provisioner.tf Add Provisioner for AutoID Nodes Setup                                      templates/terraform/mainnet-primitives/autoid_node_provisioner.tf Added provisioner resources for setting up AutoID nodes. Configured SSH connections and file transfers for node setup. Included scripts for Docker installation and node startup. +184/-0  domain_node_provisioner.tf Add Provisioner for EVM Domain Nodes Setup                              templates/terraform/mainnet-primitives/domain_node_provisioner.tf Added provisioner resources for setting up EVM domain nodes. Configured SSH connections and file transfers for node setup. Included scripts for Docker installation and node startup. +184/-0  farmer_node_provisioner.tf Add Provisioner for Farmer Nodes Setup                                      templates/terraform/mainnet-primitives/farmer_node_provisioner.tf Added provisioner resources for setting up farmer nodes. Configured SSH connections and file transfers for node setup. Included scripts for Docker installation and node startup. +173/-0  bootstrap_node_autoid_provisioner.tf Add Provisioner for AutoID Bootstrap Nodes Setup                  templates/terraform/mainnet-primitives/bootstrap_node_autoid_provisioner.tf Added provisioner resources for setting up AutoID bootstrap nodes. Configured SSH connections and file transfers for node setup. Included scripts for Docker installation and node startup. +168/-0  bootstrap_node_evm_provisioner.tf Add Provisioner for EVM Bootstrap Nodes Setup                        templates/terraform/mainnet-primitives/bootstrap_node_evm_provisioner.tf Added provisioner resources for setting up EVM bootstrap nodes. Configured SSH connections and file transfers for node setup. Included scripts for Docker installation and node startup. +168/-0  bootstrap_node_domain_provisioner.tf Refactor Provisioner for Domain Bootstrap Nodes                    templates/terraform/hetzner/bootstrap_node_domain_provisioner.tf Refactored provisioner resources for domain bootstrap nodes. Updated SSH connection configurations and file transfers. Included scripts for Docker installation and node startup. +29/-31  main.tf Add Root Module for Mainnet Network Primitives                      resources/mainnet/main.tf Added root module for mainnet network primitives. Configured various node types and their deployment settings. Included sensitive variables for credentials and API keys. +170/-0  rpc_indexer_node_provisioner.tf Add Provisioner for RPC Indexer Nodes Setup                            templates/terraform/mainnet-primitives/rpc_indexer_node_provisioner.tf Added provisioner resources for setting up RPC indexer nodes. Configured SSH connections and file transfers for node setup. Included scripts for Docker installation and node startup. +174/-0  rpc_node_provisioner.tf Add Provisioner for RPC Nodes Setup                                            templates/terraform/mainnet-primitives/rpc_node_provisioner.tf Added provisioner resources for setting up RPC nodes. Configured SSH connections and file transfers for node setup. Included scripts for Docker installation and node startup. +174/-0  bootstrap_node_provisioner.tf Add Provisioner for Bootstrap Nodes Setup                                templates/terraform/mainnet-primitives/bootstrap_node_provisioner.tf Added provisioner resources for setting up bootstrap nodes. Configured SSH connections and file transfers for node setup. Included scripts for Docker installation and node startup. +160/-0
Configuration changes	2 files variables.tf Define Variables for Node Configuration and Credentials    templates/terraform/mainnet-primitives/variables.tf Defined variables for node configurations including instance types, counts, and AWS regions. Added sensitive variables for API keys and credentials. Included default values for some variables. +311/-0  dns.tf Update Cloudflare DNS Records for Nodes                                    templates/terraform/network-primitives/dns.tf Updated Cloudflare DNS records for various node types. Configured A and AAAA records for node IP addresses. Adjusted domain prefixes and labels for nodes. +21/-20
Additional files (token-limit)	22 files dns.tf ...                                                                                                            templates/terraform/mainnet-primitives/dns.tf ... +107/-0  outputs.tf ...                                                                                                            templates/terraform/mainnet-primitives/outputs.tf ... +159/-0  variables.tf ...                                                                                                            resources/mainnet/variables.tf ... +120/-0  bootstrap_node_autoid_provisioner.tf ...                                                                                                            templates/terraform/network-primitives/bootstrap_node_autoid_provisioner.tf ... +3/-3      autoid_node_provisioner.tf ...                                                                                                            templates/terraform/network-primitives/autoid_node_provisioner.tf ... +4/-4      domain_node_provisioner.tf ...                                                                                                            templates/terraform/hetzner/domain_node_provisioner.tf ... +3/-6      domain_node_provisioner.tf ...                                                                                                            templates/terraform/network-primitives/domain_node_provisioner.tf ... +3/-3      outputs.tf ...                                                                                                            resources/mainnet/outputs.tf ... +51/-0    main.tf ...                                                                                                            resources/hetzner/main.tf ... +2/-2      variables.tf ...                                                                                                            resources/hetzner/variables.tf ... +10/-10  provider.tf ...                                                                                                            templates/terraform/mainnet-primitives/provider.tf ... +31/-0    outputs.tf ...                                                                                                            templates/terraform/hetzner/outputs.tf ... +3/-3      nova_squid_node_provisioner.tf ...                                                                                                            templates/terraform/network-primitives/nova_squid_node_provisioner.tf ... +1/-1      rpc_squid_node_provisioner.tf ...                                                                                                            templates/terraform/network-primitives/rpc_squid_node_provisioner.tf ... +1/-1      ami.tf ...                                                                                                            templates/terraform/mainnet-primitives/ami.tf ... +20/-0    variables.tf ...                                                                                                            templates/terraform/hetzner/variables.tf ... +2/-2      common.tf ...                                                                                                            resources/mainnet/common.tf ... +20/-0    backend.tf ...                                                                                                            resources/mainnet/backend.tf ... +9/-0      create_domain_node_compose_file.sh ...                                                                                                            templates/scripts/create_domain_node_compose_file.sh ... +2/-2      create_bootstrap_node_domain_compose_file.sh ...                                                                                                            templates/scripts/create_bootstrap_node_domain_compose_file.sh ... +2/-2      acme.sh ...                                                                                                            templates/scripts/acme.sh ... +1/-1      terrafrom.tfvars.example ...                                                                                                            resources/mainnet/terrafrom.tfvars.example ... +17/-0

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[github-actions]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review: 5 🔵🔵🔵🔵🔵

🧪 No relevant tests

🔒 Security concerns Sensitive information exposure: The configuration files contain sensitive information such as API keys and credentials. Ensure these are managed securely, potentially using a secrets management tool or environment variables, to avoid exposure.

⚡ Key issues to review Security Concerns The configuration exposes sensitive information such as API keys and credentials. Ensure these are securely managed and not hard-coded or exposed in the configuration files. Hardcoded Values Several variables like aws_region, instance_type, and disk_volume_type have hardcoded defaults. Consider making these configurable through input variables without defaults to ensure flexibility across different environments. Resource Duplication There is a significant amount of duplicated code across different resource blocks for various node types. Consider refactoring to use a more modular approach or leveraging loops and conditionals to reduce code duplication and improve maintainability.

[github-actions]

PR Code Suggestions ✨

Category	Suggestion	Score
Possible bug	Correct the assignment of the availability_zone to ensure it receives a single value from a list The availability_zone parameter is set to var.azs, which implies that it might be a list of availability zones. This could lead to an error because the availability_zone parameter expects a single value. You should use the element function to select a specific availability zone from the list. templates/terraform/mainnet-primitives/instances.tf [6] -availability_zone = var.azs +availability_zone = element(var.azs, count.index) Suggestion importance[1-10]: 9 Why: The suggestion correctly identifies a potential bug where availability_zone might be assigned a list instead of a single value, which could cause errors. Using element ensures a single value is selected, which is crucial for correct functionality.	9
Maintainability	Replace hardcoded values with variable references in the Terraform configuration Replace the hardcoded value in the bootstrap-node-domain-config with a variable reference to enhance maintainability and flexibility. This change allows for easier updates and consistency across different environments. resources/hetzner/main.tf [19-22] bootstrap-node-domain-config = { - deployment-version = 1 + deployment-version = var.deployment_version instance-count = var.instance_count["bootstrap"] - repo-org = "autonomys" + repo-org = var.repo_org Suggestion importance[1-10]: 8 Why: Replacing hardcoded values with variable references enhances maintainability and flexibility, allowing for easier updates and consistency across different environments.	8
	Replace hardcoded timeout with a configurable variable Replace the hardcoded timeout value with a variable to allow for easier configuration and maintainability. templates/terraform/mainnet-primitives/bootstrap_node_autoid_provisioner.tf [29] -timeout = "300s" +timeout = var.connection_timeout Suggestion importance[1-10]: 7 Why: Using a variable for the timeout value enhances maintainability and flexibility, allowing for easier adjustments without modifying the code directly.	7
	Replace hardcoded SSH user with a variable Use a variable for the SSH user to enhance flexibility and maintainability of the script. templates/terraform/mainnet-primitives/bootstrap_node_autoid_provisioner.tf [25] -user = var.ssh_user +user = var.ssh_user_name Suggestion importance[1-10]: 6 Why: Using a variable for the SSH user improves flexibility and maintainability, making it easier to change the user configuration if needed.	6
Best practice	Change the on_failure strategy to fail to ensure errors are handled The on_failure attribute for the remote-exec provisioner is set to continue, which might lead to ignoring critical errors during the provisioning phase. Consider changing this to fail to ensure that any error in the provisioning process is addressed promptly. templates/terraform/mainnet-primitives/instances.tf [50] -on_failure = continue +on_failure = fail Suggestion importance[1-10]: 8 Why: Changing on_failure to fail ensures that errors during provisioning are not ignored, which is a best practice for robust error handling.	8
	Add error handling to SSH connections in the provisioning script Add error handling for the SSH connection in the null_resource to ensure that the provisioning process does not fail silently. templates/terraform/hetzner/bootstrap_node_domain_provisioner.tf [17-20] connection { host = local.bootstrap_nodes_domain_ip_v4[count.index] user = var.ssh_user type = "ssh" agent = true + timeout = "10m" + on_failure = "continue" } Suggestion importance[1-10]: 7 Why: Adding error handling to SSH connections is a best practice that ensures the provisioning process does not fail silently, improving the robustness of the deployment process.	7
	Improve error handling by using a script that logs installation errors Replace the direct command execution with a script that checks for errors and logs them for better error handling and debugging. templates/terraform/mainnet-primitives/bootstrap_node_autoid_provisioner.tf [55] -"sudo bash /home/${var.ssh_user}/subspace/installer.sh", +"bash /home/${var.ssh_user}/subspace/safe_installer.sh" Suggestion importance[1-10]: 5 Why: Replacing direct command execution with a script that includes error checking and logging can improve debugging and error handling, though it requires additional implementation.	5
Security	Enhance security by using a secure reference for the SSH private key Ensure the security of the SSH private key by referencing it through a secure store or encrypted variable instead of directly from a file path. templates/terraform/mainnet-primitives/bootstrap_node_autoid_provisioner.tf [28] -private_key = file("${var.private_key_path}") +private_key = file(var.secure_private_key_path) Suggestion importance[1-10]: 8 Why: Referencing the SSH private key through a secure store or encrypted variable significantly improves security by reducing the risk of exposing sensitive information.	8
Enhancement	Remove duplicate tag keys in the resource configuration The tags block includes duplicate keys (Name and name) with the same value. Terraform is case-sensitive for keys in maps, so both will be included, which might not be intended and could cause confusion. Consider removing one of the duplicate keys. templates/terraform/mainnet-primitives/instances.tf [23-30] tags = { Name = "${var.network_name}-bootstrap-${count.index}" - name = "${var.network_name}-bootstrap-${count.index}" role = "bootstrap node" os_name = "ubuntu" os_version = "22.04" arch = "x86_64" } Suggestion importance[1-10]: 7 Why: Removing duplicate keys in the tags block improves code clarity and prevents potential confusion, although it is not critical to functionality.	7
	Rename the variable for clarity and improved readability Use a more descriptive variable name for instance_count to reflect its purpose and improve code readability. resources/hetzner/variables.tf [25-33] -variable "instance_count" { +variable "node_instance_counts" { type = map(number) default = { bootstrap = 2 node = 1 farmer = 1 domain = 2 domain_bootstrap = 1 } } Suggestion importance[1-10]: 6 Why: Renaming the variable to be more descriptive improves code readability and maintainability, which is beneficial for understanding the code's purpose.	6
	Parameterize the iops and throughput values in the EBS block device configuration The iops and throughput values for the ebs_block_device are hardcoded to 3000 IOPS and 250 MB/s, respectively. It's recommended to parameterize these values to allow flexibility and configuration based on the environment or specific requirements. templates/terraform/mainnet-primitives/instances.tf [14-20] ebs_block_device { device_name = "/dev/sda1" volume_size = var.bootstrap-node-config.disk-volume-size volume_type = var.bootstrap-node-config.disk-volume-type - iops = 3000 - throughput = 250 + iops = var.bootstrap-node-config.iops + throughput = var.bootstrap-node-config.throughput } Suggestion importance[1-10]: 6 Why: Parameterizing iops and throughput values enhances flexibility and adaptability of the configuration, although it is not a critical change.	6
Possible issue	Improve the robustness of the sed command in the Terraform script Ensure that the sed command in the program attribute is robust against potential changes in the file format by adding error handling or a more specific regex pattern. resources/hetzner/main.tf [83] -program = ["bash", "-c", "echo '{\"OPERATOR_MULTI_ADDR\": \"'$(sed -nr 's/^NODE_0_OPERATOR_MULTI_ADDR=(.*)/\\1/p' ./bootstrap_node_domain_keys.txt)'\"}'"] +program = ["bash", "-c", "echo '{\"OPERATOR_MULTI_ADDR\": \"'$(sed -nr 's/^NODE_0_OPERATOR_MULTI_ADDR=(.*)$/\\1/p' ./bootstrap_node_domain_keys.txt)'\"}'"] Suggestion importance[1-10]: 5 Why: The suggestion to improve the robustness of the sed command by adding a more specific regex pattern is valid, but the improvement is minor as the existing pattern is already functional.	5