diff --git a/.circleci/config.yml b/.circleci/config.yml index ef5bafcc335..666206e3475 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2,9 +2,18 @@ # and https://github.com/facebook/react-native/blob/master/.circleci/config.yml version: 2.1 - +setup: true parameters: + run-workflow-general: + type: boolean + default: false + run-workflow-npm-install: + type: boolean + default: false + run-workflow-protocol-coverage: + type: boolean + default: false # When you need to force a rebuild of the node modules cache then bump this version node-modules-cache-version: type: integer @@ -891,6 +900,9 @@ jobs: workflows: version: 2 celo-monorepo-build: + # Contitionally triggered + when: + or: [<< pipeline.parameters.run-workflow-general >>] jobs: - install_dependencies - certora-test: @@ -1011,30 +1023,17 @@ workflows: - end-to-end-cip35-eth-compatibility-test - odis-test npm-install-testing-cron-workflow: - triggers: - - schedule: - # 7 PM in UTC = noon in PDT. - # Best for test to fail during SF afternoon, so that, someone can fix it during the day time. - cron: '0 19 * * *' - filters: - branches: - only: - - master + # Contitionally triggered + when: + or: [<< pipeline.parameters.run-workflow-npm-install >>] jobs: - test-typescript-npm-package-install - test-utils-npm-package-install - test-contractkit-npm-package-install - test-celocli-npm-package-install protocol-testing-with-code-coverage-cron-workflow: - triggers: - - schedule: - # 1 PM in UTC = 6 AM in PDT. - # Best for this slow test (~3 hours) to run during SF early morning. - cron: '0 13 * * *' - filters: - branches: - only: - - master + when: + or: [<< pipeline.parameters.run-workflow-protocol-coverage >>] jobs: - install_dependencies - lint-checks: diff --git a/.env b/.env index 8087faab907..a2fa43ce4d1 100644 --- a/.env +++ b/.env @@ -8,8 +8,6 @@ GETH_VMODULE="consensus/*=2" GETH_ENABLE_METRICS=false GETH_USE_MYCELO=false -VM_BASED=false - KUBERNETES_CLUSTER_NAME="celo-networks-dev" KUBERNETES_CLUSTER_ZONE="us-west1-a" CLUSTER_DOMAIN_NAME="celo-networks-dev" diff --git a/.env.alfajores b/.env.alfajores index a59e37cff62..f6762b6487e 100644 --- a/.env.alfajores +++ b/.env.alfajores @@ -2,8 +2,6 @@ ENV_TYPE="production" GETH_VERBOSITY=2 -VM_BASED=false - KUBERNETES_CLUSTER_NAME="alfajores" KUBERNETES_CLUSTER_ZONE="us-west1-a" CLUSTER_DOMAIN_NAME="celo-testnet" diff --git a/.env.baklava b/.env.baklava index d353c7b4db6..4262cee6c2f 100644 --- a/.env.baklava +++ b/.env.baklava @@ -5,7 +5,6 @@ ENV_TYPE="production" GETH_VERBOSITY=2 GETH_ENABLE_METRICS=true -VM_BASED=false KUBERNETES_CLUSTER_NAME="baklavastaging" KUBERNETES_CLUSTER_ZONE="us-west1-a" diff --git a/.env.oracledev b/.env.oracledev index 6676cba2c1e..f9ddf450abf 100644 --- a/.env.oracledev +++ b/.env.oracledev @@ -61,7 +61,6 @@ CLUSTER_CREATION_FLAGS="--enable-autoscaling --min-nodes 3 --max-nodes 8 --machi # ---- VM ---- -VM_BASED=false # ---- Blockscout ---- diff --git a/.env.rc1staging b/.env.rc1staging index 9cfd22b5566..8d651268dfe 100644 --- a/.env.rc1staging +++ b/.env.rc1staging @@ -5,9 +5,6 @@ ENV_TYPE="staging" GETH_VERBOSITY=2 GETH_ENABLE_METRICS=true -# TODO: deprecated -VM_BASED=false - KUBERNETES_CLUSTER_NAME="rc1staging" KUBERNETES_CLUSTER_ZONE="us-west1-a" CLUSTER_DOMAIN_NAME="celo-testnet" diff --git a/.env.staging b/.env.staging index e9f275a5013..4dc0ef883ca 100644 --- a/.env.staging +++ b/.env.staging @@ -37,7 +37,6 @@ GETH_NODE_DOCKER_IMAGE_TAG="8a44c2cd92200bdffce595c7558e84a39ea2bc15" GETH_VERBOSITY=2 -VM_BASED=false KUBERNETES_CLUSTER_NAME=celo-networks-dev KUBERNETES_CLUSTER_ZONE="us-west1-a" diff --git a/.github/workflows/circleci.yml b/.github/workflows/circleci.yml index f060e1fc964..5eee7063704 100644 --- a/.github/workflows/circleci.yml +++ b/.github/workflows/circleci.yml @@ -215,7 +215,10 @@ jobs: # needs: [install-dependencies, lint-checks] needs: [install-dependencies] if: | + github.base_ref == 'master' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') || contains(needs.install-dependencies.outputs.all_modified_files, 'packages/protocol') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/typescript') || contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') || contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') || false @@ -256,7 +259,10 @@ jobs: timeout-minutes: 30 needs: [install-dependencies, lint-checks, pre-protocol-test-release] if: | + github.base_ref == 'master' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') || contains(needs.install-dependencies.outputs.all_modified_files, 'packages/protocol') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/typescript') || contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') || contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') || false @@ -287,7 +293,10 @@ jobs: timeout-minutes: 60 needs: [install-dependencies, lint-checks] if: | + github.base_ref == 'master' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') || contains(needs.install-dependencies.outputs.all_modified_files, 'packages/protocol') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/typescript') || contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') || contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') || false @@ -361,7 +370,11 @@ jobs: timeout-minutes: 30 needs: [install-dependencies] if: | - contains(needs.install-dependencies.outputs.all_modified_files, 'packages/contractkit') || + github.base_ref == 'master' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/protocol') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/dev-utils') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/typescript') || contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') || contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') || false @@ -389,7 +402,12 @@ jobs: timeout-minutes: 30 needs: [install-dependencies, contractkit-tests] if: | - contains(needs.install-dependencies.outputs.all_modified_files, 'packages/identity') || + github.base_ref == 'master' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/phone-number-privacy/common') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/protocol') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/dev-utils') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/typescript') || contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') || contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') || false @@ -417,7 +435,11 @@ jobs: timeout-minutes: 30 needs: [install-dependencies, contractkit-tests] if: | - contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk/transactions-uri') || + github.base_ref == 'master' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/protocol') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/dev-utils') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/typescript') || contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') || contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') || false @@ -450,7 +472,13 @@ jobs: timeout-minutes: 30 needs: [install-dependencies] if: | + github.base_ref == 'master' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') || contains(needs.install-dependencies.outputs.all_modified_files, 'packages/cli') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/phone-number-privacy/common') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/protocol') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/dev-utils') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/typescript') || contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') || contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') || false @@ -489,6 +517,7 @@ jobs: timeout-minutes: 30 needs: [install-dependencies] if: | + github.base_ref == 'master' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') || contains(needs.install-dependencies.outputs.all_modified_files, 'packages/typescript') || contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') || contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') || @@ -517,7 +546,9 @@ jobs: timeout-minutes: 30 needs: [install-dependencies] if: | + github.base_ref == 'master' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') || contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/typescript') || contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') || contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') || false @@ -551,7 +582,9 @@ jobs: timeout-minutes: 30 needs: [install-dependencies] if: | + github.base_ref == 'master' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') || contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/typescript') || contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') || contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') || false @@ -584,9 +617,13 @@ jobs: timeout-minutes: 60 needs: [install-dependencies, lint-checks, contractkit-tests] if: | - contains(needs.install-dependencies.outputs.all_modified_files, 'packages/protocol') || + github.base_ref == 'master' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') || contains(needs.install-dependencies.outputs.all_modified_files, 'packages/celotool') || - contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk/contractkit') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/phone-number-privacy/common') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/protocol') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/dev-utils') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/typescript') || contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') || contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') || false @@ -674,7 +711,10 @@ jobs: timeout-minutes: 30 needs: [install-dependencies, lint-checks] if: | + github.base_ref == 'master' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') || contains(needs.install-dependencies.outputs.all_modified_files, 'packages/phone-number-privacy') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/protocol') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk') || contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') || contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') || false @@ -708,7 +748,9 @@ jobs: # Disable as certora license is not active if: | false && ( + github.base_ref == 'master' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') || contains(needs.install-dependencies.outputs.all_modified_files, 'packages/protocol') || + contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk') || contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') || contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') ) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 0e2f1bdb5e8..b82acff108b 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -18,7 +18,7 @@ jobs: pull-requests: write steps: - - uses: actions/stale@v3 + - uses: actions/stale@v8 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'This issue is stale and will be closed in 30 days without activity' diff --git a/README.md b/README.md index e1e32c72b26..3bdbcc5fa53 100644 --- a/README.md +++ b/README.md @@ -110,11 +110,10 @@ The repository has the following packages (sub projects): - [cli](packages/cli) - tool that uses ContractKit to interact with the Celo protocol ([docs](https://docs.celo.org/command-line-interface/introduction)) - [dev-utils](packages/dev-utils) - a utils package for use as a dev dependency - [docs](packages/docs) - technical documentation for the Celo project ([live](https://docs.celo.org/)) -- [helm-charts](packages/helm-charts) - templatized deployments of entire environments to Kubernetes clusters +- [helm-charts](packages/helm-charts) - (DEPRECATED) templatized deployments of entire environments to Kubernetes clusters. Check [celo-org/charts](https://github.com/celo-org/charts) instead. - [protocol](packages/protocol) - identity, stability and other smart contracts for the Celo protocol ([docs](https://docs.celo.org/celo-codebase/protocol)) - [sdk](packages/sdk) - Typescript packages for interacting with Celo, including Contracts, Wallets, Crypto++ - [contractkit](packages/sdk/contractkit) - library to help developers and validators interact with the protocol and its smart contracts ([docs](https://docs.celo.org/developer-guide/contractkit)) -- [terraform-modules](packages/terraform-modules) - templatized deployments of entire VM-based testnets for Google Cloud Platform - [typescript](packages/typescript) - no README available (improve?) Code owners for each package can be found in [.github/CODEOWNERS](.github/CODEOWNERS). diff --git a/package.json b/package.json index e3408fcefa7..4131c57047b 100644 --- a/package.json +++ b/package.json @@ -112,7 +112,7 @@ "minimist": "^1.2.5", "mixin-deep": "^2.0.1", "node-forge": "^0.10.0", - "node-gyp": "5.0.1", + "node-gyp": "^6.0.0", "node-libs-react-native": "^1.2.0", "node-notifier": "^8.0.2", "normalize-url": "4.5.1", diff --git a/packages/celotool/src/cmds/deploy/destroy/cluster.ts b/packages/celotool/src/cmds/deploy/destroy/cluster.ts index b0c76a7dcee..b4cb62058d4 100644 --- a/packages/celotool/src/cmds/deploy/destroy/cluster.ts +++ b/packages/celotool/src/cmds/deploy/destroy/cluster.ts @@ -1,6 +1,6 @@ import { printReleases } from 'src/cmds/deploy/list' import { deleteCluster, getNonSystemHelmReleases, switchToClusterFromEnv } from 'src/lib/cluster' -import { EnvTypes, envVar, fetchEnv } from 'src/lib/env-utils' +import { envTypes, envVar, fetchEnv } from 'src/lib/env-utils' import { exitIfCelotoolHelmDryRun } from 'src/lib/helm_deploy' import { DestroyArgv } from '../../deploy/destroy' @@ -13,7 +13,7 @@ export const builder = {} export const handler = async (argv: DestroyArgv) => { exitIfCelotoolHelmDryRun() const envType = fetchEnv(envVar.ENV_TYPE) - if (envType !== EnvTypes.DEVELOPMENT) { + if (envType !== envTypes.DEVELOPMENT) { console.error('You can only delete dev clusters') process.exit(1) } diff --git a/packages/celotool/src/cmds/deploy/destroy/forno.ts b/packages/celotool/src/cmds/deploy/destroy/forno.ts deleted file mode 100644 index 69ceda4e343..00000000000 --- a/packages/celotool/src/cmds/deploy/destroy/forno.ts +++ /dev/null @@ -1,14 +0,0 @@ -import { DestroyArgv } from 'src/cmds/deploy/destroy' -import { destroyForno } from 'src/lib/forno' -import { exitIfCelotoolHelmDryRun } from 'src/lib/helm_deploy' - -export const command = 'forno' - -export const describe = 'Destroy forno for an environment' - -type FullNodeInitialArgv = DestroyArgv - -export const handler = async (argv: FullNodeInitialArgv) => { - exitIfCelotoolHelmDryRun() - await destroyForno(argv.celoEnv) -} diff --git a/packages/celotool/src/cmds/deploy/destroy/testnet.ts b/packages/celotool/src/cmds/deploy/destroy/testnet.ts index 1970025c181..7d531742a53 100644 --- a/packages/celotool/src/cmds/deploy/destroy/testnet.ts +++ b/packages/celotool/src/cmds/deploy/destroy/testnet.ts @@ -1,5 +1,4 @@ import { switchToClusterFromEnv } from 'src/lib/cluster' -import { failIfVmBased } from 'src/lib/env-utils' import { deleteFromCluster, deleteStaticIPs, exitIfCelotoolHelmDryRun } from 'src/lib/helm_deploy' import { DestroyArgv } from '../../deploy/destroy' @@ -10,7 +9,6 @@ export const builder = {} export const handler = async (argv: DestroyArgv) => { exitIfCelotoolHelmDryRun() - failIfVmBased() await switchToClusterFromEnv(argv.celoEnv) diff --git a/packages/celotool/src/cmds/deploy/destroy/vm-testnet.ts b/packages/celotool/src/cmds/deploy/destroy/vm-testnet.ts deleted file mode 100644 index 0c6b1d5e9a0..00000000000 --- a/packages/celotool/src/cmds/deploy/destroy/vm-testnet.ts +++ /dev/null @@ -1,16 +0,0 @@ -import { switchToClusterFromEnv } from 'src/lib/cluster' -import { exitIfCelotoolHelmDryRun } from 'src/lib/helm_deploy' -import { removePrometheus } from 'src/lib/prometheus' -import { destroy } from 'src/lib/vm-testnet-utils' -import { DestroyArgv } from '../../deploy/destroy' - -export const command = 'vm-testnet' -export const describe = 'destroy an existing VM-based testnet' -export const builder = {} - -export const handler = async (argv: DestroyArgv) => { - exitIfCelotoolHelmDryRun() - await switchToClusterFromEnv(argv.celoEnv) - await destroy(argv.celoEnv) - await removePrometheus() -} diff --git a/packages/celotool/src/cmds/deploy/initial/forno.ts b/packages/celotool/src/cmds/deploy/initial/forno.ts deleted file mode 100644 index a3109b128d8..00000000000 --- a/packages/celotool/src/cmds/deploy/initial/forno.ts +++ /dev/null @@ -1,14 +0,0 @@ -import { InitialArgv } from 'src/cmds/deploy/initial' -import { deployForno } from 'src/lib/forno' -import { exitIfCelotoolHelmDryRun } from 'src/lib/helm_deploy' - -export const command = 'forno' - -export const describe = 'Deploy forno for an environment' - -type FullNodeInitialArgv = InitialArgv - -export const handler = async (argv: FullNodeInitialArgv) => { - exitIfCelotoolHelmDryRun() - await deployForno(argv.celoEnv) -} diff --git a/packages/celotool/src/cmds/deploy/initial/testnet.ts b/packages/celotool/src/cmds/deploy/initial/testnet.ts index 0ae62d6285a..5374986ea93 100644 --- a/packages/celotool/src/cmds/deploy/initial/testnet.ts +++ b/packages/celotool/src/cmds/deploy/initial/testnet.ts @@ -1,5 +1,4 @@ import { createClusterIfNotExists, setupCluster, switchToClusterFromEnv } from 'src/lib/cluster' -import { failIfVmBased } from 'src/lib/env-utils' import { createStaticIPs, installHelmChart, @@ -34,8 +33,6 @@ export const builder = (argv: yargs.Argv) => { } export const handler = async (argv: TestnetInitialArgv) => { - failIfVmBased() - const createdCluster = await createClusterIfNotExists() await switchToClusterFromEnv(argv.celoEnv) diff --git a/packages/celotool/src/cmds/deploy/initial/vm-testnet.ts b/packages/celotool/src/cmds/deploy/initial/vm-testnet.ts deleted file mode 100644 index 8fc3159d6a8..00000000000 --- a/packages/celotool/src/cmds/deploy/initial/vm-testnet.ts +++ /dev/null @@ -1,41 +0,0 @@ -import { createClusterIfNotExists, setupCluster, switchToClusterFromEnv } from 'src/lib/cluster' -import { exitIfCelotoolHelmDryRun } from 'src/lib/helm_deploy' -import { installPrometheusIfNotExists } from 'src/lib/prometheus' -import { deploy } from 'src/lib/vm-testnet-utils' -import yargs from 'yargs' -import { InitialArgv } from '../../deploy/initial' - -export const command = 'vm-testnet' -export const describe = 'upgrade a testnet on a VM' - -type VmTestnetArgv = InitialArgv & { - skipSecretGeneration: boolean - useExistingGenesis: boolean -} - -export const builder = (argv: yargs.Argv) => { - return argv - .option('skipSecretGeneration', { - describe: - 'Skips the generation of secrets. Use sparingly, this is intended to save deploy time if you are certain no secrets will have changed.', - default: false, - type: 'boolean', - }) - .option('useExistingGenesis', { - type: 'boolean', - description: 'Instead of generating a new genesis, use an existing genesis in GCS', - default: false, - }) -} - -export const handler = async (argv: VmTestnetArgv) => { - exitIfCelotoolHelmDryRun() - // deploy VM testnet with Terraform - await deploy(argv.celoEnv, !argv.skipSecretGeneration, argv.useExistingGenesis) - - // set up Kubernetes cluster that will have prometheus to stackdriver statefulset - const createdCluster = await createClusterIfNotExists() - await switchToClusterFromEnv(argv.celoEnv) - await setupCluster(argv.celoEnv, createdCluster) - await installPrometheusIfNotExists() -} diff --git a/packages/celotool/src/cmds/deploy/upgrade/forno.ts b/packages/celotool/src/cmds/deploy/upgrade/forno.ts deleted file mode 100644 index 57d3a3a6557..00000000000 --- a/packages/celotool/src/cmds/deploy/upgrade/forno.ts +++ /dev/null @@ -1,14 +0,0 @@ -import { UpgradeArgv } from 'src/cmds/deploy/upgrade' -import { deployForno } from 'src/lib/forno' -import { exitIfCelotoolHelmDryRun } from 'src/lib/helm_deploy' - -export const command = 'forno' - -export const describe = 'Upgrade forno for an environment' - -type FullNodeInitialArgv = UpgradeArgv - -export const handler = async (argv: FullNodeInitialArgv) => { - exitIfCelotoolHelmDryRun() - await deployForno(argv.celoEnv) -} diff --git a/packages/celotool/src/cmds/deploy/upgrade/testnet.ts b/packages/celotool/src/cmds/deploy/upgrade/testnet.ts index 60f041d3044..213d22aeaeb 100644 --- a/packages/celotool/src/cmds/deploy/upgrade/testnet.ts +++ b/packages/celotool/src/cmds/deploy/upgrade/testnet.ts @@ -1,5 +1,4 @@ import { switchToClusterFromEnv } from 'src/lib/cluster' -import { failIfVmBased } from 'src/lib/env-utils' import { isCelotoolHelmDryRun, resetAndUpgradeHelmChart, @@ -36,8 +35,6 @@ export const builder = (argv: yargs.Argv) => { } export const handler = async (argv: TestnetArgv) => { - failIfVmBased() - await switchToClusterFromEnv(argv.celoEnv) await upgradeStaticIPs(argv.celoEnv) diff --git a/packages/celotool/src/cmds/deploy/upgrade/vm-testnet.ts b/packages/celotool/src/cmds/deploy/upgrade/vm-testnet.ts deleted file mode 100644 index 79ea6309a0e..00000000000 --- a/packages/celotool/src/cmds/deploy/upgrade/vm-testnet.ts +++ /dev/null @@ -1,48 +0,0 @@ -import { switchToClusterFromEnv } from 'src/lib/cluster' -import { exitIfCelotoolHelmDryRun } from 'src/lib/helm_deploy' -import { upgradePrometheus } from 'src/lib/prometheus' -import { deploy, taintTestnet, untaintTestnet } from 'src/lib/vm-testnet-utils' -import yargs from 'yargs' -import { UpgradeArgv } from '../../deploy/upgrade' - -export const command = 'vm-testnet' -export const describe = 'upgrade a testnet on a VM' - -type VmTestnetArgv = UpgradeArgv & { - reset: boolean - skipSecretGeneration: boolean - useExistingGenesis: boolean -} - -export const builder = (argv: yargs.Argv) => { - return argv - .option('reset', { - describe: 'recreates all nodes and deletes any chain data in persistent disks', - default: false, - type: 'boolean', - }) - .option('skipSecretGeneration', { - describe: - 'Skips the generation of secrets. Use sparingly, this is intended to save deploy time if you are certain no secrets will have changed.', - default: false, - type: 'boolean', - }) - .option('useExistingGenesis', { - type: 'boolean', - description: 'Instead of generating a new genesis, use an existing genesis in GCS', - default: false, - }) -} - -export const handler = async (argv: VmTestnetArgv) => { - exitIfCelotoolHelmDryRun() - await switchToClusterFromEnv(argv.celoEnv) - - let onDeployFailed = () => Promise.resolve() - if (argv.reset === true) { - onDeployFailed = () => untaintTestnet(argv.celoEnv) - await taintTestnet(argv.celoEnv) - } - await deploy(argv.celoEnv, !argv.skipSecretGeneration, argv.useExistingGenesis, onDeployFailed) - await upgradePrometheus() -} diff --git a/packages/celotool/src/cmds/ssh-vm-node.ts b/packages/celotool/src/cmds/ssh-vm-node.ts deleted file mode 100644 index 9592584ce74..00000000000 --- a/packages/celotool/src/cmds/ssh-vm-node.ts +++ /dev/null @@ -1,51 +0,0 @@ -import { addCeloEnvMiddleware, CeloEnvArgv } from 'src/lib/env-utils' -import { getNodeVmName, getVmSshCommand, indexCoercer } from 'src/lib/vm-testnet-utils' -import yargs from 'yargs' - -export const command = 'ssh-vm-node [nodeIndex]' - -export const describe = - 'Generates a command to ssh into a vm-testnet node. To execute the ssh command, run `eval $()`' - -interface SshVmNodeArgv extends CeloEnvArgv { - nodeType: 'validator' | 'tx-node' | 'tx-node-private' | 'bootnode' | 'proxy' - nodeIndex?: number -} - -interface CheckArgs { - 'celo-env': unknown - nodeType: string | undefined - nodeIndex?: string -} - -export const builder = (argv: yargs.Argv) => { - const choices: readonly string[] = [ - 'validator', - 'tx-node', - 'tx-node-private', - 'bootnode', - 'proxy', - ] - return addCeloEnvMiddleware(argv) - .positional('nodeType', { - describe: 'Type of node', - choices, - }) - .positional('nodeIndex', { - describe: 'Index of the node. Only needed for validator or tx-node', - type: 'string', - coerce: indexCoercer, - }) - .check((checkArgv: CheckArgs) => { - const requiresIndex = checkArgv.nodeType !== 'bootnode' - if (requiresIndex && checkArgv.nodeIndex === undefined) { - return new Error(`nodeIndex is required for nodeType ${checkArgv.nodeType}`) - } - return true - }) -} - -export const handler = async (argv: SshVmNodeArgv) => { - const instanceName = await getNodeVmName(argv.celoEnv, argv.nodeType, argv.nodeIndex) - console.info(getVmSshCommand(instanceName)) -} diff --git a/packages/celotool/src/cmds/vm-exec.ts b/packages/celotool/src/cmds/vm-exec.ts deleted file mode 100644 index 160f1f75b68..00000000000 --- a/packages/celotool/src/cmds/vm-exec.ts +++ /dev/null @@ -1,185 +0,0 @@ -import { execCmd } from 'src/lib/cmd-utils' -import { - addCeloEnvMiddleware, - CeloEnvArgv, - envVar, - failIfNotVmBased, - fetchEnv, -} from 'src/lib/env-utils' -import { getProxiesPerValidator } from 'src/lib/testnet-utils' -import { getNodeVmName, getVmSshCommand, indexCoercer, ProxyIndex } from 'src/lib/vm-testnet-utils' -import yargs from 'yargs' - -export const command = 'vm-exec' - -export const describe = 'SSH and exec commands on all or individual nodes in a VM-based env' - -interface ValidatorsExecArgv extends CeloEnvArgv { - nodeType: string - docker: string - cmd: string - only: number | ProxyIndex - from: number | ProxyIndex - to: number | ProxyIndex -} - -export const builder = (argv: yargs.Argv) => { - return addCeloEnvMiddleware(argv) - .option('nodeType', { - describe: 'Type of node', - choices: ['validator', 'tx-node', 'tx-node-private', 'bootnode', 'proxy'], - type: 'string', - }) - .option('docker', { - type: 'string', - description: 'Operation to run on the docker container {start|stop|restart}', - default: 'restart', - }) - .option('cmd', { - type: 'string', - description: 'Arbitrary command to exec', - default: null, - }) - .option('only', { - type: 'string', - description: - 'Index of the only node to exec on. If the node is a proxy, the validator and proxy indices must both be specified as `:`', - default: null, - coerce: indexCoercer, - }) - .option('from', { - type: 'string', - description: - 'Index of the node to start on when exec-ing over a range. If the node is a proxy, the validator and proxy indices must both be specified as `:`', - default: '0', - coerce: indexCoercer, - }) - .option('to', { - type: 'string', - description: - 'Index of the node to end on when exec-ing over a range (not inclusive). If the node is a proxy, the validator and proxy indices must both be specified as `:`. Defaults to the max index for the nodeType.', - default: '-1', - coerce: indexCoercer, - }) -} - -export const handler = async (argv: ValidatorsExecArgv) => { - failIfNotVmBased() - - const project = fetchEnv(envVar.TESTNET_PROJECT_NAME) - const zone = fetchEnv(envVar.KUBERNETES_CLUSTER_ZONE) - - const cmd = argv.cmd === null ? `sudo docker ${argv.docker} geth` : argv.cmd - - console.info( - `Running on validators.\n` + - `Cmd: ${cmd}\n` + - `Env: ${argv.celoEnv}\n` + - `Project: ${project}\n` + - `Zone: ${zone}\n` + - `Node Type: ${argv.nodeType}` - ) - - // For proxy / tx-nodes that have random suffixes, we are forced to run a - // gcloud command and await it in order to get the full instance name. - // Because of this, we end up calling the SSH command, and then moving on to get the - // next instance name, which takes time, so the previous SSH command is nearly finished. - // By doing this in two steps, we more closely make the exec across all instances - // happen in parallel - const instanceNames: string[] = [] - if (argv.only === null) { - let to: number | ProxyIndex = argv.to - - if (typeof to === 'number' && to < 0) { - to = getMaxNodeIndex(argv.nodeType) - } - - console.info('Max Node Index:', getMaxNodeIndex(argv.nodeType)) - console.info('From Index:', argv.from) - console.info('To Index:', to) - - const indexIterator = createIndexIterator(argv.from, to) - let index = indexIterator.next() - while (!index.done) { - const instanceName = await getNodeVmName(argv.celoEnv, argv.nodeType, index.value) - instanceNames.push(instanceName) - index = indexIterator.next() - } - } else { - console.info(`Only Index: ${argv.only}`) - const instanceName = await getNodeVmName(argv.celoEnv, argv.nodeType, argv.only) - instanceNames.push(instanceName) - } - - const runCmds = [] - for (const instanceName of instanceNames) { - runCmds.push(runSshCommand(instanceName, cmd)) - } - - await Promise.all(runCmds) - - console.info('Done.') -} - -async function runSshCommand(instanceName: string, cmd: string) { - const bareSshCmd = getVmSshCommand(instanceName) - const fullCmd = `${bareSshCmd} --command "${cmd}"` - console.info(`Running ${fullCmd}`) - return execCmd(fullCmd, {}, false, true) -} - -function getMaxNodeIndex(nodeType: string): number | ProxyIndex { - switch (nodeType) { - case 'validator': - return parseInt(fetchEnv(envVar.VALIDATORS), 10) - case 'tx-node': - return parseInt(fetchEnv(envVar.TX_NODES), 10) - case 'tx-node-private': - return parseInt(fetchEnv(envVar.PRIVATE_TX_NODES), 10) - case 'bootnode': - return 1 - case 'proxy': - const proxiesPerValidator = getProxiesPerValidator() - if (!proxiesPerValidator.length) { - return { - validatorIndex: 0, - proxyIndex: 0, - } - } - return { - validatorIndex: proxiesPerValidator.length - 1, - proxyIndex: proxiesPerValidator[proxiesPerValidator.length - 1], - } - default: - throw new Error('Invalid node type') - } -} - -function* createIndexIterator(from: number | ProxyIndex, to: number | ProxyIndex) { - if (typeof from !== typeof to) { - throw Error('From and to indices should be of the same type') - } - if (typeof from === 'number') { - // iterate through numeric indices - for (let i = from; i < to; i++) { - yield i - } - } else { - const proxyFrom = from as ProxyIndex - const proxyTo = to as ProxyIndex - // iterate through proxy indices - const proxiesPerValidator = getProxiesPerValidator() - const minValidatorIndex = Math.min(proxiesPerValidator.length, proxyTo.validatorIndex) - for (let valIndex = proxyFrom.validatorIndex; valIndex <= minValidatorIndex; valIndex++) { - const maxProxyIndex = - valIndex === proxyTo.validatorIndex ? proxyTo.proxyIndex : proxiesPerValidator[valIndex] - for (let proxyIndex = from.proxyIndex; proxyIndex < maxProxyIndex; proxyIndex++) { - const index: ProxyIndex = { - validatorIndex: valIndex, - proxyIndex, - } - yield index - } - } - } -} diff --git a/packages/celotool/src/e2e-tests/cip35_tests.ts b/packages/celotool/src/e2e-tests/cip35_tests.ts index 5dc71e6d747..6dffe05cfa6 100644 --- a/packages/celotool/src/e2e-tests/cip35_tests.ts +++ b/packages/celotool/src/e2e-tests/cip35_tests.ts @@ -137,6 +137,7 @@ function getGethRunConfig(withDonut: boolean, withEspresso: boolean): GethRunCon churritoBlock: 0, donutBlock: withDonut ? 0 : null, espressoBlock: withEspresso ? 0 : null, + gingerbreadBlock: null, }, instances: [ { diff --git a/packages/celotool/src/e2e-tests/slashing_tests.ts b/packages/celotool/src/e2e-tests/slashing_tests.ts index d6e3bcbd233..25303a7834e 100644 --- a/packages/celotool/src/e2e-tests/slashing_tests.ts +++ b/packages/celotool/src/e2e-tests/slashing_tests.ts @@ -18,17 +18,38 @@ const TMP_PATH = '/tmp/e2e' const safeMarginBlocks = 4 function headerArray(block: any) { + if (!block.nonce) { + // Before Gingerbread fork + return [ + block.parentHash, + block.miner, + block.stateRoot, + block.transactionsRoot, + block.receiptsRoot, + block.logsBloom, + block.number, + block.gasUsed, + block.timestamp, + block.extraData, + ] + } return [ block.parentHash, + block.sha3Uncles, block.miner, block.stateRoot, block.transactionsRoot, block.receiptsRoot, block.logsBloom, + new BigNumber(block.difficulty).toNumber(), block.number, + block.gasLimit, block.gasUsed, block.timestamp, block.extraData, + block.mixHash, + block.nonce, + block.baseFee, ] } diff --git a/packages/celotool/src/lib/cluster.ts b/packages/celotool/src/lib/cluster.ts index 7baed1ad446..95f6661cb75 100644 --- a/packages/celotool/src/lib/cluster.ts +++ b/packages/celotool/src/lib/cluster.ts @@ -1,7 +1,7 @@ import sleep from 'sleep-promise' import { execCmd, execCmdWithExitOnFailure } from './cmd-utils' import { getClusterConfigForContext, switchToContextCluster } from './context-utils' -import { doCheckOrPromptIfStagingOrProduction, EnvTypes, envVar, fetchEnv } from './env-utils' +import { doCheckOrPromptIfStagingOrProduction, envTypes, envVar, fetchEnv } from './env-utils' import { checkHelmVersion, createAndUploadBackupSecretIfNotExists, @@ -11,10 +11,10 @@ import { installCertManagerAndNginx, installGCPSSDStorageClass, isCelotoolHelmDryRun, + networkName, } from './helm_deploy' import { createServiceAccountIfNotExists } from './service-account-utils' import { outputIncludes, switchToProjectFromEnv } from './utils' -import { networkName } from './vm-testnet-utils' const SYSTEM_HELM_RELEASES = [ 'nginx-ingress-release', @@ -137,7 +137,7 @@ export async function setupCluster(celoEnv: string, createdCluster: boolean) { await installCertManagerAndNginx(celoEnv) - if (envType !== EnvTypes.DEVELOPMENT) { + if (envType !== envTypes.DEVELOPMENT) { console.info('Installing metric tools installation') await installAndEnableMetricsDeps(true) } else { @@ -199,7 +199,7 @@ export async function setClusterLabels(celoEnv: string) { ) } await labelfn('environment', envType) - await labelfn('envtype', envType === EnvTypes.PRODUCTION ? 'production' : 'nonproduction') + await labelfn('envtype', envType === envTypes.PRODUCTION ? 'production' : 'nonproduction') await labelfn('envinstance', celoEnv) } diff --git a/packages/celotool/src/lib/env-utils.ts b/packages/celotool/src/lib/env-utils.ts index d57f4c19f0a..e70ebcaf44a 100644 --- a/packages/celotool/src/lib/env-utils.ts +++ b/packages/celotool/src/lib/env-utils.ts @@ -143,7 +143,6 @@ export enum envVar { VALIDATOR_ZERO_GENESIS_BALANCE = 'VALIDATOR_ZERO_GENESIS_BALANCE', VALIDATORS = 'VALIDATORS', VALIDATORS_ROLLING_UPDATE_PARTITION = 'VALIDATORS_ROLLING_UPDATE_PARTITION', - VM_BASED = 'VM_BASED', VOTING_BOT_BALANCE = 'VOTING_BOT_BALANCE', VOTING_BOT_CHANGE_BASELINE = 'VOTING_BOT_CHANGE_BASELINE', VOTING_BOT_CRON_SCHEDULE = 'VOTING_BOT_CRON_SCHEDULE', @@ -227,7 +226,7 @@ export enum DynamicEnvVar { PROM_REMOTE_WRITE_URL = '{{ context }}_PROM_REMOTE_WRITE_URL', } -export enum EnvTypes { +export enum envTypes { DEVELOPMENT = 'development', INTEGRATION = 'integration', STAGING = 'staging', @@ -291,7 +290,7 @@ export function validateAndSwitchToEnv(celoEnv: string) { } export function isProduction() { - return fetchEnv(envVar.ENV_TYPE).toLowerCase() === EnvTypes.PRODUCTION + return fetchEnv(envVar.ENV_TYPE).toLowerCase() === envTypes.PRODUCTION } export function isValidCeloEnv(celoEnv: string) { @@ -375,21 +374,3 @@ export function addCeloEnvMiddleware(argv: yargs.Argv) { .middleware([celoEnvMiddleware]) ) } - -export function isVmBased() { - return fetchEnv(envVar.VM_BASED) === 'true' -} - -export function failIfNotVmBased() { - if (!isVmBased()) { - console.error('The celo env is not intended for a VM-based testnet, aborting') - process.exit(1) - } -} - -export function failIfVmBased() { - if (isVmBased()) { - console.error('The celo env is intended for a VM-based testnet, aborting') - process.exit(1) - } -} diff --git a/packages/celotool/src/lib/forno.ts b/packages/celotool/src/lib/forno.ts deleted file mode 100644 index ef97fc7fc8e..00000000000 --- a/packages/celotool/src/lib/forno.ts +++ /dev/null @@ -1,112 +0,0 @@ -import { execCmd } from './cmd-utils' -import { coerceContext, getClusterManagerForContext, readableContext } from './context-utils' -import { envVar, fetchEnv } from './env-utils' -import { CloudProvider } from './k8s-cluster/base' -import { GCPClusterConfig } from './k8s-cluster/gcp' -import { TerraformVars } from './terraform' -import { deployModule, destroyModule } from './vm-testnet-utils' - -const FORNO_TERRAFORM_MODULE_NAME = 'forno' - -export async function deployForno(celoEnv: string) { - const contexts: string[] = fetchEnv(envVar.FORNO_FULL_NODE_CONTEXTS).split(',').map(coerceContext) - console.info('Deploying Forno with full node contexts:', contexts) - const terraformVars: TerraformVars = await getFornoTerraformVars(celoEnv, contexts) - // This prints the global IP address for forno - await deployModule(celoEnv, FORNO_TERRAFORM_MODULE_NAME, terraformVars) - console.info( - 'Note: in order to have an SSL certificate be properly provisioned, DNS entries for the relevant domains must point to the printed IP above.' - ) -} - -export async function destroyForno(celoEnv: string) { - const contexts: string[] = fetchEnv(envVar.FORNO_FULL_NODE_CONTEXTS).split(',').map(coerceContext) - console.info('DESTROYING Forno') - const terraformVars: TerraformVars = await getFornoTerraformVars(celoEnv, contexts) - await destroyModule(celoEnv, FORNO_TERRAFORM_MODULE_NAME, terraformVars) -} - -interface ContextInfoTerraformVars { - service_network_endpoint_group_name: string - zone: string -} - -async function getFornoTerraformVars(celoEnv: string, contexts: string[]): Promise { - let gcloudProject: string | undefined - const getContextInfos = async ( - port: number, - service: string, - namespace: string - ): Promise<{ [context: string]: ContextInfoTerraformVars }> => - contexts.reduce(async (aggPromise, context: string) => { - const agg = await aggPromise - const clusterManager = getClusterManagerForContext(celoEnv, context) - if (clusterManager.cloudProvider !== CloudProvider.GCP) { - throw Error( - `Forno only accepts GCP contexts, context ${context} is ${clusterManager.cloudProvider}` - ) - } - const contextGcloudProject = (clusterManager.clusterConfig as GCPClusterConfig).projectName - // Require all the contexts to have the same project - if (gcloudProject === undefined) { - gcloudProject = contextGcloudProject - } else if (gcloudProject !== contextGcloudProject) { - throw Error(`All contexts must be in the same Google Cloud project`) - } - // Rather than using clusterManager.kubernetesContextName we switch to the - // cluster to account for the case where this user has not gotten the - // context for the cluster yet. - await clusterManager.switchToClusterContext(true) - const [output] = await execCmd( - `kubectl get svc ${service} -n ${namespace} -o jsonpath="{.metadata.annotations.cloud\\.google\\.com/neg-status}"` - ) - if (!output.trim()) { - throw Error(`Expected cloud.google.com/neg-status annotation for service ${service}`) - } - const outputParsed = JSON.parse(output) - if (!outputParsed.network_endpoint_groups[port] || !outputParsed.zones.length) { - throw Error( - `Expected NEG for ${port} and > 0 zones, instead got NEG: ${outputParsed.network_endpoint_groups[port]} and zones ${outputParsed.zones}` - ) - } - return { - ...agg, - [readableContext(context)]: { - service_network_endpoint_group_name: outputParsed.network_endpoint_groups[port], - // Only expect a single zone - zone: outputParsed.zones[0], - }, - } - }, Promise.resolve({})) - - // Make sure each domain ends with a period - const domains = fetchEnv(envVar.FORNO_DOMAINS) - .split(',') - .map((domain: string) => { - if (!domain.endsWith('.')) { - return `${domain}.` - } - return domain - }) - const HTTP_RPC_PORT = 8545 - const WS_RPC_PORT = 8546 - const KONG_RPC_PORT = 80 - const contextInfosHttp = await getContextInfos(HTTP_RPC_PORT, `${celoEnv}-fullnodes-rpc`, celoEnv) - const contextInfosWs = await getContextInfos(WS_RPC_PORT, `${celoEnv}-fullnodes-rpc`, celoEnv) - const contextInfosKong = await getContextInfos(KONG_RPC_PORT, 'kong', 'kong') - const bannedCIDRs = fetchEnv(envVar.FORNO_BANNED_CIDR).split(',') - - return { - backend_max_requests_per_second: '100', - backend_max_requests_per_second_kong: '10000', - celo_env: celoEnv, - context_info_http: JSON.stringify(contextInfosHttp), - context_info_ws: JSON.stringify(contextInfosWs), - context_info_kong: JSON.stringify(contextInfosKong), - gcloud_credentials_path: fetchEnv(envVar.GOOGLE_APPLICATION_CREDENTIALS), - gcloud_project: gcloudProject!, - ssl_cert_domains: JSON.stringify(domains), - banned_cidr: JSON.stringify(bannedCIDRs), - vpc_network_name: fetchEnv(envVar.FORNO_VPC_NETWORK_NAME), - } -} diff --git a/packages/celotool/src/lib/generate_utils.ts b/packages/celotool/src/lib/generate_utils.ts index 576f67962cb..951df4fcef1 100644 --- a/packages/celotool/src/lib/generate_utils.ts +++ b/packages/celotool/src/lib/generate_utils.ts @@ -395,6 +395,7 @@ export const generateGenesis = ({ churritoBlock, donutBlock, espressoBlock, + gingerbreadBlock, }: GenesisConfig): string => { const genesis: any = { ...TEMPLATE } @@ -411,6 +412,9 @@ export const generateGenesis = ({ if (typeof espressoBlock === 'number') { genesis.config.espressoBlock = espressoBlock } + if (typeof gingerbreadBlock === 'number') { + genesis.config.gingerbreadBlock = gingerbreadBlock + } genesis.config.chainId = chainId @@ -539,6 +543,9 @@ export const generateGenesisWithMigrations = async ({ if (genesisConfig.espressoBlock !== undefined) { mcConfig.hardforks.espressoBlock = genesisConfig.espressoBlock } + if (genesisConfig.gingerbreadBlock !== undefined) { + mcConfig.hardforks.gingerbreadBlock = genesisConfig.gingerbreadBlock + } if (genesisConfig.timestamp !== undefined) { mcConfig.genesisTimestamp = genesisConfig.timestamp } diff --git a/packages/celotool/src/lib/geth.ts b/packages/celotool/src/lib/geth.ts index c572e5efbfe..db0280ee571 100644 --- a/packages/celotool/src/lib/geth.ts +++ b/packages/celotool/src/lib/geth.ts @@ -16,7 +16,7 @@ import Web3 from 'web3' import { Admin } from 'web3-eth-admin' import { spawnCmd, spawnCmdWithExitOnFailure } from './cmd-utils' import { convertToContractDecimals } from './contract-utils' -import { envVar, fetchEnv, isVmBased } from './env-utils' +import { envVar, fetchEnv } from './env-utils' import { AccountType, generateGenesis, @@ -29,7 +29,6 @@ import { retrieveClusterIPAddress, retrieveIPAddress } from './helm_deploy' import { GethInstanceConfig } from './interfaces/geth-instance-config' import { GethRunConfig } from './interfaces/geth-run-config' import { ensure0x } from './utils' -import { getTestnetOutputs } from './vm-testnet-utils' export async function unlockAccount( web3: Web3, @@ -91,29 +90,19 @@ export const getBootnodeEnode = async (namespace: string) => { } export const retrieveBootnodeIPAddress = async (namespace: string) => { - if (isVmBased()) { - const outputs = await getTestnetOutputs(namespace) - return outputs.bootnode_ip_address.value + // Baklava bootnode address comes from VM and has an different name (not possible to update name after creation) + const resourceName = + namespace === 'baklava' ? `${namespace}-bootnode-address` : `${namespace}-bootnode` + if (fetchEnv(envVar.STATIC_IPS_FOR_GETH_NODES) === 'true') { + return retrieveIPAddress(resourceName) } else { - // Baklava bootnode address comes from VM and has an different name (not possible to update name after creation) - const resourceName = - namespace === 'baklava' ? `${namespace}-bootnode-address` : `${namespace}-bootnode` - if (fetchEnv(envVar.STATIC_IPS_FOR_GETH_NODES) === 'true') { - return retrieveIPAddress(resourceName) - } else { - return retrieveClusterIPAddress('service', resourceName, namespace) - } + return retrieveClusterIPAddress('service', resourceName, namespace) } } const retrieveTxNodeAddresses = async (namespace: string, txNodesNum: number) => { - if (isVmBased()) { - const outputs = await getTestnetOutputs(namespace) - return outputs.tx_node_ip_addresses.value - } else { - const txNodesRange = range(0, txNodesNum) - return Promise.all(txNodesRange.map((i) => retrieveIPAddress(`${namespace}-tx-nodes-${i}`))) - } + const txNodesRange = range(0, txNodesNum) + return Promise.all(txNodesRange.map((i) => retrieveIPAddress(`${namespace}-tx-nodes-${i}`))) } const getEnodesWithIpAddresses = async (namespace: string, getExternalIP: boolean) => { @@ -1274,8 +1263,26 @@ export async function startGeth( } } - // Geth startup isn't fully done even when the port is open, so give it another second - await sleep(1000) + // Geth startup isn't fully done even when the port is open, so check until it responds + const maxTries = 5 + let tries = 0 + while (tries < maxTries) { + tries++ + let block = null + try { + block = await new Web3('http://localhost:8545').eth.getBlock('latest') + } catch (e) { + console.log(`Failed to fetch test block: ${e}`) + } + if (block) { + break + } + console.log('Could not fetch test block. Wait one second, then retry.') + await sleep(1000) + } + if (tries === maxTries) { + throw new Error(`Geth did not start within ${tries} seconds`) + } console.log( `${instance.name}: running.`, diff --git a/packages/celotool/src/lib/helm_deploy.ts b/packages/celotool/src/lib/helm_deploy.ts index ed32bb1fd90..ac5975c0964 100644 --- a/packages/celotool/src/lib/helm_deploy.ts +++ b/packages/celotool/src/lib/helm_deploy.ts @@ -15,7 +15,7 @@ import { spawnCmd, spawnCmdWithExitOnFailure, } from './cmd-utils' -import { EnvTypes, envVar, fetchEnv, fetchEnvOrFallback, monorepoRoot } from './env-utils' +import { envTypes, envVar, fetchEnv, fetchEnvOrFallback, monorepoRoot } from './env-utils' import { ensureAuthenticatedGcloudAccount } from './gcloud_utils' import { generateGenesisFromEnv } from './generate_utils' import { @@ -110,7 +110,7 @@ export async function createCloudSQLInstance(celoEnv: string, instanceName: stri } const envType = fetchEnv(envVar.ENV_TYPE) - if (envType !== EnvTypes.DEVELOPMENT) { + if (envType !== envTypes.DEVELOPMENT) { try { await execCmdWithExitOnFailure( `gcloud sql instances create ${instanceName}-replica --master-instance-name=${instanceName} --zone ${fetchEnv( @@ -1398,3 +1398,11 @@ async function generateMyCeloGenesis(): Promise { await spawnCmd('rm', ['-rf', celoBlockchainDir], { silent: true }) return genesisContent } + +function useDefaultNetwork() { + return fetchEnv(envVar.KUBERNETES_CLUSTER_NAME) === 'celo-networks-dev' +} + +export function networkName(celoEnv: string) { + return useDefaultNetwork() ? 'default' : `${celoEnv}-network` +} diff --git a/packages/celotool/src/lib/interfaces/genesis-config.ts b/packages/celotool/src/lib/interfaces/genesis-config.ts index 5e680965924..b59ca86b1e5 100644 --- a/packages/celotool/src/lib/interfaces/genesis-config.ts +++ b/packages/celotool/src/lib/interfaces/genesis-config.ts @@ -15,4 +15,5 @@ export interface GenesisConfig { churritoBlock?: number | null donutBlock?: number | null espressoBlock?: number | null + gingerbreadBlock?: number | null } diff --git a/packages/celotool/src/lib/mock-oracle.ts b/packages/celotool/src/lib/mock-oracle.ts index 83fefa45736..778bb206cf6 100644 --- a/packages/celotool/src/lib/mock-oracle.ts +++ b/packages/celotool/src/lib/mock-oracle.ts @@ -1,7 +1,6 @@ -import { envVar, fetchEnv, isVmBased } from 'src/lib/env-utils' +import { envVar, fetchEnv } from 'src/lib/env-utils' import { getPrivateTxNodeClusterIP } from 'src/lib/geth' import { installGenericHelmChart, removeGenericHelmChart } from 'src/lib/helm_deploy' -import { getInternalTxNodeLoadBalancerIP } from 'src/lib/vm-testnet-utils' const helmChartPath = '../helm-charts/mock-oracle' @@ -18,9 +17,7 @@ export async function removeHelmRelease(celoEnv: string) { } async function helmParameters(celoEnv: string) { - const nodeIp = isVmBased() - ? await getInternalTxNodeLoadBalancerIP(celoEnv) - : await getPrivateTxNodeClusterIP(celoEnv) + const nodeIp = await getPrivateTxNodeClusterIP(celoEnv) const nodeUrl = `http://${nodeIp}:8545` return [ `--set celotool.image.repository=${fetchEnv(envVar.CELOTOOL_DOCKER_IMAGE_REPOSITORY)}`, diff --git a/packages/celotool/src/lib/port_forward.ts b/packages/celotool/src/lib/port_forward.ts index a0aac538557..297a326fab0 100644 --- a/packages/celotool/src/lib/port_forward.ts +++ b/packages/celotool/src/lib/port_forward.ts @@ -1,7 +1,6 @@ /* tslint:disable: no-console */ import { ChildProcess, spawnSync } from 'child_process' import { execBackgroundCmd, execCmd } from './cmd-utils' -import { envVar, fetchEnv, isVmBased } from './env-utils' function sleep(ms: number) { return new Promise((resolve) => setTimeout(resolve, ms)) @@ -13,19 +12,7 @@ const PORT_CONTROL_CMD = 'nc -z 127.0.0.1 8545' const DEFAULT_COMPONENT = 'validators' async function getPortForwardCmd(celoEnv: string, component?: string, ports = defaultPortsString) { - if (isVmBased()) { - return Promise.resolve(getVmPortForwardCmd(celoEnv, component, ports)) - } else { - return getKubernetesPortForwardCmd(celoEnv, component, ports) - } -} - -function getVmPortForwardCmd(celoEnv: string, machine = 'validator-0', ports = defaultPortsString) { - const zone = fetchEnv(envVar.KUBERNETES_CLUSTER_ZONE) - // this command expects port mappings to be of the form `[localPort]:localhost:[remotePort]` - const portMappings = ports.replace(/:/g, ':localhost:').split(' ') - const portsWithFlags = portMappings.map((mapping) => `-L ${mapping}`).join(' ') - return `gcloud compute ssh --zone ${zone} ${celoEnv}-${machine} -- -N ${portsWithFlags}` + return getKubernetesPortForwardCmd(celoEnv, component, ports) } async function getKubernetesPortForwardCmd( diff --git a/packages/celotool/src/lib/terraform.ts b/packages/celotool/src/lib/terraform.ts deleted file mode 100644 index 57c90fdfc9c..00000000000 --- a/packages/celotool/src/lib/terraform.ts +++ /dev/null @@ -1,206 +0,0 @@ -import fs from 'fs' -import path from 'path' -import sleep from 'sleep-promise' -import { execCmd } from './cmd-utils' - -const terraformModulesPath = path.join(__dirname, '../../../terraform-modules') - -export interface TerraformVars { - [key: string]: string -} - -// Terraform requires the `backend-config` options to configure a remote backend -// with dynamic values. Sends stdout to /dev/null. -export async function initTerraformModule( - moduleName: string, - vars: TerraformVars, - backendConfigVars: TerraformVars -) { - const modulePath = getModulePath(moduleName) - return buildAndExecTerraformCmd( - 'init', - modulePath, - modulePath, - getVarOptions(vars), - getVarOptions(backendConfigVars, 'backend-config'), - '-reconfigure', - '> /dev/null' - ) -} - -export function planTerraformModule( - moduleName: string, - vars: TerraformVars, - destroy: boolean = false -) { - const planPath = getPlanPath(moduleName) - // Terraform requires an out directory to exist - const planDir = path.dirname(planPath) - if (!fs.existsSync(planDir)) { - fs.mkdirSync(planDir) - } - const modulePath = getModulePath(moduleName) - return buildAndExecTerraformCmd( - 'plan', - modulePath, - modulePath, - `-out=${planPath}`, - getVarOptions(vars), - destroy ? '-destroy' : '' - ) -} - -export function applyTerraformModule(moduleName: string) { - return buildAndExecTerraformCmd('apply', getModulePath(moduleName), getPlanPath(moduleName)) -} - -export function destroyTerraformModule(moduleName: string, vars: TerraformVars) { - return buildAndExecTerraformCmd( - 'destroy', - getModulePath(moduleName), - getVarOptions(vars), - '-force' - ) -} - -// Taints a resource or multiple resources with the same prefix if the resource name -// ends with '.*' -export function taintTerraformModuleResource(moduleName: string, resourceName: string) { - if (resourceName.endsWith('.*')) { - return taintEveryResourceWithPrefix(moduleName, resourceName.replace('.*', '')) - } else { - return taintResource(moduleName, resourceName) - } -} - -// Untaints a resource or multiple resources with the same prefix if the resource name -// ends with '.*' -export function untaintTerraformModuleResource(moduleName: string, resourceName: string) { - if (resourceName.endsWith('.*')) { - return untaintEveryResourceWithPrefix(moduleName, resourceName.replace('.*', '')) - } else { - return untaintResource(moduleName, resourceName) - } -} - -async function taintEveryResourceWithPrefix(moduleName: string, resourceName: string) { - const matches = await getEveryResourceWithPrefix(moduleName, resourceName) - for (const match of matches) { - await taintResource(moduleName, match) - // To avoid hitting rate limits - await sleep(100) - } -} - -async function untaintEveryResourceWithPrefix(moduleName: string, resourceName: string) { - const matches = await getEveryResourceWithPrefix(moduleName, resourceName) - for (const match of matches) { - await untaintResource(moduleName, match) - // To avoid hitting rate limits - await sleep(100) - } -} - -async function getEveryResourceWithPrefix(moduleName: string, resourcePrefix: string) { - const resources = await getTerraformModuleResourceNames(moduleName) - return resources.filter((resource: string) => resource.startsWith(resourcePrefix)) -} - -// Allow failures -function taintResource(moduleName: string, resourceName: string) { - try { - // escape quotes - const escapedResourceName = resourceName.replace(/"/g, '\\"') - return execTerraformCmd( - `terraform taint ${escapedResourceName}`, - getModulePath(moduleName), - false - ) - } catch (e) { - console.info(`Could not taint ${resourceName}`, e) - return Promise.resolve() - } -} - -// Allow failures -function untaintResource(moduleName: string, resourceName: string) { - try { - // escape quotes - const escapedResourceName = resourceName.replace(/"/g, '\\"') - return execTerraformCmd( - `terraform untaint ${escapedResourceName}`, - getModulePath(moduleName), - false - ) - } catch (e) { - console.info(`Could not taint ${resourceName}`, e) - return Promise.resolve() - } -} - -// pulls remote state -function refreshTerraformModule(moduleName: string, vars: TerraformVars) { - return buildAndExecTerraformCmd('refresh', getModulePath(moduleName), getVarOptions(vars)) -} - -export async function getTerraformModuleOutputs(moduleName: string, vars: TerraformVars) { - await refreshTerraformModule(moduleName, vars) - const modulePath = getModulePath(moduleName) - const [output] = await execCmd(`cd ${modulePath} && terraform output -json`) - return JSON.parse(output) -} - -// returns an array of resource and data names in the current state -export async function getTerraformModuleResourceNames(moduleName: string) { - const [output] = await execTerraformCmd(`terraform state list`, getModulePath(moduleName), false) - return output.split('\n') -} - -export function showTerraformModulePlan(moduleName: string) { - return execTerraformCmd( - `terraform show ${getPlanPath(moduleName)}`, - getModulePath(moduleName), - true - ) -} - -function getModulePath(moduleName: string) { - return path.join(terraformModulesPath, moduleName) -} - -function getPlanPath(moduleName: string) { - return path.join(terraformModulesPath, 'plan', moduleName) -} - -// Uses a TerraformVars object to generate command line var options for Terraform -function getVarOptions(vars: TerraformVars, optionName: string = 'var') { - const nameValuePairs = Object.keys(vars).map( - (varName) => `-${optionName}='${varName}=${vars[varName]}'` - ) - return nameValuePairs.join(' ') -} - -function execTerraformCmd(command: string, modulePath: string, pipeOutput: boolean) { - // use the middle two default arguments - return execCmd(`cd ${modulePath} && ${command}`, {}, false, pipeOutput) -} - -// `modulePath` is the path to the module that will be cd'd into. We change -// directories for each module so that module-specific configurations -// that are stored in the local .terraform directories do not conflict. -// `cmdPath` is the path to be provided to the terraform command -function buildAndExecTerraformCmd( - commandName: string, - modulePath: string, - cmdPath: string, - ...options: string[] -) { - const terraformCmd = buildTerraformCmd(commandName, cmdPath, ...options) - return execTerraformCmd(terraformCmd, modulePath, true) -} - -function buildTerraformCmd(command: string, cmdPath: string, ...options: string[]) { - const optionsStr = options ? options.join(' ') : '' - const applyPlanDirStr = command === 'apply' ? cmdPath : '' - return `terraform ${command} -input=false ${optionsStr} ${applyPlanDirStr}` -} diff --git a/packages/celotool/src/lib/transaction-metrics-exporter.ts b/packages/celotool/src/lib/transaction-metrics-exporter.ts index 7ca1356011b..4b79a2325eb 100644 --- a/packages/celotool/src/lib/transaction-metrics-exporter.ts +++ b/packages/celotool/src/lib/transaction-metrics-exporter.ts @@ -1,10 +1,9 @@ -import { envVar, fetchEnv, fetchEnvOrFallback, isVmBased } from 'src/lib/env-utils' +import { envVar, fetchEnv, fetchEnvOrFallback } from 'src/lib/env-utils' import { installGenericHelmChart, removeGenericHelmChart, upgradeGenericHelmChart, } from 'src/lib/helm_deploy' -import { getInternalTxNodeLoadBalancerIP } from 'src/lib/vm-testnet-utils' const chartDir = '../helm-charts/transaction-metrics-exporter/' @@ -58,8 +57,5 @@ async function helmParameters(celoEnv: string) { '' )}`, ] - if (isVmBased()) { - params.push(`--set web3Provider="ws://${await getInternalTxNodeLoadBalancerIP(celoEnv)}:8546"`) - } return params } diff --git a/packages/celotool/src/lib/utils.ts b/packages/celotool/src/lib/utils.ts index 3db31d6a569..40e4bf74beb 100644 --- a/packages/celotool/src/lib/utils.ts +++ b/packages/celotool/src/lib/utils.ts @@ -2,9 +2,8 @@ import sleep from 'sleep-promise' import yargs from 'yargs' import { switchToClusterFromEnv } from './cluster' import { execCmdWithExitOnFailure } from './cmd-utils' -import { envVar, fetchEnv, isVmBased } from './env-utils' +import { envVar, fetchEnv } from './env-utils' import { retrieveIPAddress } from './helm_deploy' -import { getTestnetOutputs } from './vm-testnet-utils' export async function outputIncludes(cmd: string, matchString: string, matchMessage?: string) { const [stdout] = await execCmdWithExitOnFailure(cmd) @@ -18,12 +17,7 @@ export async function outputIncludes(cmd: string, matchString: string, matchMess } export async function retrieveTxNodeIpAddress(celoEnv: string, txNodeIndex: number) { - if (isVmBased()) { - const outputs = await getTestnetOutputs(celoEnv) - return outputs.tx_node_ip_addresses.value[txNodeIndex] - } else { - return retrieveIPAddress(`${celoEnv}-tx-nodes-${txNodeIndex}`) - } + return retrieveIPAddress(`${celoEnv}-tx-nodes-${txNodeIndex}`) } export async function getVerificationPoolConfig(celoEnv: string) { diff --git a/packages/celotool/src/lib/vm-testnet-utils.ts b/packages/celotool/src/lib/vm-testnet-utils.ts deleted file mode 100644 index 935181b784c..00000000000 --- a/packages/celotool/src/lib/vm-testnet-utils.ts +++ /dev/null @@ -1,559 +0,0 @@ -import sleep from 'sleep-promise' -import { execCmd } from './cmd-utils' -import { confirmAction, envVar, fetchEnv, fetchEnvOrFallback } from './env-utils' -import { - AccountType, - generateGenesisFromEnv, - generatePrivateKey, - generatePublicKey, - getAddressFromEnv, - privateKeyToAddress, - privateKeyToPublicKey, -} from './generate_utils' -import { - applyTerraformModule, - destroyTerraformModule, - getTerraformModuleOutputs, - initTerraformModule, - planTerraformModule, - showTerraformModulePlan, - taintTerraformModuleResource, - TerraformVars, - untaintTerraformModuleResource, -} from './terraform' -import { - getGenesisBlockFromGoogleStorage, - getProxiesPerValidator, - getProxyName, - uploadDataToGoogleStorage, - uploadGenesisBlockToGoogleStorage, - uploadTestnetInfoToGoogleStorage, -} from './testnet-utils' - -export interface ProxyIndex { - validatorIndex: number - proxyIndex: number -} - -// Keys = gcloud project name -const projectConfig = { - 'celo-testnet': { - secretsBucketName: 'celo-testnet-secrets', - stateBucketName: 'celo_tf_state', - }, - 'celo-testnet-production': { - secretsBucketName: 'celo-testnet-secrets-prod', - stateBucketName: 'celo_tf_state_prod', - }, -} - -const testnetTerraformModule = 'testnet' -const testnetNetworkTerraformModule = 'testnet-network' - -interface NodeSecrets { - ACCOUNT_ADDRESS: string - BOOTNODE_ENODE_ADDRESS: string - PRIVATE_KEY: string - PROXIED_VALIDATOR_ADDRESS?: string - PROXY_ENODE_ADDRESSES?: string - [envVar.GETH_ACCOUNT_SECRET]: string - [envVar.MNEMONIC]: string -} - -// The keys correspond to the variable names that Terraform expects and -// the values correspond to the names of the appropriate env variables -const testnetEnvVars: TerraformVars = { - block_time: envVar.BLOCK_TIME, - celo_env: envVar.CELOTOOL_CELOENV, - gcloud_credentials_path: envVar.GOOGLE_APPLICATION_CREDENTIALS, - gcloud_project: envVar.TESTNET_PROJECT_NAME, - geth_verbosity: envVar.GETH_VERBOSITY, - geth_bootnode_docker_image_repository: envVar.GETH_BOOTNODE_DOCKER_IMAGE_REPOSITORY, - geth_bootnode_docker_image_tag: envVar.GETH_BOOTNODE_DOCKER_IMAGE_TAG, - geth_metrics: envVar.GETH_ENABLE_METRICS, - geth_node_docker_image_repository: envVar.GETH_NODE_DOCKER_IMAGE_REPOSITORY, - geth_node_docker_image_tag: envVar.GETH_NODE_DOCKER_IMAGE_TAG, - in_memory_discovery_table: envVar.IN_MEMORY_DISCOVERY_TABLE, - istanbul_request_timeout_ms: envVar.ISTANBUL_REQUEST_TIMEOUT_MS, - network_id: envVar.NETWORK_ID, - private_tx_node_count: envVar.PRIVATE_TX_NODES, - node_disk_size_gb: envVar.NODE_DISK_SIZE_GB, - private_node_disk_size_gb: envVar.PRIVATE_NODE_DISK_SIZE_GB, - tx_node_count: envVar.TX_NODES, - validator_count: envVar.VALIDATORS, -} - -const testnetNetworkEnvVars: TerraformVars = { - celo_env: envVar.CELOTOOL_CELOENV, - gcloud_credentials_path: envVar.GOOGLE_APPLICATION_CREDENTIALS, - gcloud_project: envVar.TESTNET_PROJECT_NAME, -} - -// Resources that are tainted when upgrade-resetting -const testnetResourcesToReset = [ - // bootnode - 'module.bootnode.google_compute_instance.bootnode', - // validators - 'module.validator.google_compute_instance.validator.*', - 'module.validator.google_compute_disk.validator.*', - // validator proxies - 'module.validator.module.proxy.random_id.full_node.*', - 'module.validator.module.proxy.google_compute_instance.full_node.*', - 'module.validator.module.proxy.random_id.full_node_disk.*', - 'module.validator.module.proxy.google_compute_disk.full_node.*', - // tx-nodes - 'module.tx_node.random_id.full_node.*', - 'module.tx_node.google_compute_instance.full_node.*', - 'module.tx_node.random_id.full_node_disk.*', - 'module.tx_node.google_compute_disk.full_node.*', - // private tx-nodes - 'module.tx_node_private.random_id.full_node.*', - 'module.tx_node_private.google_compute_instance.full_node.*', - 'module.tx_node_private.random_id.full_node_disk.*', - 'module.tx_node_private.google_compute_disk.full_node.*', - // tx-node load balancer instance group - 'module.tx_node_lb.random_id.external', - 'module.tx_node_lb.google_compute_instance_group.external', - 'module.tx_node_lb.random_id.internal', - 'module.tx_node_lb.google_compute_instance_group.internal', -] - -export async function deploy( - celoEnv: string, - generateSecrets: boolean, - useExistingGenesis: boolean, - onConfirmFailed?: () => Promise -) { - // If we are not using the default network, we want to create/upgrade our network - if (!useDefaultNetwork()) { - console.info('First deploying the testnet VPC network') - - const networkVars: TerraformVars = getTestnetNetworkVars(celoEnv) - await deployModule(celoEnv, testnetNetworkTerraformModule, networkVars, onConfirmFailed) - } - - const testnetVars: TerraformVars = await getTestnetVars(celoEnv, useExistingGenesis) - await deployModule(celoEnv, testnetTerraformModule, testnetVars, onConfirmFailed, async () => { - if (generateSecrets) { - console.info('Generating and uploading secrets env files to Google Storage...') - await generateAndUploadSecrets(celoEnv) - } - }) - await uploadTestnetInfoToGoogleStorage(celoEnv) -} - -export async function deployModule( - celoEnv: string, - terraformModule: string, - vars: TerraformVars, - onConfirmFailed?: () => Promise, - onConfirmSuccess?: () => Promise -) { - const backendConfigVars: TerraformVars = getTerraformBackendConfigVars(celoEnv, terraformModule) - - const envType = fetchEnv(envVar.ENV_TYPE) - console.info(` - Deploying: - Terraform Module: ${terraformModule} - Celo Env: ${celoEnv} - Environment: ${envType} - `) - - console.info('Initializing...') - await initTerraformModule(terraformModule, vars, backendConfigVars) - - console.info('Planning...') - await planTerraformModule(terraformModule, vars) - - // await showTerraformModulePlan(terraformModule) - - await confirmAction( - `Are you sure you want to perform the above plan for Celo env ${celoEnv} in environment ${envType}?`, - onConfirmFailed, - onConfirmSuccess - ) - - console.info('Applying...') - await applyTerraformModule(terraformModule) -} - -export async function destroy(celoEnv: string) { - const testnetVars: TerraformVars = await getTestnetVars(celoEnv, true) - - await destroyModule(celoEnv, testnetTerraformModule, testnetVars) - - // If we are not using the default network, we want to destroy our network - if (!useDefaultNetwork()) { - console.info('Destroying the testnet VPC network') - - const networkVars: TerraformVars = getTestnetNetworkVars(celoEnv) - await destroyModule(celoEnv, testnetNetworkTerraformModule, networkVars) - } -} - -export async function destroyModule( - celoEnv: string, - terraformModule: string, - vars: TerraformVars = {} -) { - const backendConfigVars: TerraformVars = getTerraformBackendConfigVars(celoEnv, terraformModule) - - const envType = fetchEnv(envVar.ENV_TYPE) - console.info(` - Destroying: - Terraform Module: ${terraformModule} - Celo Env: ${celoEnv} - Environment: ${envType} - `) - - console.info('Initializing...') - await initTerraformModule(terraformModule, vars, backendConfigVars) - - console.info('Planning...') - await planTerraformModule(terraformModule, vars, true) - - await showTerraformModulePlan(terraformModule) - - await confirmAction(`Are you sure you want to destroy ${celoEnv} in environment ${envType}?`) - - await destroyTerraformModule(terraformModule, vars) -} - -// force the recreation of various resources upon the next deployment -export async function taintTestnet(celoEnv: string) { - console.info('Tainting testnet...') - const vars: TerraformVars = await getTestnetVars(celoEnv, true) - const backendConfigVars: TerraformVars = getTerraformBackendConfigVars( - celoEnv, - testnetTerraformModule - ) - await initTerraformModule(testnetTerraformModule, vars, backendConfigVars) - - for (const resource of testnetResourcesToReset) { - console.info(`Tainting ${resource}`) - await taintTerraformModuleResource(testnetTerraformModule, resource) - // To avoid getting errors for too many gcloud storage API requests - await sleep(2000) - } -} - -export async function untaintTestnet(celoEnv: string) { - console.info('Untainting testnet...') - const vars: TerraformVars = await getTestnetVars(celoEnv, true) - const backendConfigVars: TerraformVars = getTerraformBackendConfigVars( - celoEnv, - testnetTerraformModule - ) - await initTerraformModule(testnetTerraformModule, vars, backendConfigVars) - - for (const resource of testnetResourcesToReset) { - console.info(`Untainting ${resource}`) - await untaintTerraformModuleResource(testnetTerraformModule, resource) - // To avoid getting errors for too many gcloud storage API requests - await sleep(2000) - } -} - -export async function getTestnetOutputs(celoEnv: string) { - const vars: TerraformVars = await getTestnetVars(celoEnv, true) - const backendConfigVars: TerraformVars = getTerraformBackendConfigVars( - celoEnv, - testnetTerraformModule - ) - await initTerraformModule(testnetTerraformModule, vars, backendConfigVars) - return getTerraformModuleOutputs(testnetTerraformModule, vars) -} - -export async function getInternalTxNodeLoadBalancerIP(celoEnv: string) { - const fullCmd = getInternalTxNodeLoadBalancerIpCommand(celoEnv) - const [output] = await execCmd(fullCmd) - return output.trim() -} - -export async function getInternalValidatorIPs(celoEnv: string) { - const outputs = await getTestnetOutputs(celoEnv) - return outputs.validator_internal_ip_addresses.value -} - -export async function getInternalProxyIPs(celoEnv: string) { - const outputs = await getTestnetOutputs(celoEnv) - return outputs.proxy_internal_ip_addresses.value -} - -export async function getInternalTxNodeIPs(celoEnv: string) { - const outputs = await getTestnetOutputs(celoEnv) - return outputs.tx_node_internal_ip_addresses.value -} - -export function getTerraformBackendConfigVars(celoEnv: string, terraformModule: string) { - return { - bucket: stateBucketName(), - prefix: `${celoEnv}/${terraformModule}`, - } -} - -async function getTestnetVars(celoEnv: string, useExistingGenesis: boolean) { - let genesisContent: string = '' - if (useExistingGenesis) { - genesisContent = await getGenesisBlockFromGoogleStorage(celoEnv) - } else { - generateGenesisFromEnv() - await uploadGenesisBlockToGoogleStorage(genesisContent, celoEnv) - } - - const genesisBuffer = Buffer.from(genesisContent) - const domainName = fetchEnv(envVar.CLUSTER_DOMAIN_NAME) - return { - ...getEnvVarValues(testnetEnvVars), - // Cloud DNS for our domains only lives in celo-testnet - dns_gcloud_project: 'celo-testnet', - dns_zone_name: dnsZoneName(domainName), - ethstats_host: `${celoEnv}-ethstats.${domainName}.org`, - forno_host: `${celoEnv}-forno.${domainName}.org`, - gcloud_secrets_bucket: secretsBucketName(), - gcloud_secrets_base_path: secretsBasePath(celoEnv), - // only able to view objects for accessing secrets & modify ssl certs for forno setup - gcloud_vm_service_account_email: `terraform-testnet@${fetchEnv( - envVar.TESTNET_PROJECT_NAME - )}.iam.gserviceaccount.com`, - genesis_content_base64: genesisBuffer.toString('base64'), - // forno is the name for our setup that has tx-nodes reachable via a domain name - letsencrypt_email: 'n@celo.org', - network_name: networkName(celoEnv), - proxies_per_validator: JSON.stringify(getProxiesPerValidator()), - } -} - -function getTestnetNetworkVars(celoEnv: string): TerraformVars { - return { - ...getEnvVarValues(testnetNetworkEnvVars), - network_name: networkName(celoEnv), - } -} - -function getEnvVarValues(terraformEnvVars: TerraformVars) { - const vars: { [key: string]: string } = {} - for (const key of Object.keys(terraformEnvVars)) { - vars[key] = fetchEnv(terraformEnvVars[key]) - } - return vars -} - -export async function generateAndUploadSecrets(celoEnv: string) { - // Bootnode - const bootnodeSecrets = generateBootnodeSecretEnvVars() - await uploadSecrets(celoEnv, bootnodeSecrets, 'bootnode') - // Tx Nodes - const txNodeCount = parseInt(fetchEnv(envVar.TX_NODES), 10) - for (let i = 0; i < txNodeCount; i++) { - const secrets = generateNodeSecretEnvVars(AccountType.TX_NODE, i) - await uploadSecrets(celoEnv, secrets, `tx-node-${i}`) - } - // Private tx Nodes - const privateTxNodeCount = parseInt(fetchEnv(envVar.PRIVATE_TX_NODES), 10) - for (let i = 0; i < privateTxNodeCount; i++) { - // Ensure there is no overlap with tx node keys - const secrets = generateNodeSecretEnvVars(AccountType.TX_NODE, i, 1000 + i) - await uploadSecrets(celoEnv, secrets, `tx-node-private-${i}`) - } - // Validators - const validatorCount = parseInt(fetchEnv(envVar.VALIDATORS), 10) - for (let i = 0; i < validatorCount; i++) { - const secrets = generateNodeSecretEnvVars(AccountType.VALIDATOR, i) - await uploadSecrets(celoEnv, secrets, `validator-${i}`) - } - // Proxies - const proxiesPerValidator = getProxiesPerValidator() - let validatorIndex = 0 - for (const proxyCount of proxiesPerValidator) { - for (let i = 0; i < proxyCount; i++) { - const secrets = generateProxySecretEnvVars(validatorIndex, i) - await uploadSecrets(celoEnv, secrets, `validator-${validatorIndex}-proxy-${i}`) - } - validatorIndex++ - } -} - -function uploadSecrets(celoEnv: string, secrets: string, resourceName: string) { - const cloudStorageFileName = `${secretsBasePath(celoEnv)}/.env.${resourceName}` - return uploadDataToGoogleStorage( - secrets, - secretsBucketName(), - cloudStorageFileName, - false, - 'text/plain' - ) -} - -function generateBootnodeSecretEnvVars() { - const mnemonic = fetchEnv(envVar.MNEMONIC) - return formatEnvVars({ - NODE_KEY: generatePrivateKey(mnemonic, AccountType.BOOTNODE, 0), - }) -} - -function generateNodeSecretEnvVars( - accountType: AccountType, - index: number, - keyIndex: number = index -) { - const mnemonic = fetchEnv(envVar.MNEMONIC) - const privateKey = generatePrivateKey(mnemonic, accountType, keyIndex) - const secrets = getNodeSecrets(privateKey) - // If this is meant to be a proxied validator, also generate the enode of its proxy - if (accountType === AccountType.VALIDATOR) { - const proxiesPerValidator = getProxiesPerValidator() - if (index < proxiesPerValidator.length) { - const proxyEnodeAddresses = [] - for (let proxyIndex = 0; proxyIndex < proxiesPerValidator[index]; proxyIndex++) { - proxyEnodeAddresses.push(privateKeyToPublicKey(generateProxyPrivateKey(index, proxyIndex))) - } - secrets.PROXY_ENODE_ADDRESSES = proxyEnodeAddresses.join(',') - } - } - return formatEnvVars(secrets) -} - -function generateProxySecretEnvVars(validatorIndex: number, proxyIndex: number) { - const privateKey = generateProxyPrivateKey(validatorIndex, proxyIndex) - const secrets = getNodeSecrets(privateKey) - secrets.PROXIED_VALIDATOR_ADDRESS = getAddressFromEnv(AccountType.VALIDATOR, validatorIndex) - return formatEnvVars(secrets) -} - -function generateProxyPrivateKey(validatorIndex: number, proxyIndex: number) { - const mnemonic = fetchEnv(envVar.MNEMONIC) - // To allow a validator to have many proxies and to be able to easily - // adjust the number of proxies it has, the following index is calculated - const index = validatorIndex * 10000 + proxyIndex - return generatePrivateKey(mnemonic, AccountType.PROXY, index) -} - -function getNodeSecrets(privateKey: string): NodeSecrets { - const mnemonic = fetchEnv(envVar.MNEMONIC) - return { - ACCOUNT_ADDRESS: privateKeyToAddress(privateKey), - BOOTNODE_ENODE_ADDRESS: generatePublicKey(mnemonic, AccountType.BOOTNODE, 0), - PRIVATE_KEY: privateKey, - [envVar.GETH_ACCOUNT_SECRET]: fetchEnv(envVar.GETH_ACCOUNT_SECRET), - [envVar.MNEMONIC]: mnemonic, - } -} - -// Formats an object into a multi-line string with each line as KEY=VALUE -function formatEnvVars(envVars: { [key: string]: any }) { - return Object.keys(envVars) - .map((key) => `${key}='${envVars[key]}'`) - .join('\n') -} - -function secretsBasePath(celoEnv: string) { - return `vm/${celoEnv}` -} - -function useDefaultNetwork() { - return ( - fetchEnvOrFallback(envVar.VM_BASED, 'false') !== 'true' || - fetchEnv(envVar.KUBERNETES_CLUSTER_NAME) === 'celo-networks-dev' - ) -} - -export function networkName(celoEnv: string) { - return useDefaultNetwork() ? 'default' : `${celoEnv}-network` -} - -function secretsBucketName() { - const config = configForProject() - return config.secretsBucketName -} - -function stateBucketName() { - const config = configForProject() - return config.stateBucketName -} - -function configForProject() { - const project = fetchEnv(envVar.TESTNET_PROJECT_NAME) - if (!projectConfig.hasOwnProperty(project)) { - throw new Error(`No config for project ${project}`) - } - // @ts-ignore - we check above to see if the property exists - return projectConfig[project] -} - -// name of the DNS zone in Google Cloud for a particular domain -function dnsZoneName(domain: string) { - return `${domain}-org` -} - -export function getVmSshCommand(instanceName: string) { - const project = fetchEnv(envVar.TESTNET_PROJECT_NAME) - const zone = fetchEnv(envVar.KUBERNETES_CLUSTER_ZONE) - return `gcloud beta compute --project '${project}' ssh --zone '${zone}' ${instanceName} --tunnel-through-iap` -} - -export function getInternalTxNodeLoadBalancerIpCommand(celoEnv: string) { - const project = fetchEnv(envVar.TESTNET_PROJECT_NAME) - return `gcloud compute forwarding-rules list --project '${project}' --filter="name~'${celoEnv}-tx-node-lb-internal-fwd-rule'" --format='get(IPAddress)'` -} - -export async function getNodeVmName( - celoEnv: string, - nodeType: string, - index?: number | ProxyIndex -) { - const nodeTypesWithRandomSuffixes = ['tx-node', 'tx-node-private', 'proxy'] - const nodeTypesWithNoIndex = ['bootnode'] - let instanceName - if (nodeTypesWithRandomSuffixes.includes(nodeType)) { - instanceName = await getNodeVmNameWithRandomSuffix(celoEnv, nodeType, index || 0) - } else { - instanceName = `${celoEnv}-${nodeType}` - if (!nodeTypesWithNoIndex.includes(nodeType) && index !== undefined) { - instanceName += `-${index}` - } - } - return instanceName -} - -// Some VM names have a randomly generated suffix. This returns the full name -// of the instance given only the celoEnv and index. -async function getNodeVmNameWithRandomSuffix( - celoEnv: string, - nodeType: string, - index: number | ProxyIndex -) { - const project = fetchEnv(envVar.TESTNET_PROJECT_NAME) - - const baseName = - typeof index === 'number' - ? `${celoEnv}-${nodeType}-${index}` - : getProxyName(celoEnv, index.validatorIndex, index.proxyIndex) - - const [nodeName] = await execCmd( - `gcloud compute instances list --project '${project}' --filter="NAME ~ ${baseName}-.*" --format get\\(NAME\\)` - ) - return nodeName.trim() -} - -// indexCoercer is a yargs coercer that parses numeric indices and colon-separated -// indices (:) into a ProxyIndex type. -export function indexCoercer(value: string) { - if (!value) { - return value - } - const splitValues = value.split(':').filter((v) => v) - // Then it's just a single index number - if (splitValues.length === 1) { - return parseInt(value, 10) - } else if (splitValues.length === 2) { - const parsedValues = splitValues.map((v) => parseInt(v, 10)) - const proxyIndex: ProxyIndex = { - validatorIndex: parsedValues[0], - proxyIndex: parsedValues[1], - } - return proxyIndex - } else { - throw new Error('Incorrect index') - } -} diff --git a/packages/docs/developer-resources/utils/reference/README.md b/packages/docs/developer-resources/utils/reference/README.md index f981610c716..3c2f9cb9bcf 100644 --- a/packages/docs/developer-resources/utils/reference/README.md +++ b/packages/docs/developer-resources/utils/reference/README.md @@ -109,20 +109,13 @@ See the [issue backlog](https://github.com/celo-org/celo-monorepo/issues) for a The repository has the following packages (sub projects): - [attestation-service](packages/attestation-service) - service run by validators on the Celo network to send SMS messages, enabling attestations of user phone numbers and their accounts on the Celo network -- [blockchain-api](packages/blockchain-api) - service that uses Blockscout to present view of transactions by account for Celo Wallet activity feed - [celotool](packages/celotool) - scripts for deploying and managing testnets - [cli](packages/cli) - tool that uses ContractKit to interact with the Celo protocol ([docs](https://docs.celo.org/command-line-interface/introduction)) -- [contractkit](packages/contractkit) - library to help developers and validators interact with the protocol and it's smart contracts ([docs](https://docs.celo.org/celo-sdk/contractkit)) +- [sdk/contractkit](packages/sdk/contractkit) - library to help developers and validators interact with the protocol and it's smart contracts ([docs](https://docs.celo.org/celo-sdk/contractkit)) - [dev-utils](packages/dev-utils) - a utils package for use as a dev dependency - [docs](packages/docs) - technical documentation for the Celo project ([live](https://docs.celo.org/)) -- [faucet](packages/faucet) - faucet deployment configuration ([live](https://celo.org/build/faucet)) - [helm-charts](packages/helm-charts) - templatized deployments of entire environments to Kubernetes clusters -- [mobile](packages/mobile) - Android wallet app for the Celo platform ([docs](https://docs.celo.org/getting-started/using-the-mobile-wallet), [live](https://play.google.com/store/apps/details?id=org.celo.mobile.alfajores)) -- [notification-service](packages/notification-service) - service for managing push notifications for Celo Wallet - [protocol](packages/protocol) - identity, stability and other smart contracts for the Celo protocol ([docs](https://docs.celo.org/celo-codebase/protocol)) -- [react-components](packages/react-components) - generalized react native components -- [reserve-site](packages/reserve-site) - website for ([Celo Reserve.org](https://celoreserve.org/)) -- [terraform-modules](packages/terraform-modules) - templatized deployments of entire VM-based testnets for Google Cloud Platform - [typescript](packages/typescript) - no README available (improve?) - [utils](packages/utils) - no README available (improve?) diff --git a/packages/docs/sdk/docs/phone-utils/modules/_getcountryemoji_.md b/packages/docs/sdk/docs/phone-utils/modules/_getcountryemoji_.md index 9f935271cce..1aee69d5bc2 100644 --- a/packages/docs/sdk/docs/phone-utils/modules/_getcountryemoji_.md +++ b/packages/docs/sdk/docs/phone-utils/modules/_getcountryemoji_.md @@ -12,7 +12,7 @@ ### getCountryEmoji -â–¸ **getCountryEmoji**(`e164PhoneNumber`: string, `countryCodePossible?`: undefined | number, `regionCodePossible?`: undefined | string): *string* +â–¸ **getCountryEmoji**(`e164PhoneNumber`: string, `countryCodePossible?`: undefined | number, `regionCodePossible?`: undefined | string): *[getCountryEmoji](_getcountryemoji_.md#getcountryemoji)* *Defined in [getCountryEmoji.ts:4](https://github.com/celo-org/celo-monorepo/blob/master/packages/sdk/phone-utils/src/getCountryEmoji.ts#L4)* @@ -24,4 +24,4 @@ Name | Type | `countryCodePossible?` | undefined | number | `regionCodePossible?` | undefined | string | -**Returns:** *string* +**Returns:** *[getCountryEmoji](_getcountryemoji_.md#getcountryemoji)* diff --git a/packages/docs/sdk/docs/phone-utils/modules/_phonenumbers_.md b/packages/docs/sdk/docs/phone-utils/modules/_phonenumbers_.md index 85a1317bfc8..adf3d34643d 100644 --- a/packages/docs/sdk/docs/phone-utils/modules/_phonenumbers_.md +++ b/packages/docs/sdk/docs/phone-utils/modules/_phonenumbers_.md @@ -25,7 +25,7 @@ ### getCountryCode -â–¸ **getCountryCode**(`e164PhoneNumber`: string): *undefined | null | number* +â–¸ **getCountryCode**(`e164PhoneNumber`: string): *[getCountryCode](_phonenumbers_.md#getcountrycode)* *Defined in [phoneNumbers.ts:13](https://github.com/celo-org/celo-monorepo/blob/master/packages/sdk/phone-utils/src/phoneNumbers.ts#L13)* @@ -35,13 +35,13 @@ Name | Type | ------ | ------ | `e164PhoneNumber` | string | -**Returns:** *undefined | null | number* +**Returns:** *[getCountryCode](_phonenumbers_.md#getcountrycode)* ___ ### getDisplayNumberInternational -â–¸ **getDisplayNumberInternational**(`e164PhoneNumber`: string): *string* +â–¸ **getDisplayNumberInternational**(`e164PhoneNumber`: string): *[getDisplayNumberInternational](_phonenumbers_.md#getdisplaynumberinternational)* *Defined in [phoneNumbers.ts:59](https://github.com/celo-org/celo-monorepo/blob/master/packages/sdk/phone-utils/src/phoneNumbers.ts#L59)* @@ -51,13 +51,13 @@ Name | Type | ------ | ------ | `e164PhoneNumber` | string | -**Returns:** *string* +**Returns:** *[getDisplayNumberInternational](_phonenumbers_.md#getdisplaynumberinternational)* ___ ### getDisplayPhoneNumber -â–¸ **getDisplayPhoneNumber**(`phoneNumber`: string, `defaultCountryCode`: string): *string* +â–¸ **getDisplayPhoneNumber**(`phoneNumber`: string, `defaultCountryCode`: string): *[getDisplayPhoneNumber](_phonenumbers_.md#getdisplayphonenumber)* *Defined in [phoneNumbers.ts:49](https://github.com/celo-org/celo-monorepo/blob/master/packages/sdk/phone-utils/src/phoneNumbers.ts#L49)* @@ -68,13 +68,13 @@ Name | Type | `phoneNumber` | string | `defaultCountryCode` | string | -**Returns:** *string* +**Returns:** *[getDisplayPhoneNumber](_phonenumbers_.md#getdisplayphonenumber)* ___ ### getE164DisplayNumber -â–¸ **getE164DisplayNumber**(`e164PhoneNumber`: string): *string* +â–¸ **getE164DisplayNumber**(`e164PhoneNumber`: string): *[getE164DisplayNumber](_phonenumbers_.md#gete164displaynumber)* *Defined in [phoneNumbers.ts:70](https://github.com/celo-org/celo-monorepo/blob/master/packages/sdk/phone-utils/src/phoneNumbers.ts#L70)* @@ -84,13 +84,13 @@ Name | Type | ------ | ------ | `e164PhoneNumber` | string | -**Returns:** *string* +**Returns:** *[getE164DisplayNumber](_phonenumbers_.md#gete164displaynumber)* ___ ### getE164Number -â–¸ **getE164Number**(`phoneNumber`: string, `defaultCountryCode`: string): *null | string* +â–¸ **getE164Number**(`phoneNumber`: string, `defaultCountryCode`: string): *[getE164Number](_phonenumbers_.md#gete164number)* *Defined in [phoneNumbers.ts:75](https://github.com/celo-org/celo-monorepo/blob/master/packages/sdk/phone-utils/src/phoneNumbers.ts#L75)* @@ -101,13 +101,13 @@ Name | Type | `phoneNumber` | string | `defaultCountryCode` | string | -**Returns:** *null | string* +**Returns:** *[getE164Number](_phonenumbers_.md#gete164number)* ___ ### getExampleNumber -â–¸ **getExampleNumber**(`regionCode`: string, `useOnlyZeroes`: boolean, `isInternational`: boolean): *undefined | string* +â–¸ **getExampleNumber**(`regionCode`: string, `useOnlyZeroes`: boolean, `isInternational`: boolean): *[getExampleNumber](_phonenumbers_.md#getexamplenumber)* *Defined in [phoneNumbers.ts:212](https://github.com/celo-org/celo-monorepo/blob/master/packages/sdk/phone-utils/src/phoneNumbers.ts#L212)* @@ -119,13 +119,13 @@ Name | Type | Default | `useOnlyZeroes` | boolean | true | `isInternational` | boolean | false | -**Returns:** *undefined | string* +**Returns:** *[getExampleNumber](_phonenumbers_.md#getexamplenumber)* ___ ### getRegionCode -â–¸ **getRegionCode**(`e164PhoneNumber`: string): *undefined | null | string* +â–¸ **getRegionCode**(`e164PhoneNumber`: string): *[getRegionCode](_phonenumbers_.md#getregioncode)* *Defined in [phoneNumbers.ts:25](https://github.com/celo-org/celo-monorepo/blob/master/packages/sdk/phone-utils/src/phoneNumbers.ts#L25)* @@ -135,13 +135,13 @@ Name | Type | ------ | ------ | `e164PhoneNumber` | string | -**Returns:** *undefined | null | string* +**Returns:** *[getRegionCode](_phonenumbers_.md#getregioncode)* ___ ### getRegionCodeFromCountryCode -â–¸ **getRegionCodeFromCountryCode**(`countryCode`: string): *null | string* +â–¸ **getRegionCodeFromCountryCode**(`countryCode`: string): *[getRegionCodeFromCountryCode](_phonenumbers_.md#getregioncodefromcountrycode)* *Defined in [phoneNumbers.ts:37](https://github.com/celo-org/celo-monorepo/blob/master/packages/sdk/phone-utils/src/phoneNumbers.ts#L37)* @@ -151,13 +151,13 @@ Name | Type | ------ | ------ | `countryCode` | string | -**Returns:** *null | string* +**Returns:** *[getRegionCodeFromCountryCode](_phonenumbers_.md#getregioncodefromcountrycode)* ___ ### isE164NumberStrict -â–¸ **isE164NumberStrict**(`phoneNumber`: string): *boolean* +â–¸ **isE164NumberStrict**(`phoneNumber`: string): *[isE164NumberStrict](_phonenumbers_.md#ise164numberstrict)* *Defined in [phoneNumbers.ts:85](https://github.com/celo-org/celo-monorepo/blob/master/packages/sdk/phone-utils/src/phoneNumbers.ts#L85)* @@ -167,7 +167,7 @@ Name | Type | ------ | ------ | `phoneNumber` | string | -**Returns:** *boolean* +**Returns:** *[isE164NumberStrict](_phonenumbers_.md#ise164numberstrict)* ___ diff --git a/packages/helm-charts/oracle/USDCBRL.yaml b/packages/helm-charts/oracle/USDCBRL.yaml index d605cf0d68d..94080e764f5 100644 --- a/packages/helm-charts/oracle/USDCBRL.yaml +++ b/packages/helm-charts/oracle/USDCBRL.yaml @@ -19,10 +19,6 @@ oracle: {exchange: 'KRAKEN', symbol: 'USDCUSD', toInvert: false}, {exchange: 'BITSO', symbol: 'USDBRL', toInvert: false } ], - [ - {exchange: 'BINANCEUS', symbol: 'USDCUSD', toInvert: false}, - {exchange: 'BITSO', symbol: 'USDBRL', toInvert: false } - ], [ {exchange: 'COINBASE', symbol: 'USDTUSDC', toInvert: true}, {exchange: 'BINANCE', symbol: 'USDTBRL', toInvert: false } diff --git a/packages/helm-charts/oracle/USDCEUR.yaml b/packages/helm-charts/oracle/USDCEUR.yaml index 431971a2418..112008c9edb 100644 --- a/packages/helm-charts/oracle/USDCEUR.yaml +++ b/packages/helm-charts/oracle/USDCEUR.yaml @@ -27,10 +27,6 @@ oracle: {exchange: 'KRAKEN', symbol: 'USDCUSD', toInvert: false}, {exchange: 'KRAKEN', symbol: 'EURUSD', toInvert: true} ], - [ - {exchange: 'BINANCEUS', symbol: 'USDCUSD', toInvert: false}, - {exchange: 'KRAKEN', symbol: 'EURUSD', toInvert: true} - ], ]" minPriceSourceCount: 2 reportStrategy: BLOCK_BASED diff --git a/packages/terraform-modules-public/.gitignore b/packages/terraform-modules-public/.gitignore deleted file mode 100644 index a38f5ea139c..00000000000 --- a/packages/terraform-modules-public/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -plan/ -*.tfstate* -*secret*.tfvars diff --git a/packages/terraform-modules-public/aws/README.md b/packages/terraform-modules-public/aws/README.md deleted file mode 100644 index 14dc64d6316..00000000000 --- a/packages/terraform-modules-public/aws/README.md +++ /dev/null @@ -1,28 +0,0 @@ -# Terraform Celo Validator Stack - -## Overview - -[Terraform](https://www.terraform.io) is a tool by Hashicorp that allows developers to treat _"infrastructure as code"_, easying the management and repeatibility of the -infrastructure. -Infrastructure and all kind of cloud resources are defined in modules, and Terraform creates/changes/destroys when changes are applied. - -Inside the [testnet](./testnet) folder you will find a module (and submodules) to create the setup for running a Celo Validator on AWS. The next logic resources can be created: - -- `vpc` module for setting up a VPC with a public and private subnet on multiple availability zones. Validator nodes go in the private subnet while bastion, proxy, and attestation nodes go in the public subnet. -- `bastion` module for an SSH bastion node. For security purposes, this is the only node that accepts external SSH traffic. All other nodes only accept SSH from the bastion. -- `proxy` module for creating a Proxy connected to a validator -- `validator` module for deploying a Validator -- `attestation-service` for deploying the Attestation Service (https://docs.celo.org/getting-started/baklava-testnet/running-a-validator#running-the-attestation-service). Each attestation service will connect to the same multi-AZ RDS DB instance. Only Twilio is supported at this time. - -## Operating System - -All nodes run on the Ubuntu LTS 18.04 AMI. Running `terraform apply` will select the latest available AMI. - -## Hardening & Security - -Celo nodes will get provisioned with some recommended security settings from cLab's Security Audit team. Most of this hardening is done in `install-base.sh` and `final-hardening.sh`. - -## Requirements - -Inside the [example](./example) folder you can find an example tf to use the module. Use that tf as base file for your deployment, modifying the account variables used for your convenience. -Alternatively you can take that tf files as base for customizing your deployment. Please take care specially about the VPC network configuration. The validators nodes deployed have not a public IP so the access to them is restricted. In order to provide outbound connection of these nodes the VPC network has to be configured with a NAT service allowing external traffic. diff --git a/packages/terraform-modules-public/aws/examples/mainnet/main.tf b/packages/terraform-modules-public/aws/examples/mainnet/main.tf deleted file mode 100644 index 3ebd6d3442a..00000000000 --- a/packages/terraform-modules-public/aws/examples/mainnet/main.tf +++ /dev/null @@ -1,41 +0,0 @@ -provider "aws" { - region = var.region -} - -terraform { - required_version = ">= 0.12.0" - # We recommend using remote state for production configs. - # Uncomment and update the config block below to use remote state. - # - # backend "s3" { - # bucket = "mybucket" - # key = "mytfs/celo/terraform.tfstate" - # region = "myregion" - - # dynamodb_table = "mydynamodb_table" - # encrypt = true - # } -} - -module "celo_cluster" { - source = "../../testnet" - - region = var.region - cidr_blocks = var.cidr_blocks - key_pair_name = var.key_pair_name - celo_image = var.celo_image - celo_network_id = var.celo_network_id - celo_image_attestation = var.celo_image_attestation - ethstats_host = var.ethstats_host - twilio_messaging_service_sid = var.twilio_messaging_service_sid - twilio_verify_service_sid = var.twilio_verify_service_sid - twilio_account_sid = var.twilio_account_sid - twilio_unsupported_regions = var.twilio_unsupported_regions - twilio_auth_token = var.twilio_auth_token - nexmo_api_key = var.nexmo_api_key - nexmo_api_secret = var.nexmo_api_secret - nexmo_unsupported_regions = var.nexmo_unsupported_regions - proxies = var.proxies - validators = var.validators - attestation_services = var.attestation_services -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/examples/mainnet/outputs.tf b/packages/terraform-modules-public/aws/examples/mainnet/outputs.tf deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/packages/terraform-modules-public/aws/examples/mainnet/variables.tf b/packages/terraform-modules-public/aws/examples/mainnet/variables.tf deleted file mode 100644 index 4c83e420ca0..00000000000 --- a/packages/terraform-modules-public/aws/examples/mainnet/variables.tf +++ /dev/null @@ -1,249 +0,0 @@ -variable region { - type = string - description = "AWS Region to provision this cluster" - default = "us-west-1" -} - -variable cidr_blocks { - type = object({ - vpc = string - subnet_az1_public = string - subnet_az1_private = string - subnet_az2_public = string - subnet_az2_private = string - allowed_ssh_clients = string - }) - description = "The cidr_blocks for the different subnets in a redundant Celo network" - default = { - vpc = "10.20.0.0/16" - subnet_az1_public = "10.20.0.0/24" - subnet_az1_private = "10.20.1.0/24" - subnet_az2_public = "10.20.10.0/24" - subnet_az2_private = "10.20.11.0/24" - allowed_ssh_clients = "0.0.0.0/0" - } -} - -variable key_pair_name { - type = string - description = "SSH key pair name" -} - -variable celo_image { - type = string - description = "Docker image for Celo nodes" - default = "us.gcr.io/celo-org/celo-node:mainnet" -} - -variable celo_network_id { - type = string - description = "ID of the Celo network to join" - default = "42220" -} - -variable ethstats_host { - type = string - description = "Hostname for ethstats" - default = "stats-server.celo.org" -} - -variable proxies { - description = "Configuration for zero or more proxies in each availability zone." - type = object({ - az1 = map(object({ - validator_name = string - validator_signer_address = string - proxy_address = string - proxy_private_key_filename = string - proxy_private_key_file_contents = string - proxy_private_key_password = string - proxy_node_private_key = string - proxy_enode = string - })) - az2 = map(object({ - validator_name = string - validator_signer_address = string - proxy_address = string - proxy_private_key_filename = string - proxy_private_key_file_contents = string - proxy_private_key_password = string - proxy_node_private_key = string - proxy_enode = string - })) - }) - default = { - az1 = {} - az2 = {} - } - # Here is an example configuration. We recommend putting this into a secret.auto.tfvars file. - # default = { - # az1 = { - # myvalidator_az1_01 = { - # validator_name = "myvalidator_az1_01" - # validator_signer_address = "0000000011111111222222223333333344444444" - # proxy_address = "1234567812345678123456781234567812345678" - # proxy_private_key_filename = "UTC--2020-04-12T06-49-54.736290200Z--1234567812345678123456781234567812345678" # Use the name of the private key file generated when you created your signer address key. This will be in the keystore folder on the node where you created the signer account. - # proxy_private_key_file_contents = "" - # proxy_private_key_password = "" - # proxy_node_private_key = "" - # proxy_enode = "" - # } - # myvalidator_az1_02 = { - # validator_name = "myvalidator_az1_02" - # validator_signer_address = "5555555566666666777777778888888899999999" - # ... - # } - # } - # az2 = { - # myvalidator_az2_01 = { - # validator_name = "myvalidator_az2_01" - # validator_signer_address = "4444444433333333222222221111111100000000" - # ... - # } - # myvalidator_az2_02 = { - # validator_name = "myvalidator_az2_02" - # validator_signer_address = "9999999988888888777777776666666655555555" - # ... - # } - # } - # - # } -} - -variable validators { - description = "Configuration for zero or more validators in each availability zone" - type = object({ - az1 = map(object({ - name = string - signer_address = string - signer_private_key_filename = string - signer_private_key_file_contents = string - signer_private_key_password = string - })) - az2 = map(object({ - name = string - signer_address = string - signer_private_key_filename = string - signer_private_key_file_contents = string - signer_private_key_password = string - })) - }) - default = { - az1 = {} - az2 = {} - } - # Here is an example configuration. We recommend putting this into a secret.auto.tfvars file. - # default = { - # az1 = { - # myvalidator_az1_01 = { - # name = "myvalidator_az1_01" - # signer_address = "0000000011111111222222223333333344444444" - # signer_private_key_filename = "UTC--2020-02-06T06-49-54.736290200Z--0000000011111111222222223333333344444444" # Use the name of the private key file generated when you created your signer address key. This will be in the keystore folder on the node where you created the signer account. - # signer_private_key_file_contents = "" - # signer_private_key_password = "" - # } - # myvalidator_az1_02 = { - # ... - # } - # } - # az2 = { - # myvalidator_az2_01 = { - # ... - # } - # myvalidator_az2_02 = { - # ... - # } - # } - # - # } -} - - -variable celo_image_attestation { - type = string - description = "Docker image for Celo attestation service" - default = "us.gcr.io/celo-testnet/celo-monorepo:attestation-service-1-0-3" -} - -variable twilio_messaging_service_sid { - type = string -} - -variable twilio_verify_service_sid { - type = string -} - -variable twilio_account_sid { - type = string -} - -variable twilio_unsupported_regions { - type = string -} - -variable twilio_auth_token { - type = string -} - -variable nexmo_api_key { - type = string -} - -variable nexmo_api_secret { - type = string -} - -variable nexmo_unsupported_regions { - type = string -} - -variable attestation_services { - description = "Configuration for zero or more attestation nodes in each availability zone" - type = object({ - az1 = map(object({ - validator_name = string - validator_address = string - attestation_signer_address = string - attestation_signer_private_key_filename = string - attestation_signer_private_key_file_contents = string - attestation_signer_private_key_password = string - })) - az2 = map(object({ - validator_name = string - validator_address = string - attestation_signer_address = string - attestation_signer_private_key_filename = string - attestation_signer_private_key_file_contents = string - attestation_signer_private_key_password = string - })) - }) - default = { - az1 = {} - az2 = {} - } - # Here is an example configuration. We recommend putting this into a secret.auto.tfvars file. - # default = { - # az1 = { - # myvalidator_az1_01 = { - # validator_name = "myvalidator_az1_01" - # validator_address = "1234567812345678123456781234567812345678" - # attestation_signer_address = "2323232345454545676767678989898910101010" - # attestation_signer_private_key_filename = "UTC--2020-02-06T06-49-54.736290200Z--2323232345454545676767678989898910101010" # Use the name of the private key file generated when you created your signer address key. This will be in the keystore folder on the node where you created the signer account. - # attestation_signer_private_key_file_contents = "" - # attestation_signer_private_key_password = "" - # } - # myvalidator_az1_02 = { - # ... - # } - # } - # az2 = { - # myvalidator_az2_01 = { - # ... - # } - # myvalidator_az2_02 = { - # ... - # } - # } - # - # } -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/examples/testnet/main.tf b/packages/terraform-modules-public/aws/examples/testnet/main.tf deleted file mode 100644 index 3ebd6d3442a..00000000000 --- a/packages/terraform-modules-public/aws/examples/testnet/main.tf +++ /dev/null @@ -1,41 +0,0 @@ -provider "aws" { - region = var.region -} - -terraform { - required_version = ">= 0.12.0" - # We recommend using remote state for production configs. - # Uncomment and update the config block below to use remote state. - # - # backend "s3" { - # bucket = "mybucket" - # key = "mytfs/celo/terraform.tfstate" - # region = "myregion" - - # dynamodb_table = "mydynamodb_table" - # encrypt = true - # } -} - -module "celo_cluster" { - source = "../../testnet" - - region = var.region - cidr_blocks = var.cidr_blocks - key_pair_name = var.key_pair_name - celo_image = var.celo_image - celo_network_id = var.celo_network_id - celo_image_attestation = var.celo_image_attestation - ethstats_host = var.ethstats_host - twilio_messaging_service_sid = var.twilio_messaging_service_sid - twilio_verify_service_sid = var.twilio_verify_service_sid - twilio_account_sid = var.twilio_account_sid - twilio_unsupported_regions = var.twilio_unsupported_regions - twilio_auth_token = var.twilio_auth_token - nexmo_api_key = var.nexmo_api_key - nexmo_api_secret = var.nexmo_api_secret - nexmo_unsupported_regions = var.nexmo_unsupported_regions - proxies = var.proxies - validators = var.validators - attestation_services = var.attestation_services -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/examples/testnet/outputs.tf b/packages/terraform-modules-public/aws/examples/testnet/outputs.tf deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/packages/terraform-modules-public/aws/examples/testnet/variables.tf b/packages/terraform-modules-public/aws/examples/testnet/variables.tf deleted file mode 100644 index c40a387b605..00000000000 --- a/packages/terraform-modules-public/aws/examples/testnet/variables.tf +++ /dev/null @@ -1,249 +0,0 @@ -variable region { - type = string - description = "AWS Region to provision this cluster" - default = "us-west-1" -} - -variable cidr_blocks { - type = object({ - vpc = string - subnet_az1_public = string - subnet_az1_private = string - subnet_az2_public = string - subnet_az2_private = string - allowed_ssh_clients = string - }) - description = "The cidr_blocks for the different subnets in a redundant Celo network" - default = { - vpc = "10.10.0.0/16" - subnet_az1_public = "10.10.0.0/24" - subnet_az1_private = "10.10.1.0/24" - subnet_az2_public = "10.10.10.0/24" - subnet_az2_private = "10.10.11.0/24" - allowed_ssh_clients = "0.0.0.0/0" - } -} - -variable key_pair_name { - type = string - description = "SSH key pair name" -} - -variable celo_image { - type = string - description = "Docker image for Celo nodes" - default = "us.gcr.io/celo-testnet/celo-node:baklava" -} - -variable celo_network_id { - type = string - description = "ID of the Celo network to join" - default = "62320" -} - -variable ethstats_host { - type = string - description = "Hostname for ethstats" - default = "baklava-celostats-server.celo-testnet.org" -} - -variable proxies { - description = "Configuration for zero or more proxies in each availability zone." - type = object({ - az1 = map(object({ - validator_name = string - validator_signer_address = string - proxy_address = string - proxy_private_key_filename = string - proxy_private_key_file_contents = string - proxy_private_key_password = string - proxy_node_private_key = string - proxy_enode = string - })) - az2 = map(object({ - validator_name = string - validator_signer_address = string - proxy_address = string - proxy_private_key_filename = string - proxy_private_key_file_contents = string - proxy_private_key_password = string - proxy_node_private_key = string - proxy_enode = string - })) - }) - default = { - az1 = {} - az2 = {} - } - # Here is an example configuration. We recommend putting this into a secret.auto.tfvars file. - # default = { - # az1 = { - # myvalidator_az1_01 = { - # validator_name = "myvalidator_az1_01" - # validator_signer_address = "0000000011111111222222223333333344444444" - # proxy_address = "1234567812345678123456781234567812345678" - # proxy_private_key_filename = "UTC--2020-04-12T06-49-54.736290200Z--1234567812345678123456781234567812345678" # Use the name of the private key file generated when you created your signer address key. This will be in the keystore folder on the node where you created the signer account. - # proxy_private_key_file_contents = "" - # proxy_private_key_password = "" - # proxy_node_private_key = "" - # proxy_enode = "" - # } - # myvalidator_az1_02 = { - # validator_name = "myvalidator_az1_02" - # validator_signer_address = "5555555566666666777777778888888899999999" - # ... - # } - # } - # az2 = { - # myvalidator_az2_01 = { - # validator_name = "myvalidator_az2_01" - # validator_signer_address = "4444444433333333222222221111111100000000" - # ... - # } - # myvalidator_az2_02 = { - # validator_name = "myvalidator_az2_02" - # validator_signer_address = "9999999988888888777777776666666655555555" - # ... - # } - # } - # - # } -} - -variable validators { - description = "Configuration for zero or more validators in each availability zone" - type = object({ - az1 = map(object({ - name = string - signer_address = string - signer_private_key_filename = string - signer_private_key_file_contents = string - signer_private_key_password = string - })) - az2 = map(object({ - name = string - signer_address = string - signer_private_key_filename = string - signer_private_key_file_contents = string - signer_private_key_password = string - })) - }) - default = { - az1 = {} - az2 = {} - } - # Here is an example configuration. We recommend putting this into a secret.auto.tfvars file. - # default = { - # az1 = { - # myvalidator_az1_01 = { - # name = "myvalidator_az1_01" - # signer_address = "0000000011111111222222223333333344444444" - # signer_private_key_filename = "UTC--2020-02-06T06-49-54.736290200Z--0000000011111111222222223333333344444444" # Use the name of the private key file generated when you created your signer address key. This will be in the keystore folder on the node where you created the signer account. - # signer_private_key_file_contents = "" - # signer_private_key_password = "" - # } - # myvalidator_az1_02 = { - # ... - # } - # } - # az2 = { - # myvalidator_az2_01 = { - # ... - # } - # myvalidator_az2_02 = { - # ... - # } - # } - # - # } -} - - -variable celo_image_attestation { - type = string - description = "Docker image for Celo attestation service" - default = "us.gcr.io/celo-testnet/celo-monorepo:attestation-service-1-0-3" -} - -variable twilio_messaging_service_sid { - type = string -} - -variable twilio_verify_service_sid { - type = string -} - -variable twilio_account_sid { - type = string -} - -variable twilio_unsupported_regions { - type = string -} - -variable twilio_auth_token { - type = string -} - -variable nexmo_api_key { - type = string -} - -variable nexmo_api_secret { - type = string -} - -variable nexmo_unsupported_regions { - type = string -} - -variable attestation_services { - description = "Configuration for zero or more attestation nodes in each availability zone" - type = object({ - az1 = map(object({ - validator_name = string - validator_address = string - attestation_signer_address = string - attestation_signer_private_key_filename = string - attestation_signer_private_key_file_contents = string - attestation_signer_private_key_password = string - })) - az2 = map(object({ - validator_name = string - validator_address = string - attestation_signer_address = string - attestation_signer_private_key_filename = string - attestation_signer_private_key_file_contents = string - attestation_signer_private_key_password = string - })) - }) - default = { - az1 = {} - az2 = {} - } - # Here is an example configuration. We recommend putting this into a secret.auto.tfvars file. - # default = { - # az1 = { - # myvalidator_az1_01 = { - # validator_name = "myvalidator_az1_01" - # validator_address = "1234567812345678123456781234567812345678" - # attestation_signer_address = "2323232345454545676767678989898910101010" - # attestation_signer_private_key_filename = "UTC--2020-02-06T06-49-54.736290200Z--2323232345454545676767678989898910101010" # Use the name of the private key file generated when you created your signer address key. This will be in the keystore folder on the node where you created the signer account. - # attestation_signer_private_key_file_contents = "" - # attestation_signer_private_key_password = "" - # } - # myvalidator_az1_02 = { - # ... - # } - # } - # az2 = { - # myvalidator_az2_01 = { - # ... - # } - # myvalidator_az2_02 = { - # ... - # } - # } - # - # } -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/testnet/main.tf b/packages/terraform-modules-public/aws/testnet/main.tf deleted file mode 100644 index 1784231e90f..00000000000 --- a/packages/terraform-modules-public/aws/testnet/main.tf +++ /dev/null @@ -1,227 +0,0 @@ -provider "aws" { - region = var.region -} - -module "celo_vpc" { - source = "./modules/vpc" - - name = "celo-vpc" - cidr_blocks = var.cidr_blocks -} - -module "celo_bastion_az1" { - source = "./modules/bastion" - - subnet_id = module.celo_vpc.subnet_ids.az1.public - security_group_id = module.celo_vpc.security_group_ids.bastion - key_pair_name = var.key_pair_name - name = "celo-bastion-az1" - instance_type = var.instance_types.bastion - iam_instance_profile = var.iam_instance_profiles.bastion -} - -module "celo_bastion_az2" { - source = "./modules/bastion" - - subnet_id = module.celo_vpc.subnet_ids.az2.public - security_group_id = module.celo_vpc.security_group_ids.bastion - key_pair_name = var.key_pair_name - name = "celo-bastion-az2" - instance_type = var.instance_types.bastion - iam_instance_profile = var.iam_instance_profiles.bastion -} - -module "celo_proxy_az1" { - source = "./modules/proxy" - - subnet_id = module.celo_vpc.subnet_ids.az1.public - security_group_id = module.celo_vpc.security_group_ids.proxy - key_pair_name = var.key_pair_name - instance_type = var.instance_types.proxy - celo_image = var.celo_image - celo_network_id = var.celo_network_id - ethstats_host = var.ethstats_host - iam_instance_profile = var.iam_instance_profiles.proxy - cloudwatch_log_group_name = var.cloudwatch_log_group_names.proxy - cloudwatch_collect_disk_and_memory_usage = var.cloudwatch_collect_disk_and_memory_usage - - proxies = var.proxies.az1 -} - -module "celo_proxy_az2" { - source = "./modules/proxy" - - subnet_id = module.celo_vpc.subnet_ids.az2.public - security_group_id = module.celo_vpc.security_group_ids.proxy - key_pair_name = var.key_pair_name - instance_type = var.instance_types.proxy - celo_image = var.celo_image - celo_network_id = var.celo_network_id - ethstats_host = var.ethstats_host - iam_instance_profile = var.iam_instance_profiles.proxy - cloudwatch_log_group_name = var.cloudwatch_log_group_names.proxy - cloudwatch_collect_disk_and_memory_usage = var.cloudwatch_collect_disk_and_memory_usage - - proxies = var.proxies.az2 -} - -locals { - validator_proxy_settings = { - az1 = zipmap( - keys(var.proxies.az1), - [for k, v in var.proxies.az1 : { - proxy_enode = var.proxies.az1[k].proxy_enode - proxy_private_ip = lookup(module.celo_proxy_az1.instances, k, { private_ip = "" }).private_ip - proxy_public_ip = lookup(module.celo_proxy_az1.eips, k, { public_ip = "" }).public_ip - } - ] - ) - az2 = zipmap( - keys(var.proxies.az2), - [for k, v in var.proxies.az2 : { - proxy_enode = var.proxies.az2[k].proxy_enode - proxy_private_ip = lookup(module.celo_proxy_az2.instances, k, { private_ip = "" }).private_ip - proxy_public_ip = lookup(module.celo_proxy_az2.eips, k, { public_ip = "" }).public_ip - } - ] - ) - } - validator_params = { - az1 = zipmap( - keys(var.validators.az1), - [for k, v in var.validators.az1 : merge(var.validators.az1[k], lookup(local.validator_proxy_settings.az1, k, {}))] - ) - az2 = zipmap( - keys(var.validators.az2), - [for k, v in var.validators.az2 : merge(var.validators.az2[k], lookup(local.validator_proxy_settings.az2, k, {}))] - ) - } -} - -module "celo_validator_az1" { - source = "./modules/validator" - - subnet_id = module.celo_vpc.subnet_ids.az1.private - security_group_id = module.celo_vpc.security_group_ids.validator - key_pair_name = var.key_pair_name - instance_type = var.instance_types.validator - celo_image = var.celo_image - celo_network_id = var.celo_network_id - ethstats_host = var.ethstats_host - iam_instance_profile = var.iam_instance_profiles.validator - cloudwatch_log_group_name = var.cloudwatch_log_group_names.validator - cloudwatch_collect_disk_and_memory_usage = var.cloudwatch_collect_disk_and_memory_usage - - validators = local.validator_params.az1 -} - -module "celo_validator_az2" { - source = "./modules/validator" - - subnet_id = module.celo_vpc.subnet_ids.az2.private - security_group_id = module.celo_vpc.security_group_ids.validator - key_pair_name = var.key_pair_name - instance_type = var.instance_types.validator - celo_image = var.celo_image - celo_network_id = var.celo_network_id - ethstats_host = var.ethstats_host - iam_instance_profile = var.iam_instance_profiles.validator - cloudwatch_log_group_name = var.cloudwatch_log_group_names.validator - cloudwatch_collect_disk_and_memory_usage = var.cloudwatch_collect_disk_and_memory_usage - - validators = local.validator_params.az2 -} - -resource "random_password" "password" { - length = 50 - special = false - min_lower = 1 - min_upper = 1 - min_numeric = 1 -} - -resource "aws_db_subnet_group" "attestation" { - count = (length(var.attestation_services.az1) > 0 || length(var.attestation_services.az2) > 0) ? 1 : 0 - name = "celo-db-subnet-group" - subnet_ids = [module.celo_vpc.subnet_ids.az1.private, module.celo_vpc.subnet_ids.az2.private] -} - -resource "aws_db_instance" "attestation" { - count = (length(var.attestation_services.az1) > 0 || length(var.attestation_services.az2) > 0) ? 1 : 0 - identifier = "celo-attestation-db" - allocated_storage = 32 - storage_type = "gp2" - engine = "postgres" - engine_version = "9.6" - instance_class = "db.t3.small" - name = "attestation" - username = "attestation" - password = random_password.password.result - multi_az = true - db_subnet_group_name = aws_db_subnet_group.attestation[0].name - vpc_security_group_ids = [module.celo_vpc.security_group_ids.attestation_db] - skip_final_snapshot = true -} - -locals { - attestation_db_url = length(aws_db_instance.attestation) > 0 ? format("postgresql://%s:%s@%s/%s", - aws_db_instance.attestation[0].username, - aws_db_instance.attestation[0].password, - aws_db_instance.attestation[0].endpoint, - aws_db_instance.attestation[0].name - ) : "" -} - -module "celo_attestation_service_az1" { - source = "./modules/attestation-service" - - subnet_id = module.celo_vpc.subnet_ids.az1.public - security_group_id = module.celo_vpc.security_group_ids.attestation_service - key_pair_name = var.key_pair_name - instance_type = var.instance_types.attestation_service - celo_image = var.celo_image - celo_network_id = var.celo_network_id - celo_image_attestation = var.celo_image_attestation - database_url = local.attestation_db_url - twilio_messaging_service_sid = var.twilio_messaging_service_sid - twilio_verify_service_sid = var.twilio_verify_service_sid - twilio_account_sid = var.twilio_account_sid - twilio_unsupported_regions = var.twilio_unsupported_regions - twilio_auth_token = var.twilio_auth_token - nexmo_api_key = var.nexmo_api_key - nexmo_api_secret = var.nexmo_api_secret - nexmo_unsupported_regions = var.nexmo_unsupported_regions - iam_instance_profile = var.iam_instance_profiles.attestation_service - cloudwatch_attestation_node_log_group_name = var.cloudwatch_log_group_names.attestation_node - cloudwatch_attestation_service_log_group_name = var.cloudwatch_log_group_names.attestation_service - cloudwatch_collect_disk_and_memory_usage = var.cloudwatch_collect_disk_and_memory_usage - - attestation_services = var.attestation_services.az1 -} - -module "celo_attestation_service_az2" { - source = "./modules/attestation-service" - - subnet_id = module.celo_vpc.subnet_ids.az2.public - security_group_id = module.celo_vpc.security_group_ids.attestation_service - key_pair_name = var.key_pair_name - instance_type = var.instance_types.attestation_service - celo_image = var.celo_image - celo_network_id = var.celo_network_id - celo_image_attestation = var.celo_image_attestation - database_url = local.attestation_db_url - twilio_messaging_service_sid = var.twilio_messaging_service_sid - twilio_verify_service_sid = var.twilio_verify_service_sid - twilio_account_sid = var.twilio_account_sid - twilio_unsupported_regions = var.twilio_unsupported_regions - twilio_auth_token = var.twilio_auth_token - nexmo_api_key = var.nexmo_api_key - nexmo_api_secret = var.nexmo_api_secret - nexmo_unsupported_regions = var.nexmo_unsupported_regions - iam_instance_profile = var.iam_instance_profiles.attestation_service - cloudwatch_attestation_node_log_group_name = var.cloudwatch_log_group_names.attestation_node - cloudwatch_attestation_service_log_group_name = var.cloudwatch_log_group_names.attestation_service - cloudwatch_collect_disk_and_memory_usage = var.cloudwatch_collect_disk_and_memory_usage - - attestation_services = var.attestation_services.az2 -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/testnet/modules/ami/main.tf b/packages/terraform-modules-public/aws/testnet/modules/ami/main.tf deleted file mode 100644 index 71dd0a5cec0..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/ami/main.tf +++ /dev/null @@ -1,15 +0,0 @@ -data "aws_ami" "ubuntu" { - most_recent = true - - filter { - name = "name" - values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"] - } - - filter { - name = "virtualization-type" - values = ["hvm"] - } - - owners = ["099720109477"] -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/testnet/modules/ami/outputs.tf b/packages/terraform-modules-public/aws/testnet/modules/ami/outputs.tf deleted file mode 100644 index f5635b33910..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/ami/outputs.tf +++ /dev/null @@ -1,5 +0,0 @@ -output ami_ids { - value = { - ubuntu_18_04 = data.aws_ami.ubuntu.id - } -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/testnet/modules/ami/variables.tf b/packages/terraform-modules-public/aws/testnet/modules/ami/variables.tf deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/packages/terraform-modules-public/aws/testnet/modules/attestation-service/main.tf b/packages/terraform-modules-public/aws/testnet/modules/attestation-service/main.tf deleted file mode 100644 index 7d765c1e966..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/attestation-service/main.tf +++ /dev/null @@ -1,68 +0,0 @@ -module "ami" { - source = "../ami" -} - -resource "aws_instance" "attestation_service" { - for_each = var.attestation_services - - ami = module.ami.ami_ids.ubuntu_18_04 - instance_type = var.instance_type - subnet_id = var.subnet_id - vpc_security_group_ids = [var.security_group_id] - key_name = var.key_pair_name - iam_instance_profile = var.iam_instance_profile - - root_block_device { - volume_size = var.volume_size - } - - user_data = join("\n", [ - file("${path.module}/../startup-scripts/install-base.sh"), - var.cloudwatch_collect_disk_and_memory_usage ? file("${path.module}/../startup-scripts/install-cloudwatch-agent.sh") : "", - file("${path.module}/../startup-scripts/install-docker.sh"), - file("${path.module}/../startup-scripts/install-chrony.sh"), - file("${path.module}/../startup-scripts/install-postgres-client.sh"), - templatefile("${path.module}/../startup-scripts/run-attestation-service.sh", { - validator_address = each.value.validator_address - attestation_signer_address = each.value.attestation_signer_address - attestation_signer_private_key_filename = each.value.attestation_signer_private_key_filename - attestation_signer_private_key_file_contents = each.value.attestation_signer_private_key_file_contents - attestation_signer_private_key_password = each.value.attestation_signer_private_key_password - database_url = var.database_url - twilio_messaging_service_sid = var.twilio_messaging_service_sid - twilio_verify_service_sid = var.twilio_verify_service_sid - twilio_account_sid = var.twilio_account_sid - twilio_unsupported_regions = var.twilio_unsupported_regions - twilio_auth_token = var.twilio_auth_token - nexmo_api_key = var.nexmo_api_key - nexmo_api_secret = var.nexmo_api_secret - nexmo_unsupported_regions = var.nexmo_unsupported_regions - celo_image = var.celo_image - celo_network_id = var.celo_network_id - celo_image_attestation = var.celo_image_attestation - cloudwatch_attestation_node_log_group_name = var.cloudwatch_attestation_node_log_group_name - cloudwatch_attestation_node_log_stream_name = "celo_attestation_node_${each.key}" - cloudwatch_attestation_service_log_group_name = var.cloudwatch_attestation_service_log_group_name - cloudwatch_attestation_service_log_stream_name = "celo_attestation_service_${each.key}" - }), - file("${path.module}/../startup-scripts/final-hardening.sh") - ]) - - tags = { - Name = "celo-attestation-service-${each.value.validator_name}" - } - - lifecycle { - ignore_changes = [ - ami, - user_data - ] - } -} - -resource "aws_eip" "attestation_service" { - for_each = var.attestation_services - - instance = aws_instance.attestation_service[each.key].id - vpc = true -} diff --git a/packages/terraform-modules-public/aws/testnet/modules/attestation-service/outputs.tf b/packages/terraform-modules-public/aws/testnet/modules/attestation-service/outputs.tf deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/packages/terraform-modules-public/aws/testnet/modules/attestation-service/variables.tf b/packages/terraform-modules-public/aws/testnet/modules/attestation-service/variables.tf deleted file mode 100644 index 7b01b1badbd..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/attestation-service/variables.tf +++ /dev/null @@ -1,105 +0,0 @@ -variable instance_type { - type = string - description = "AWS instance type for this node" -} - -variable subnet_id { - type = string - description = "Subnet ID to place this proxy. This should be a public subnet from your Celo VPC." -} - -variable security_group_id { - type = string - description = "VPC Security group for this instance" -} - -variable key_pair_name { - type = string - description = "Name of the SSH key pair to access this node from the bastion" -} - -variable volume_size { - type = number - description = "GB size for the EBS volume" - default = 256 -} - -variable celo_network_id { - type = string -} - -variable celo_image { - type = string -} - -variable celo_image_attestation { - type = string -} - -variable database_url { - type = string -} - -variable twilio_messaging_service_sid { - type = string -} - -variable twilio_verify_service_sid { - type = string -} - -variable twilio_account_sid { - type = string -} - -variable twilio_unsupported_regions { - type = string -} - -variable twilio_auth_token { - type = string -} - -variable nexmo_api_key { - type = string -} - -variable nexmo_api_secret { - type = string -} - -variable nexmo_unsupported_regions { - type = string -} - -variable attestation_services { - description = "Configuration for attestation nodes." - type = map(object({ - validator_name = string - validator_address = string - attestation_signer_address = string - attestation_signer_private_key_filename = string - attestation_signer_private_key_file_contents = string - attestation_signer_private_key_password = string - })) -} - -variable iam_instance_profile { - type = string - default = null -} - -variable cloudwatch_attestation_node_log_group_name { - type = string - default = "" -} - -variable cloudwatch_attestation_service_log_group_name { - type = string - default = "" -} - -variable cloudwatch_collect_disk_and_memory_usage { - type = bool - default = false -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/testnet/modules/bastion/main.tf b/packages/terraform-modules-public/aws/testnet/modules/bastion/main.tf deleted file mode 100644 index 9cc26a2ec01..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/bastion/main.tf +++ /dev/null @@ -1,26 +0,0 @@ -module "ami" { - source = "../ami" -} - -resource "aws_instance" "bastion" { - ami = module.ami.ami_ids.ubuntu_18_04 - instance_type = var.instance_type - subnet_id = var.subnet_id - associate_public_ip_address = true - vpc_security_group_ids = [ - var.security_group_id - ] - key_name = var.key_pair_name - iam_instance_profile = var.iam_instance_profile - - user_data = join("\n", [ - file("${path.module}/../startup-scripts/install-base.sh"), - file("${path.module}/../startup-scripts/install-chrony.sh"), - file("${path.module}/../startup-scripts/configure-bastion.sh"), - file("${path.module}/../startup-scripts/final-hardening.sh") - ]) - - tags = { - Name = var.name - } -} diff --git a/packages/terraform-modules-public/aws/testnet/modules/bastion/outputs.tf b/packages/terraform-modules-public/aws/testnet/modules/bastion/outputs.tf deleted file mode 100644 index f5c5027e5c9..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/bastion/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output public_ip { - value = aws_instance.bastion.public_ip -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/testnet/modules/bastion/variables.tf b/packages/terraform-modules-public/aws/testnet/modules/bastion/variables.tf deleted file mode 100644 index 61c14d224c4..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/bastion/variables.tf +++ /dev/null @@ -1,28 +0,0 @@ -variable subnet_id { - type = string - description = "Subnet for the SSH Bastion" -} - -variable security_group_id { - type = string - description = "VPC Security group for this instance" -} - -variable key_pair_name { - type = string - description = "SSH Key Pair name" -} - -variable name { - type = string - description = "Name for this instance" -} - -variable instance_type { - type = string -} - -variable iam_instance_profile { - type = string - default = null -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/testnet/modules/proxy/main.tf b/packages/terraform-modules-public/aws/testnet/modules/proxy/main.tf deleted file mode 100644 index ca450ec3545..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/proxy/main.tf +++ /dev/null @@ -1,58 +0,0 @@ -module "ami" { - source = "../ami" -} - -resource "aws_instance" "celo_proxy" { - for_each = var.proxies - - ami = module.ami.ami_ids.ubuntu_18_04 - instance_type = var.instance_type - subnet_id = var.subnet_id - vpc_security_group_ids = [var.security_group_id] - key_name = var.key_pair_name - iam_instance_profile = var.iam_instance_profile - - root_block_device { - volume_size = var.volume_size - } - - user_data = join("\n", [ - file("${path.module}/../startup-scripts/install-base.sh"), - var.cloudwatch_collect_disk_and_memory_usage ? file("${path.module}/../startup-scripts/install-cloudwatch-agent.sh") : "", - file("${path.module}/../startup-scripts/install-docker.sh"), - file("${path.module}/../startup-scripts/install-chrony.sh"), - templatefile("${path.module}/../startup-scripts/run-proxy-node.sh", { - celo_image = var.celo_image - celo_network_id = var.celo_network_id - ethstats_host = var.ethstats_host - validator_name = each.value.validator_name - validator_signer_address = each.value.validator_signer_address - proxy_address = each.value.proxy_address - proxy_private_key_filename = each.value.proxy_private_key_filename - proxy_private_key_file_contents = each.value.proxy_private_key_file_contents - proxy_private_key_password = each.value.proxy_private_key_password - proxy_node_private_key = each.value.proxy_node_private_key - cloudwatch_log_group_name = var.cloudwatch_log_group_name - cloudwatch_log_stream_name = "celo_proxy_${each.key}" - }), - file("${path.module}/../startup-scripts/final-hardening.sh") - ]) - - tags = { - Name = "celo-proxy-${each.value.validator_name}" - } - - lifecycle { - ignore_changes = [ - ami, - user_data - ] - } -} - -resource "aws_eip" "celo_proxy" { - for_each = var.proxies - - instance = aws_instance.celo_proxy[each.key].id - vpc = true -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/testnet/modules/proxy/outputs.tf b/packages/terraform-modules-public/aws/testnet/modules/proxy/outputs.tf deleted file mode 100644 index a816593b835..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/proxy/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -output instances { - value = aws_instance.celo_proxy -} - -output eips { - value = aws_eip.celo_proxy -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/testnet/modules/proxy/variables.tf b/packages/terraform-modules-public/aws/testnet/modules/proxy/variables.tf deleted file mode 100644 index 29990297b79..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/proxy/variables.tf +++ /dev/null @@ -1,68 +0,0 @@ -variable instance_type { - type = string - description = "AWS instance type for this node" -} - -variable subnet_id { - type = string - description = "Subnet ID to place this proxy. This should be a public subnet from your Celo VPC." -} - -variable security_group_id { - type = string - description = "VPC Security group for this instance" -} - -variable key_pair_name { - type = string - description = "Name of the SSH key pair to access this node from the bastion" -} - -variable volume_size { - type = number - description = "GB size for the EBS volume" - default = 256 -} - -variable celo_image { - type = string - description = "Name of the docker image to run" -} - -variable celo_network_id { - type = string - description = "Celo network ID to join" -} - -variable ethstats_host { - type = string - description = "Hostname for ethstats" -} - -variable proxies { - type = map(object({ - validator_name = string - validator_signer_address = string - proxy_address = string - proxy_private_key_filename = string - proxy_private_key_file_contents = string - proxy_private_key_password = string - proxy_node_private_key = string - })) - description = "Map of proxy configurations." -} - -variable iam_instance_profile { - type = string - default = null -} - -variable cloudwatch_log_group_name { - type = string - default = "" -} - -variable cloudwatch_collect_disk_and_memory_usage { - type = bool - default = false -} diff --git a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/configure-bastion.sh b/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/configure-bastion.sh deleted file mode 100644 index ba6dd2606a9..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/configure-bastion.sh +++ /dev/null @@ -1,6 +0,0 @@ -#! /bin/bash - -SSH_CONFIG=/etc/ssh/sshd_config - -sed -i 's/^AllowAgentForwarding no/AllowAgentForwarding yes/' $SSH_CONFIG -systemctl restart ssh diff --git a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/final-hardening.sh b/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/final-hardening.sh deleted file mode 100644 index b48888f5ea4..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/final-hardening.sh +++ /dev/null @@ -1,60 +0,0 @@ -# Enable autologout -cat < /etc/profile.d/autologout.sh -TMOUT=300 -readonly TMOUT -export TMOUT -EOF -chmod +x /etc/profile.d/autologout.sh - -# Limit proc mount -mount -o remount,rw,hidepid=2 /proc - -# Harden login.defs -sed -i 's/^UMASK\t*022/UMASK\t\t027/' /etc/login.defs -sed -i 's/^PASS_MAX_DAYS\t*[0-9]*/PASS_MAX_DAYS\t90/' /etc/login.defs -sed -i 's/^PASS_MIN_DAYS\t*[0-9]*/PASS_MIN_DAYS\t1/' /etc/login.defs - -# Disable core dumps -echo "* hard core 0" >> /etc/security/limits.d/core.conf -echo "ulimit -c 0 > /dev/null 2>&1" >> /etc/profile.d/disablecoredumps.sh -chmod +x /etc/profile.d/disablecoredumps.sh -cat < /etc/systemd/coredump.conf -[Coredump] - -Storage=none -ProcessSizeMax=0 -EOF -systemctl daemon-reload - -# sysctl Hardening -echo "net.ipv4.conf.default.log_martians=1" >> /etc/sysctl.conf -echo "net.ipv4.conf.default.accept_source_route=0" >> /etc/sysctl.conf -echo "net.ipv4.conf.all.send_redirects=0" >> /etc/sysctl.conf -echo "net.ipv4.conf.all.log_martians=1" >> /etc/sysctl.conf -echo "kernel.sysrq=0" >> /etc/sysctl.conf -echo "kernel.kptr_restrict=2" >> /etc/sysctl.conf -echo "kernel.dmesg_restrict=1" >> /etc/sysctl.conf -echo "kernel.core_uses_pid=1" >> /etc/sysctl.conf -echo "fs.suid_dumpable=0" >> /etc/sysctl.conf -echo "net.ipv6.conf.default.accept_redirects=0" >> /etc/sysctl.conf -echo "net.ipv6.conf.all.accept_redirects=0" >> /etc/sysctl.conf -echo "net.ipv4.conf.default.accept_redirects=0" >> /etc/sysctl.conf -echo "net.ipv4.conf.all.accept_redirects=0" >> /etc/sysctl.conf - -sysctl --system - -# Upgrade packages -apt update -unattended-upgrade -d -apt upgrade -y - -# Harden file permissions -chmod 600 /boot/grub/grub.cfg -chmod 600 /etc/at.deny -chmod 600 /etc/crontab -chmod 600 /etc/ssh/sshd_config -chmod 700 /etc/cron.d -chmod 700 /etc/cron.daily -chmod 700 /etc/cron.hourly -chmod 700 /etc/cron.weekly -chmod 700 /etc/cron.monthly \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/install-base.sh b/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/install-base.sh deleted file mode 100644 index fe470df9679..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/install-base.sh +++ /dev/null @@ -1,24 +0,0 @@ -#! /bin/bash - -apt-get update -apt-get --assume-yes install \ - python \ - apt-show-versions \ - libpam-cracklib \ - fail2ban \ - unzip - -SSH_CONFIG=/etc/ssh/sshd_config - -sed -i 's/^#AllowAgentForwarding yes/AllowAgentForwarding no/' $SSH_CONFIG -sed -i 's/^#AllowTcpForwarding yes/AllowTcpForwarding no/' $SSH_CONFIG -sed -i '/UsePAM yes/a AllowUsers ubuntu' $SSH_CONFIG -sed -i 's/^#ClientAliveCountMax [0-9]*/ClientAliveCountMax 2/' $SSH_CONFIG -sed -i 's/^#Compression [a-zA-Z]*/Compression no/' $SSH_CONFIG -sed -i 's/^#TCPKeepAlive [a-zA-Z]*/TCPKeepAlive no/' $SSH_CONFIG -sed -i 's/^X11Forwarding yes/X11Forwarding no/' $SSH_CONFIG -sed -i 's/^#MaxSessions [0-9]*/MaxSessions 2/' $SSH_CONFIG -sed -i 's/^#MaxAuthTries [0-9]*/MaxAuthTries 3/' $SSH_CONFIG -sed -i 's/^#LogLevel [a-zA-Z]*/LogLevel VERBOSE/' $SSH_CONFIG - -systemctl restart ssh diff --git a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/install-chrony.sh b/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/install-chrony.sh deleted file mode 100644 index d042a4124f8..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/install-chrony.sh +++ /dev/null @@ -1,11 +0,0 @@ -#! /bin/bash -apt-get update -apt-get --assume-yes remove ntp* -apt-get --assume-yes install chrony - -# This configures chrony on the instance to use the Amazon Time Sync Service -# See https://aws.amazon.com/blogs/aws/keeping-time-with-amazon-time-sync-service/ for more details - -mv /etc/chrony/chrony.conf /etc/chrony/chrony.conf.old -sed '/^pool ntp\.ubuntu\.com*/i server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4' /etc/chrony/chrony.conf.old > /etc/chrony/chrony.conf -/etc/init.d/chrony restart diff --git a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/install-cloudwatch-agent.sh b/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/install-cloudwatch-agent.sh deleted file mode 100644 index 1c9251f9aad..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/install-cloudwatch-agent.sh +++ /dev/null @@ -1,45 +0,0 @@ -#! /bin/bash - -CLOUDWATCH_FOLDER=/tmp/cloudwatch_agent_install -CLOUDWATCH_CONFIG_FILE=/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json -mkdir $CLOUDWATCH_FOLDER -cd $CLOUDWATCH_FOLDER - -wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb -dpkg -i -E ./amazon-cloudwatch-agent.deb - -cat < $CLOUDWATCH_CONFIG_FILE -{ - "agent": { - "metrics_collection_interval": 60, - "run_as_user": "root" - }, - "metrics": { - "append_dimensions": { - "AutoScalingGroupName": "\${aws:AutoScalingGroupName}", - "ImageId": "\${aws:ImageId}", - "InstanceId": "\${aws:InstanceId}", - "InstanceType": "\${aws:InstanceType}" - }, - "metrics_collected": { - "disk": { - "measurement": [ - "used_percent" - ], - "metrics_collection_interval": 60, - "resources": [ - "*" - ] - }, - "mem": { - "measurement": [ - "mem_used_percent" - ], - "metrics_collection_interval": 60 - } - } - } -} -EOF - -/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:$CLOUDWATCH_CONFIG_FILE -s diff --git a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/install-docker.sh b/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/install-docker.sh deleted file mode 100644 index 8901161c49c..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/install-docker.sh +++ /dev/null @@ -1,17 +0,0 @@ -#! /bin/bash - -apt-get update -apt-get --assume-yes install \ - apt-transport-https \ - ca-certificates \ - curl \ - gnupg-agent \ - software-properties-common -curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - -add-apt-repository \ - "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ - $(lsb_release -cs) \ - stable" - -apt-get update -apt-get --assume-yes install docker-ce docker-ce-cli containerd.io \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/install-postgres-client.sh b/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/install-postgres-client.sh deleted file mode 100644 index 8078d642db8..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/install-postgres-client.sh +++ /dev/null @@ -1,3 +0,0 @@ -#! /bin/bash -apt-get update -apt-get --assume-yes install postgresql-client-common postgresql-client diff --git a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/run-attestation-service.sh b/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/run-attestation-service.sh deleted file mode 100644 index b3a56b162e4..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/run-attestation-service.sh +++ /dev/null @@ -1,68 +0,0 @@ -#! /bin/bash - -export CELO_IMAGE=${celo_image} -export NETWORK_ID=${celo_network_id} -export CELO_VALIDATOR_ADDRESS=${validator_address} -NODE_DIRECTORY=/home/ubuntu/celo-attestations-node - -mkdir $NODE_DIRECTORY -cd $NODE_DIRECTORY - -docker run -v $PWD:/root/.celo --rm $CELO_IMAGE init /celo/genesis.json -export BOOTNODE_ENODES="$(docker run --rm --entrypoint cat $CELO_IMAGE /celo/bootnodes)" - -export CELO_ATTESTATION_SIGNER_ADDRESS=${attestation_signer_address} -echo -n '${attestation_signer_private_key_password}' > .password -echo -n '${attestation_signer_private_key_file_contents}' > keystore/${attestation_signer_private_key_filename} - -ATTESTATION_NODE_CLOUDWATCH_LOG_GROUP_NAME=${cloudwatch_attestation_node_log_group_name} -ATTESTATION_NODE_CLOUDWATCH_LOG_STREAM_NAME=${cloudwatch_attestation_node_log_stream_name} - -if [[ -z $ATTESTATION_NODE_CLOUDWATCH_LOG_GROUP_NAME || -z $ATTESTATION_NODE_CLOUDWATCH_LOG_STREAM_NAME ]]; then - DOCKER_LOGGING_PARAMS='' -else - DOCKER_LOGGING_PARAMS="--log-driver=awslogs --log-opt awslogs-group=$ATTESTATION_NODE_CLOUDWATCH_LOG_GROUP_NAME --log-opt awslogs-stream=$ATTESTATION_NODE_CLOUDWATCH_LOG_STREAM_NAME" -fi - -docker run -d --name celo-attestations $DOCKER_LOGGING_PARAMS --restart always -p 127.0.0.1:8545:8545 -v $PWD:/root/.celo $CELO_IMAGE --verbosity 3 --networkid $NETWORK_ID --syncmode full --nousb --rpc --rpcaddr 0.0.0.0 --rpcapi eth,net,web3,debug,admin --unlock $CELO_ATTESTATION_SIGNER_ADDRESS --password /root/.celo/.password --bootnodes $BOOTNODE_ENODES --allow-insecure-unlock - -export CELO_IMAGE_ATTESTATION=${celo_image_attestation} -export CONFIG_FILE_PATH=.attestationconfig - -echo 'DATABASE_URL=${database_url}' >> $CONFIG_FILE_PATH -echo 'CELO_PROVIDER=http://localhost:8545' >> $CONFIG_FILE_PATH -echo 'CELO_VALIDATOR_ADDRESS=${validator_address}' >> $CONFIG_FILE_PATH -echo 'ATTESTATION_SIGNER_ADDRESS=${attestation_signer_address}' >> $CONFIG_FILE_PATH - -echo 'SMS_PROVIDERS=twilio,nexmo' >> $CONFIG_FILE_PATH - -echo 'PORT=80' >> $CONFIG_FILE_PATH - -echo 'NEXMO_KEY=${nexmo_api_key}' >> $CONFIG_FILE_PATH -echo 'NEXMO_SECRET=${nexmo_api_secret}' >> $CONFIG_FILE_PATH -echo 'NEXMO_ACCOUNT_BALANCE_METRIC=0' >> $CONFIG_FILE_PATH -echo 'NEXMO_UNSUPPORTED_REGIONS=${nexmo_unsupported_regions}' >> $CONFIG_FILE_PATH - -echo 'TWILIO_ACCOUNT_SID=${twilio_account_sid}' >> $CONFIG_FILE_PATH -echo 'TWILIO_MESSAGING_SERVICE_SID=${twilio_messaging_service_sid}' >> $CONFIG_FILE_PATH -echo 'TWILIO_VERIFY_SERVICE_SID=${twilio_verify_service_sid}' >> $CONFIG_FILE_PATH -echo 'TWILIO_AUTH_TOKEN=${twilio_auth_token}' >> $CONFIG_FILE_PATH -echo 'TWILIO_UNSUPPORTED_REGIONS=${twilio_unsupported_regions}' >> $CONFIG_FILE_PATH - -echo 'MAX_DELIVERY_ATTEMPTS=2' >> $CONFIG_FILE_PATH -echo 'VERIFY_CONFIG_ON_STARTUP=1' >> $CONFIG_FILE_PATH - -echo 'LOG_FORMAT=json' >> $CONFIG_FILE_PATH -echo 'LOG_LEVEL=info' >> $CONFIG_FILE_PATH - - -ATTESTATION_SERVICE_CLOUDWATCH_LOG_GROUP_NAME=${cloudwatch_attestation_service_log_group_name} -ATTESTATION_SERVICE_CLOUDWATCH_LOG_STREAM_NAME=${cloudwatch_attestation_service_log_stream_name} - -if [[ -z $ATTESTATION_SERVICE_CLOUDWATCH_LOG_GROUP_NAME || -z $ATTESTATION_SERVICE_CLOUDWATCH_LOG_STREAM_NAME ]]; then - DOCKER_LOGGING_PARAMS='' -else - DOCKER_LOGGING_PARAMS="--log-driver=awslogs --log-opt awslogs-group=$ATTESTATION_SERVICE_CLOUDWATCH_LOG_GROUP_NAME --log-opt awslogs-stream=$ATTESTATION_SERVICE_CLOUDWATCH_LOG_STREAM_NAME" -fi - -docker run -d --name celo-attestation-service $DOCKER_LOGGING_PARAMS --restart always --entrypoint /bin/bash --network host --env-file $CONFIG_FILE_PATH -p 80:80 $CELO_IMAGE_ATTESTATION -c " cd /celo-monorepo/packages/attestation-service && yarn run db:migrate && yarn start " diff --git a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/run-proxy-node.sh b/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/run-proxy-node.sh deleted file mode 100644 index 75c4f5eddc2..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/run-proxy-node.sh +++ /dev/null @@ -1,27 +0,0 @@ -#! /bin/bash -CELO_IMAGE=${celo_image} -NETWORK_ID=${celo_network_id} -CELO_VALIDATOR_SIGNER_ADDRESS=${validator_signer_address} - -NODE_DIRECTORY=/home/ubuntu/celo-proxy-node - -mkdir $NODE_DIRECTORY -cd $NODE_DIRECTORY -docker run -v $PWD:/root/.celo --rm $CELO_IMAGE init /celo/genesis.json - -BOOTNODE_ENODES="$(docker run --rm --entrypoint cat $CELO_IMAGE /celo/bootnodes)" -PROXY_ADDRESS=${proxy_address} -echo -n '${proxy_private_key_password}' > .password -echo -n '${proxy_private_key_file_contents}' > keystore/${proxy_private_key_filename} -echo -n '${proxy_node_private_key}' > .nodeprivatekey - -CLOUDWATCH_LOG_GROUP_NAME=${cloudwatch_log_group_name} -CLOUDWATCH_LOG_STREAM_NAME=${cloudwatch_log_stream_name} - -if [[ -z $CLOUDWATCH_LOG_GROUP_NAME || -z $CLOUDWATCH_LOG_STREAM_NAME ]]; then - DOCKER_LOGGING_PARAMS='' -else - DOCKER_LOGGING_PARAMS="--log-driver=awslogs --log-opt awslogs-group=$CLOUDWATCH_LOG_GROUP_NAME --log-opt awslogs-stream=$CLOUDWATCH_LOG_STREAM_NAME" -fi - -docker run -d --name celo-proxy $DOCKER_LOGGING_PARAMS --restart unless-stopped -p 30303:30303 -p 30303:30303/udp -p 30503:30503 -p 30503:30503/udp -v $PWD:/root/.celo $CELO_IMAGE --verbosity 3 --networkid $NETWORK_ID --nousb --syncmode full --proxy.proxy --proxy.proxiedvalidatoraddress $CELO_VALIDATOR_SIGNER_ADDRESS --proxy.internalendpoint :30503 --etherbase $PROXY_ADDRESS --unlock $PROXY_ADDRESS --password /root/.celo/.password --allow-insecure-unlock --bootnodes $BOOTNODE_ENODES --ethstats=${validator_name}@${ethstats_host} --nodekey /root/.celo/.nodeprivatekey diff --git a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/run-validator-node.sh b/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/run-validator-node.sh deleted file mode 100644 index 254abc03fb7..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/startup-scripts/run-validator-node.sh +++ /dev/null @@ -1,29 +0,0 @@ -# !/bin/bash -CELO_IMAGE=${celo_image} -NETWORK_ID=${celo_network_id} - -NODE_DIRECTORY=/home/ubuntu/celo-validator-node - -mkdir $NODE_DIRECTORY -cd $NODE_DIRECTORY -CELO_VALIDATOR_SIGNER_ADDRESS=${validator_signer_address} - -PROXY_ENODE=${proxy_enode} -PROXY_INTERNAL_IP=${proxy_internal_ip} -PROXY_EXTERNAL_IP=${proxy_external_ip} - -echo -n '${validator_signer_private_key_password}' > .password -docker run -v $PWD:/root/.celo --rm $CELO_IMAGE init /celo/genesis.json -echo -n '${validator_signer_private_key_file_contents}' > keystore/${validator_signer_private_key_filename} - -CLOUDWATCH_LOG_GROUP_NAME=${cloudwatch_log_group_name} -CLOUDWATCH_LOG_STREAM_NAME=${cloudwatch_log_stream_name} - -if [[ -z $CLOUDWATCH_LOG_GROUP_NAME || -z $CLOUDWATCH_LOG_STREAM_NAME ]]; then - DOCKER_LOGGING_PARAMS='' -else - DOCKER_LOGGING_PARAMS="--log-driver=awslogs --log-opt awslogs-group=$CLOUDWATCH_LOG_GROUP_NAME --log-opt awslogs-stream=$CLOUDWATCH_LOG_STREAM_NAME" -fi - -docker run -d --name celo-validator $DOCKER_LOGGING_PARAMS --restart unless-stopped -p 30303:30303 -p 30303:30303/udp -v $PWD:/root/.celo $CELO_IMAGE --verbosity 3 --networkid $NETWORK_ID --syncmode full --mine --etherbase $CELO_VALIDATOR_SIGNER_ADDRESS --nodiscover --nousb --proxy.proxied --proxy.proxyenodeurlpair=enode://$PROXY_ENODE@$PROXY_INTERNAL_IP:30503\;enode://$PROXY_ENODE@$PROXY_EXTERNAL_IP:30303 --unlock=$CELO_VALIDATOR_SIGNER_ADDRESS --password /root/.celo/.password --ethstats=${validator_name}@${ethstats_host} - diff --git a/packages/terraform-modules-public/aws/testnet/modules/validator/main.tf b/packages/terraform-modules-public/aws/testnet/modules/validator/main.tf deleted file mode 100644 index c73d036bca8..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/validator/main.tf +++ /dev/null @@ -1,52 +0,0 @@ -module "ami" { - source = "../ami" -} - -resource "aws_instance" "celo_validator" { - for_each = var.validators - - ami = module.ami.ami_ids.ubuntu_18_04 - instance_type = var.instance_type - subnet_id = var.subnet_id - vpc_security_group_ids = [var.security_group_id] - key_name = var.key_pair_name - iam_instance_profile = var.iam_instance_profile - - root_block_device { - volume_size = var.volume_size - } - - user_data = join("\n", [ - file("${path.module}/../startup-scripts/install-base.sh"), - var.cloudwatch_collect_disk_and_memory_usage ? file("${path.module}/../startup-scripts/install-cloudwatch-agent.sh") : "", - file("${path.module}/../startup-scripts/install-docker.sh"), - file("${path.module}/../startup-scripts/install-chrony.sh"), - templatefile("${path.module}/../startup-scripts/run-validator-node.sh", { - celo_image = var.celo_image - celo_network_id = var.celo_network_id - ethstats_host = var.ethstats_host - validator_signer_address = each.value.signer_address - validator_signer_private_key_file_contents = each.value.signer_private_key_file_contents - validator_signer_private_key_filename = each.value.signer_private_key_filename - validator_signer_private_key_password = each.value.signer_private_key_password - validator_name = each.value.name - proxy_enode = each.value.proxy_enode - proxy_internal_ip = each.value.proxy_private_ip - proxy_external_ip = each.value.proxy_public_ip - cloudwatch_log_group_name = var.cloudwatch_log_group_name - cloudwatch_log_stream_name = "celo_validator_${each.key}" - }), - file("${path.module}/../startup-scripts/final-hardening.sh") - ]) - - tags = { - Name = "celo-validator-${each.value.name}" - } - - lifecycle { - ignore_changes = [ - ami, - user_data - ] - } -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/testnet/modules/validator/outputs.tf b/packages/terraform-modules-public/aws/testnet/modules/validator/outputs.tf deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/packages/terraform-modules-public/aws/testnet/modules/validator/variables.tf b/packages/terraform-modules-public/aws/testnet/modules/validator/variables.tf deleted file mode 100644 index 7ba84c14e78..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/validator/variables.tf +++ /dev/null @@ -1,69 +0,0 @@ -variable instance_type { - type = string - description = "AWS instance type for this node" -} - -variable subnet_id { - type = string - description = "Subnet ID to place this proxy. This should be a public subnet from your Celo VPC." -} - -variable security_group_id { - type = string - description = "VPC Security group for this instance" -} - -variable key_pair_name { - type = string - description = "Name of the SSH key pair to access this node from the bastion" -} - -variable volume_size { - type = number - description = "GB size for the EBS volume" - default = 256 -} - -variable celo_image { - type = string - description = "Name of the docker image to run" -} - -variable celo_network_id { - type = string - description = "Celo network ID to join" -} - -variable ethstats_host { - type = string - description = "Hostname for ethstats" -} - -variable validators { - description = "Map of validator configurations" - type = map(object({ - name = string - signer_address = string - signer_private_key_file_contents = string - signer_private_key_password = string - signer_private_key_filename = string - proxy_enode = string - proxy_private_ip = string - proxy_public_ip = string - })) -} - -variable iam_instance_profile { - type = string - default = null -} - -variable cloudwatch_log_group_name { - type = string - default = "" -} - -variable cloudwatch_collect_disk_and_memory_usage { - type = bool - default = false -} diff --git a/packages/terraform-modules-public/aws/testnet/modules/vpc/main.tf b/packages/terraform-modules-public/aws/testnet/modules/vpc/main.tf deleted file mode 100644 index f9882e96517..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/vpc/main.tf +++ /dev/null @@ -1,246 +0,0 @@ -resource "aws_vpc" "celo" { - cidr_block = var.cidr_blocks.vpc - - tags = { - Name = var.name - } -} - -resource "aws_default_security_group" "default" { - vpc_id = aws_vpc.celo.id - - ingress { - protocol = -1 - self = true - from_port = 0 - to_port = 0 - } -} - -resource "aws_internet_gateway" "igw" { - vpc_id = aws_vpc.celo.id - - tags = { - Name = "celo-internet-gateway" - } -} - -data "aws_availability_zones" "available" { - state = "available" -} - - -module "celo_public_subnet_az1" { - source = "./modules/subnet-public" - - vpc_id = aws_vpc.celo.id - cidr_block = var.cidr_blocks.subnet_az1_public - internet_gateway_id = aws_internet_gateway.igw.id - availability_zone_id = data.aws_availability_zones.available.zone_ids[0] - allowed_ssh_clients_cidr_block = var.cidr_blocks.allowed_ssh_clients -} - -module "celo_private_subnet_az1" { - source = "./modules/subnet-private" - - vpc_id = aws_vpc.celo.id - cidr_block = var.cidr_blocks.subnet_az1_private - availability_zone_id = data.aws_availability_zones.available.zone_ids[0] - nat_gateway_id = module.celo_public_subnet_az1.nat_gateway_id - vpc_cidr_block = aws_vpc.celo.cidr_block -} - -module "celo_public_subnet_az2" { - source = "./modules/subnet-public" - - vpc_id = aws_vpc.celo.id - cidr_block = var.cidr_blocks.subnet_az2_public - internet_gateway_id = aws_internet_gateway.igw.id - availability_zone_id = data.aws_availability_zones.available.zone_ids[1] - allowed_ssh_clients_cidr_block = var.cidr_blocks.allowed_ssh_clients -} - -module "celo_private_subnet_az2" { - source = "./modules/subnet-private" - - vpc_id = aws_vpc.celo.id - cidr_block = var.cidr_blocks.subnet_az2_private - availability_zone_id = data.aws_availability_zones.available.zone_ids[1] - nat_gateway_id = module.celo_public_subnet_az2.nat_gateway_id - vpc_cidr_block = aws_vpc.celo.cidr_block -} - -resource "aws_security_group" "attestation_service" { - name = "celo-attestation-service" - vpc_id = aws_vpc.celo.id - - ingress { - from_port = 22 - to_port = 22 - protocol = "tcp" - security_groups = [aws_security_group.bastion.id] - } - - ingress { - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - from_port = 0 - to_port = 0 - protocol = -1 - cidr_blocks = ["0.0.0.0/0"] - } -} - -resource "aws_security_group" "attestation_db" { - name = "celo-attestation-db" - vpc_id = aws_vpc.celo.id - - ingress { - from_port = 5432 - to_port = 5432 - protocol = "tcp" - security_groups = [aws_security_group.attestation_service.id] - } -} - -resource "aws_security_group" "bastion" { - name = "celo-bastion" - vpc_id = aws_vpc.celo.id - - ingress { - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = [var.cidr_blocks.allowed_ssh_clients] - } - - egress { - from_port = 0 - to_port = 0 - protocol = -1 - cidr_blocks = ["0.0.0.0/0"] - } -} - -resource "aws_security_group" "full_node" { - name = "celo-full-node" - vpc_id = aws_vpc.celo.id - - ingress { - from_port = 22 - to_port = 22 - protocol = "tcp" - security_groups = [aws_security_group.bastion.id] - } - - ingress { - from_port = 30303 - to_port = 30303 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - ingress { - from_port = 30303 - to_port = 30303 - protocol = "udp" - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - from_port = 0 - to_port = 0 - protocol = -1 - cidr_blocks = ["0.0.0.0/0"] - } -} - -resource "aws_security_group" "proxy" { - name = "celo-proxy" - vpc_id = aws_vpc.celo.id -} - -resource "aws_security_group" "validator" { - name = "celo-validator" - vpc_id = aws_vpc.celo.id -} - -resource "aws_security_group_rule" "validator_allow_private_ssh" { - type = "ingress" - from_port = 22 - to_port = 22 - protocol = "tcp" - security_group_id = aws_security_group.validator.id - source_security_group_id = aws_security_group.bastion.id -} - -resource "aws_security_group_rule" "validator_allow_proxy_inbound" { - type = "ingress" - from_port = 30303 - to_port = 30303 - protocol = "tcp" - security_group_id = aws_security_group.validator.id - source_security_group_id = aws_security_group.proxy.id -} - -resource "aws_security_group_rule" "validator_allow_all_outbound" { - type = "egress" - from_port = 0 - to_port = 0 - protocol = -1 - security_group_id = aws_security_group.validator.id - cidr_blocks = ["0.0.0.0/0"] -} - -resource "aws_security_group_rule" "proxy_allow_internal_ssh" { - type = "ingress" - from_port = 22 - to_port = 22 - protocol = "tcp" - security_group_id = aws_security_group.proxy.id - source_security_group_id = aws_security_group.bastion.id -} - -resource "aws_security_group_rule" "proxy_allow_external_tcp_inbound" { - type = "ingress" - from_port = 30303 - to_port = 30303 - protocol = "tcp" - security_group_id = aws_security_group.proxy.id - cidr_blocks = ["0.0.0.0/0"] -} - -resource "aws_security_group_rule" "proxy_allow_external_udp_inbound" { - type = "ingress" - from_port = 30303 - to_port = 30303 - protocol = "udp" - security_group_id = aws_security_group.proxy.id - cidr_blocks = ["0.0.0.0/0"] -} - -resource "aws_security_group_rule" "proxy_allow_validator_inbound" { - type = "ingress" - from_port = 30503 - to_port = 30503 - protocol = "tcp" - security_group_id = aws_security_group.proxy.id - source_security_group_id = aws_security_group.validator.id -} - -resource "aws_security_group_rule" "proxy_allow_all_outbound" { - type = "egress" - from_port = 0 - to_port = 0 - protocol = -1 - security_group_id = aws_security_group.proxy.id - cidr_blocks = ["0.0.0.0/0"] -} - - - diff --git a/packages/terraform-modules-public/aws/testnet/modules/vpc/modules/subnet-private/main.tf b/packages/terraform-modules-public/aws/testnet/modules/vpc/modules/subnet-private/main.tf deleted file mode 100644 index d7adaf39ac9..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/vpc/modules/subnet-private/main.tf +++ /dev/null @@ -1,82 +0,0 @@ -resource "aws_subnet" "private" { - vpc_id = var.vpc_id - cidr_block = var.cidr_block - availability_zone_id = var.availability_zone_id - - tags = { - Name = "celo-private-${var.availability_zone_id}" - } -} - -resource "aws_route_table" "private" { - vpc_id = var.vpc_id - - route { - cidr_block = "0.0.0.0/0" - nat_gateway_id = var.nat_gateway_id - } - - tags = { - Name = "celo-private-route-table-${var.availability_zone_id}" - } -} - -resource "aws_route_table_association" "private" { - subnet_id = aws_subnet.private.id - route_table_id = aws_route_table.private.id -} - -resource "aws_network_acl" "private" { - vpc_id = var.vpc_id - subnet_ids = [aws_subnet.private.id] - - tags = { - Name = "celo-private-acl-${var.availability_zone_id}" - } - - ingress { - rule_no = 100 - protocol = "tcp" - from_port = 22 - to_port = 22 - cidr_block = var.vpc_cidr_block - action = "allow" - } - - ingress { - rule_no = 110 - protocol = "tcp" - from_port = 5432 - to_port = 5432 - cidr_block = var.vpc_cidr_block - action = "allow" - } - - ingress { - rule_no = 130 - protocol = "tcp" - from_port = 30303 - to_port = 30303 - cidr_block = var.vpc_cidr_block - action = "allow" - } - - ingress { - rule_no = 140 - protocol = "tcp" - from_port = 1024 - to_port = 65535 - cidr_block = "0.0.0.0/0" - action = "allow" - } - - egress { - rule_no = 100 - protocol = -1 - from_port = 0 - to_port = 0 - cidr_block = "0.0.0.0/0" - action = "allow" - } -} - diff --git a/packages/terraform-modules-public/aws/testnet/modules/vpc/modules/subnet-private/outputs.tf b/packages/terraform-modules-public/aws/testnet/modules/vpc/modules/subnet-private/outputs.tf deleted file mode 100644 index 4ebd1cc6577..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/vpc/modules/subnet-private/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output id { - value = aws_subnet.private.id -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/testnet/modules/vpc/modules/subnet-private/variables.tf b/packages/terraform-modules-public/aws/testnet/modules/vpc/modules/subnet-private/variables.tf deleted file mode 100644 index f1b14ac8a69..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/vpc/modules/subnet-private/variables.tf +++ /dev/null @@ -1,24 +0,0 @@ -variable vpc_id { - type = string - description = "VPC ID this subnet will belong to" -} - -variable cidr_block { - type = string - description = "CIDR block for this subnet" -} - -variable availability_zone_id { - type = string - description = "Availability zone for this subnet" -} - -variable nat_gateway_id { - type = string - description = "NAT Gateway so this subnet can reach the internet" -} - -variable vpc_cidr_block { - type = string - description = "CIDR block for the VPC this subnet belongs to" -} diff --git a/packages/terraform-modules-public/aws/testnet/modules/vpc/modules/subnet-public/main.tf b/packages/terraform-modules-public/aws/testnet/modules/vpc/modules/subnet-public/main.tf deleted file mode 100644 index 5502f75d979..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/vpc/modules/subnet-public/main.tf +++ /dev/null @@ -1,118 +0,0 @@ -resource "aws_subnet" "public" { - vpc_id = var.vpc_id - cidr_block = var.cidr_block - availability_zone_id = var.availability_zone_id - - tags = { - Name = "celo-public-${var.availability_zone_id}" - } -} - -resource "aws_eip" "nat" { - vpc = true - - tags = { - Name = "celo-nat-eip" - } -} - -resource "aws_nat_gateway" "nat" { - allocation_id = aws_eip.nat.id - subnet_id = aws_subnet.public.id - - tags = { - Name = "celo-nat-gateway-${var.availability_zone_id}" - } -} - -resource "aws_route_table" "public" { - vpc_id = var.vpc_id - - route { - cidr_block = "0.0.0.0/0" - gateway_id = var.internet_gateway_id - } - - tags = { - Name = "celo-public-route-table-${var.availability_zone_id}" - } -} - -resource "aws_route_table_association" "public" { - subnet_id = aws_subnet.public.id - route_table_id = aws_route_table.public.id -} - - -resource "aws_network_acl" "public" { - vpc_id = var.vpc_id - subnet_ids = [aws_subnet.public.id] - - tags = { - Name = "celo-public-acl-${var.availability_zone_id}" - } - - ingress { - rule_no = 100 - protocol = "tcp" - from_port = 22 - to_port = 22 - cidr_block = var.allowed_ssh_clients_cidr_block - action = "allow" - } - - ingress { - rule_no = 110 - protocol = "tcp" - from_port = 80 - to_port = 80 - cidr_block = "0.0.0.0/0" - action = "allow" - } - - ingress { - rule_no = 120 - protocol = "tcp" - from_port = 443 - to_port = 443 - cidr_block = "0.0.0.0/0" - action = "allow" - } - - ingress { - rule_no = 130 - protocol = "tcp" - from_port = 30303 - to_port = 30303 - cidr_block = "0.0.0.0/0" - action = "allow" - } - - ingress { - rule_no = 131 - protocol = "udp" - from_port = 30303 - to_port = 30303 - cidr_block = "0.0.0.0/0" - action = "allow" - } - - ingress { - rule_no = 140 - protocol = "tcp" - from_port = 1024 - to_port = 65535 - cidr_block = "0.0.0.0/0" - action = "allow" - } - - egress { - rule_no = 200 - protocol = -1 - to_port = 0 - from_port = 0 - cidr_block = "0.0.0.0/0" - action = "allow" - } -} - diff --git a/packages/terraform-modules-public/aws/testnet/modules/vpc/modules/subnet-public/outputs.tf b/packages/terraform-modules-public/aws/testnet/modules/vpc/modules/subnet-public/outputs.tf deleted file mode 100644 index 4c66e4ce3db..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/vpc/modules/subnet-public/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -output nat_gateway_id { - value = aws_nat_gateway.nat.id -} - -output id { - value = aws_subnet.public.id -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/testnet/modules/vpc/modules/subnet-public/variables.tf b/packages/terraform-modules-public/aws/testnet/modules/vpc/modules/subnet-public/variables.tf deleted file mode 100644 index 51d31c59079..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/vpc/modules/subnet-public/variables.tf +++ /dev/null @@ -1,24 +0,0 @@ -variable vpc_id { - type = string - description = "VPC ID this subnet will belong to" -} - -variable cidr_block { - type = string - description = "CIDR block for this subnet" -} - -variable availability_zone_id { - type = string - description = "Availability zone for this subnet" -} - -variable internet_gateway_id { - type = string - description = "ID for the internet gateway this subnet will route to" -} - -variable "allowed_ssh_clients_cidr_block" { - type = string - description = "CIDR block of allowed SSH clients." -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/testnet/modules/vpc/outputs.tf b/packages/terraform-modules-public/aws/testnet/modules/vpc/outputs.tf deleted file mode 100644 index 8269bcb62ca..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/vpc/outputs.tf +++ /dev/null @@ -1,27 +0,0 @@ -output security_group_ids { - value = { - attestation_service = aws_security_group.attestation_service.id - attestation_db = aws_security_group.attestation_db.id - bastion = aws_security_group.bastion.id - full_node = aws_security_group.full_node.id - validator = aws_security_group.validator.id - proxy = aws_security_group.proxy.id - } -} - -output subnet_ids { - value = { - az1 = { - private = module.celo_private_subnet_az1.id - public = module.celo_public_subnet_az1.id - } - az2 = { - private = module.celo_private_subnet_az2.id - public = module.celo_public_subnet_az2.id - } - } -} - -output id { - value = aws_vpc.celo.id -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/testnet/modules/vpc/variables.tf b/packages/terraform-modules-public/aws/testnet/modules/vpc/variables.tf deleted file mode 100644 index ed7ccc830f3..00000000000 --- a/packages/terraform-modules-public/aws/testnet/modules/vpc/variables.tf +++ /dev/null @@ -1,25 +0,0 @@ -variable name { - type = string - description = "Name of the VPC" - default = "celo-vpc" -} - -variable cidr_blocks { - type = object({ - vpc = string - subnet_az1_public = string - subnet_az1_private = string - subnet_az2_public = string - subnet_az2_private = string - allowed_ssh_clients = string - }) - description = "The cidr_blocks for the different subnets in a redundant Celo network" - default = { - vpc = "10.10.0.0/16" - subnet_az1_public = "10.10.0.0/24" - subnet_az1_private = "10.10.1.0/24" - subnet_az2_public = "10.10.10.0/24" - subnet_az2_private = "10.10.11.0/24" - allowed_ssh_clients = "0.0.0.0/0" - } -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/testnet/outputs.tf b/packages/terraform-modules-public/aws/testnet/outputs.tf deleted file mode 100644 index 23470b6e0ea..00000000000 --- a/packages/terraform-modules-public/aws/testnet/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output vpc { - value = module.celo_vpc -} \ No newline at end of file diff --git a/packages/terraform-modules-public/aws/testnet/variables.tf b/packages/terraform-modules-public/aws/testnet/variables.tf deleted file mode 100644 index 6d4150e1b3f..00000000000 --- a/packages/terraform-modules-public/aws/testnet/variables.tf +++ /dev/null @@ -1,192 +0,0 @@ -variable region { - type = string - description = "AWS Region to provision this cluster" -} - -variable cidr_blocks { - type = object({ - vpc = string - subnet_az1_public = string - subnet_az1_private = string - subnet_az2_public = string - subnet_az2_private = string - allowed_ssh_clients = string - }) - description = "The cidr_blocks for the different subnets in a redundant Celo network" - default = { - vpc = "10.10.0.0/16" - subnet_az1_public = "10.10.0.0/24" - subnet_az1_private = "10.10.1.0/24" - subnet_az2_public = "10.10.10.0/24" - subnet_az2_private = "10.10.11.0/24" - allowed_ssh_clients = "0.0.0.0/0" - } -} - -variable instance_types { - description = "The instance type for each component" - type = map(string) - - default = { - bastion = "t3.micro" - proxy = "t3.medium" # t3.medium to keep costs low in dev. Use c5.xlarge or similar in production - validator = "t3.medium" # t3.medium to keep costs low in dev. Use c5.xlarge or similar in production - attestation_service = "t3.medium" # t3.medium to keep costs low in dev. Use t3.large or similar in production - } -} - -variable iam_instance_profiles { - description = "Optional IAM instances profile names for each component. For example, a profile that gives CloudWatch agent permissions (https://amzn.to/3gpfCt5)" - type = map(string) - - default = { - bastion = null - proxy = null - validator = null - attestation_service = null - } -} - -variable cloudwatch_log_group_names { - description = "Optional log group names to log Docker output to CloudWatch. If this is set for a node type, that node will install the CloudWatch agent. Make sure iam_instance_profile is also set on that node type with CloudWatch agent permissions." - type = map(string) - - default = { - proxy = "" - validator = "" - attestation_service = "" - attestation_node = "" - } - -} - -variable cloudwatch_collect_disk_and_memory_usage { - description = "Determines if the CloudWatch agent should be installed to collect disk and memory usage" - type = bool - default = false -} - -variable key_pair_name { - type = string - description = "AWS Key Pair name for SSH access" -} - -variable celo_image { - type = string - description = "Docker image for Celo nodes" -} - -variable celo_network_id { - type = string - description = "ID of the Celo network to join" -} - -variable celo_image_attestation { - type = string - description = "Docker image for Celo attestation service" -} - -variable ethstats_host { - type = string - description = "Hostname for ethstats" -} - -variable twilio_messaging_service_sid { - type = string -} - -variable twilio_verify_service_sid { - type = string -} - -variable twilio_account_sid { - type = string -} - -variable twilio_unsupported_regions { - type = string -} - -variable twilio_auth_token { - type = string -} - -variable nexmo_api_key { - type = string -} - -variable nexmo_api_secret { - type = string -} - -variable nexmo_unsupported_regions { - type = string -} - -variable proxies { - description = "Configuration for zero or more proxies in each availability zone." - type = object({ - az1 = map(object({ - validator_name = string - validator_signer_address = string - proxy_address = string - proxy_private_key_filename = string - proxy_private_key_file_contents = string - proxy_private_key_password = string - proxy_node_private_key = string - proxy_enode = string - })) - az2 = map(object({ - validator_name = string - validator_signer_address = string - proxy_address = string - proxy_private_key_filename = string - proxy_private_key_file_contents = string - proxy_private_key_password = string - proxy_node_private_key = string - proxy_enode = string - })) - }) -} - -variable validators { - description = "Configuration for zero or more validators in each availability zone" - type = object({ - az1 = map(object({ - name = string - signer_address = string - signer_private_key_filename = string - signer_private_key_file_contents = string - signer_private_key_password = string - })) - az2 = map(object({ - name = string - signer_address = string - signer_private_key_filename = string - signer_private_key_file_contents = string - signer_private_key_password = string - })) - }) -} - -variable attestation_services { - description = "Configuration for zero or more attestation nodes in each availability zone" - type = object({ - az1 = map(object({ - validator_name = string - validator_address = string - attestation_signer_address = string - attestation_signer_private_key_filename = string - attestation_signer_private_key_file_contents = string - attestation_signer_private_key_password = string - })) - az2 = map(object({ - validator_name = string - validator_address = string - attestation_signer_address = string - attestation_signer_private_key_filename = string - attestation_signer_private_key_file_contents = string - attestation_signer_private_key_password = string - })) - }) -} \ No newline at end of file diff --git a/packages/terraform-modules-public/example/.gitignore b/packages/terraform-modules-public/example/.gitignore deleted file mode 100644 index 6fd45f6f257..00000000000 --- a/packages/terraform-modules-public/example/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -*.tfvars - diff --git a/packages/terraform-modules-public/gcp/README.md b/packages/terraform-modules-public/gcp/README.md deleted file mode 100644 index 6f64a963407..00000000000 --- a/packages/terraform-modules-public/gcp/README.md +++ /dev/null @@ -1,20 +0,0 @@ -# Terraform Celo Validator Stack for GCP - -## Overview - -[Terraform](https://www.terraform.io) is a tool by Hashicorp that allows developers to treat _"infrastructure as code"_, easying the management and repeatibility of the infrastructure. Infrastructure and all kind of cloud resources are defined in modules, and Terraform creates/changes/destroys resources when changes are applied. - -Inside the [testnet](./testnet) folder you will find a module (and submodules) to create the setup for running a Celo Validator on Google Cloud Platform. The following resources can be created via these modules: - -- `proxy` module for creating a Geth Proxy which peers with other Celo nodes over the public Internet -- `validator` module for deploying a Validator which peers *only* with the proxy -- `tx-node` for deploying a transaction node (also known as full-node) which is used to support the attestation service, which connects to the RPC via the VPC -- `attestation-service` for deploying the Attestation Service (https://docs.celo.org/getting-started/baklava-testnet/running-a-validator#running-the-attestation-service) - -The proxy, validator and tx-node services expose metrics for collection via Prometheus or similar. See [example/metrics.md](./example/metrics.md) for more info. - -## Stackdriver Logging, Monitoring and Alerting -Support for GCP's Stackdriver platform has been added, which makes it easy to get visibility into how your Celo validator stack is performing. - -## Quick start -Look inside the [example](./example) folder and follow the steps in the README.md there to get started. \ No newline at end of file diff --git a/packages/terraform-modules-public/gcp/celo-infra/main.tf b/packages/terraform-modules-public/gcp/celo-infra/main.tf deleted file mode 100644 index f97db443e9b..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/main.tf +++ /dev/null @@ -1,273 +0,0 @@ -provider "google" { - project = var.gcloud_project - region = var.gcloud_region - zone = var.gcloud_zone -} - -locals { - firewall_target_tags_txnode = ["${var.celo_env}-txnode"] - firewall_target_tags_validator = ["${var.celo_env}-validator"] - firewall_target_tags_proxy = ["${var.celo_env}-proxy"] - firewall_target_tags_attestation_service = ["${var.celo_env}-attestation-service"] - firewall_target_tags_backup_node = ["${var.celo_env}-backup-node"] -} - -# Dummy variable for network dependency -variable network_depends_on { - type = any - default = null -} - -data "google_compute_network" "celo" { - name = var.network_name - depends_on = [var.network_depends_on] -} - -data "google_compute_subnetwork" "celo" { - name = var.network_name - region = var.gcloud_region - depends_on = [var.network_depends_on] -} - -# GCP resources -resource "google_compute_firewall" "ssh_firewall" { - name = "${var.celo_env}-ssh-firewall" - network = var.network_name - - target_tags = concat( - local.firewall_target_tags_txnode, - local.firewall_target_tags_validator, - local.firewall_target_tags_proxy, - local.firewall_target_tags_attestation_service, - local.firewall_target_tags_backup_node - ) - - allow { - protocol = "tcp" - ports = ["22"] - } -} - -resource "google_compute_firewall" "geth_firewall" { - name = "${var.celo_env}-geth-firewall" - network = var.network_name - - target_tags = concat(local.firewall_target_tags_txnode, local.firewall_target_tags_proxy, local.firewall_target_tags_backup_node) - - allow { - protocol = "tcp" - ports = ["30303"] - } - - allow { - protocol = "udp" - ports = ["30303"] - } -} - -#opening tcp/30303 to the validator is unnecessary, as the validator peers via the proxy and has no public IP -#resource "google_compute_firewall" "geth_firewall_validator" { -# name = "${var.celo_env}-geth-firewall-validator" -# network = var.network_name - -# target_tags = concat(local.firewall_target_tags_validator) - -# allow { - # protocol = "tcp" - # ports = ["30303"] -# } -#} - -resource "google_compute_firewall" "geth_metrics_firewall" { - name = "${var.celo_env}-geth-metrics-firewall" - network = var.network_name - - target_tags = concat(local.firewall_target_tags_txnode, local.firewall_target_tags_validator, local.firewall_target_tags_proxy, local.firewall_target_tags_backup_node) - - # allow all IPs internal to the VPC - source_ranges = [data.google_compute_subnetwork.celo.ip_cidr_range] - - allow { - protocol = "tcp" - ports = ["6060"] - } -} - -resource "google_compute_firewall" "rpc_firewall" { - name = "${var.celo_env}-rpc-firewall" - network = var.network_name - - target_tags = local.firewall_target_tags_txnode - - source_ranges = [data.google_compute_subnetwork.celo.ip_cidr_range] - - allow { - protocol = "tcp" - ports = ["8545", "8546"] - } -} - -resource "google_compute_firewall" "proxy" { - name = "${var.celo_env}-proxy-firewall" - network = var.network_name - - target_tags = local.firewall_target_tags_proxy - source_ranges = [data.google_compute_subnetwork.celo.ip_cidr_range] - - allow { - protocol = "tcp" - ports = ["30503"] - } -} - -resource "google_compute_firewall" "attestation-service" { - name = "${var.celo_env}-attestation-service-firewall" - network = var.network_name - - target_tags = local.firewall_target_tags_attestation_service - #source_ranges = [data.google_compute_subnetwork.celo.ip_cidr_range] - - allow { - protocol = "tcp" - ports = ["80"] - } -} - -module "tx_node" { - source = "./modules/tx-node" - # variables - block_time = var.block_time - celo_env = var.celo_env - gcloud_project = var.gcloud_project - instance_type = var.instance_types["txnode"] - ethstats_host = var.ethstats_host - geth_exporter_docker_image_repository = var.geth_exporter_docker_image_repository - geth_exporter_docker_image_tag = var.geth_exporter_docker_image_tag - geth_node_docker_image_repository = var.geth_node_docker_image_repository - geth_node_docker_image_tag = var.geth_node_docker_image_tag - geth_verbosity = var.geth_verbosity - in_memory_discovery_table = var.in_memory_discovery_table - network_id = var.network_id - network_name = var.network_name - tx_node_count = var.tx_node_count - attestation_signer_addresses = var.attestation_signer_addresses - attestation_signer_private_keys = var.attestation_signer_private_keys - attestation_signer_account_passwords = var.attestation_signer_account_passwords - service_account_scopes = var.service_account_scopes -} - -module "backup_node" { - source = "./modules/backup_node" - # variables - block_time = var.block_time - celo_env = var.celo_env - gcloud_project = var.gcloud_project - instance_type = var.instance_types["backup_node"] - ethstats_host = var.ethstats_host - geth_exporter_docker_image_repository = var.geth_exporter_docker_image_repository - geth_exporter_docker_image_tag = var.geth_exporter_docker_image_tag - geth_node_docker_image_repository = var.geth_node_docker_image_repository - geth_node_docker_image_tag = var.geth_node_docker_image_tag - geth_verbosity = var.geth_verbosity - in_memory_discovery_table = var.in_memory_discovery_table - network_id = var.network_id - network_name = var.network_name - backup_node_count = var.backup_node_count - service_account_scopes = var.service_account_scopes -} - -module "proxy" { - source = "./modules/proxy" - # variables - block_time = var.block_time - celo_env = var.celo_env - gcloud_project = var.gcloud_project - instance_type = var.instance_types["proxy"] - ethstats_host = var.ethstats_host - geth_exporter_docker_image_repository = var.geth_exporter_docker_image_repository - geth_exporter_docker_image_tag = var.geth_exporter_docker_image_tag - geth_node_docker_image_repository = var.geth_node_docker_image_repository - geth_node_docker_image_tag = var.geth_node_docker_image_tag - geth_verbosity = var.geth_verbosity - in_memory_discovery_table = var.in_memory_discovery_table - istanbul_request_timeout_ms = var.istanbul_request_timeout_ms - network_id = var.network_id - network_name = var.network_name - tx_node_count = var.tx_node_count - validator_count = var.validator_count - reset_geth_data = var.reset_geth_data - - proxy_name = var.proxy_name - proxy_addresses = var.proxy_addresses - proxy_private_keys = var.proxy_private_keys - proxy_account_passwords = var.proxy_account_passwords - validator_signer_account_addresses = var.validator_signer_account_addresses - service_account_scopes = var.service_account_scopes -} - -module "validator" { - source = "./modules/validator" - # variables - block_time = var.block_time - celo_env = var.celo_env - gcloud_project = var.gcloud_project - instance_type = var.instance_types["validator"] - ethstats_host = var.ethstats_host - geth_exporter_docker_image_repository = var.geth_exporter_docker_image_repository - geth_exporter_docker_image_tag = var.geth_exporter_docker_image_tag - geth_node_docker_image_repository = var.geth_node_docker_image_repository - geth_node_docker_image_tag = var.geth_node_docker_image_tag - geth_verbosity = var.geth_verbosity - in_memory_discovery_table = var.in_memory_discovery_table - istanbul_request_timeout_ms = var.istanbul_request_timeout_ms - network_id = var.network_id - network_name = var.network_name - tx_node_count = var.tx_node_count - validator_count = var.validator_count - reset_geth_data = var.reset_geth_data - - validator_name = var.validator_name - validator_signer_account_addresses = var.validator_signer_account_addresses - validator_signer_account_passwords = var.validator_signer_account_passwords - validator_signer_private_keys = var.validator_signer_private_keys - proxy_enodes = var.proxy_enodes - proxy_internal_ips = module.proxy.internal_ip_addresses - proxy_external_ips = module.proxy.external_ip_addresses - - service_account_scopes = var.service_account_scopes -} - -module "attestation-service" { - source = "./modules/attestation-service" - # Variables - celo_env = var.celo_env - gcloud_region = var.gcloud_region - gcloud_project = var.gcloud_project - instance_type = var.instance_types["attestation_service"] - network_name = var.network_name - attestation_service_count = var.attestation_service_count - db_username = var.attestation_service_db_username - db_password = var.attestation_service_db_password - attestation_service_docker_image_repository = var.attestation_service_docker_image_repository - attestation_service_docker_image_tag = var.attestation_service_docker_image_tag - account_address = var.attestation_signer_addresses - attestation_key = var.attestation_signer_private_keys - validator_signer_account_addresses = var.validator_signer_account_addresses - validator_release_gold_addresses = var.validator_release_gold_addresses - celo_provider = var.attestation_service_celo_provider != "" ? var.attestation_service_celo_provider : "http://${module.tx_node.internal_ip_addresses[0]}:8545" - #celo_provider = var.attestation_service_celo_provider != "" ? var.attestation_service_celo_provider : "http://localhost:8545" - sms_providers = var.attestation_service_sms_providers - nexmo_key = var.attestation_service_nexmo_key - nexmo_secret = var.attestation_service_nexmo_secret - nexmo_blacklist = var.attestation_service_nexmo_blacklist - nexmo_unsupported_regions = var.attestation_service_nexmo_unsupported_regions - twilio_account_sid = var.attestation_service_twilio_account_sid - twilio_messaging_service_sid = var.attestation_service_twilio_messaging_service_sid - twilio_verify_service_sid = var.attestation_service_twilio_verify_service_sid - twilio_auth_token = var.attestation_service_twilio_auth_token - twilio_blacklist = var.attestation_service_twilio_blacklist - twilio_unsupported_regions = var.attestation_service_twilio_unsupported_regions - messagebird_api_key = var.attestation_service_messagebird_api_key - messagebird_unsupported_regions = var.attestation_service_messagebird_unsupported_regions - service_account_scopes = var.service_account_scopes -} diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/attestation-service/main.tf b/packages/terraform-modules-public/gcp/celo-infra/modules/attestation-service/main.tf deleted file mode 100644 index 21f07da7843..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/attestation-service/main.tf +++ /dev/null @@ -1,98 +0,0 @@ -locals { - name_prefix = "${var.gcloud_project}-attestation-svc" -} - -resource "google_sql_database_instance" "main" { - count = var.attestation_service_count > 0 ? 1 : 0 - name = "${local.name_prefix}-db-${random_id.db_name.hex}" - database_version = "POSTGRES_9_6" - region = var.gcloud_region - - settings { - tier = "db-f1-micro" - } -} - -resource "google_sql_user" "celo" { - count = var.attestation_service_count > 0 ? 1 : 0 - name = var.db_username - instance = google_sql_database_instance.main[0].name - password = var.db_password -} - -resource "google_compute_address" "attestation_service" { - count = var.attestation_service_count > 0 ? var.attestation_service_count : 0 - name = "${local.name_prefix}-address" - address_type = "EXTERNAL" -} - -resource "google_compute_address" "attestation_service_internal" { - count = var.attestation_service_count > 0 ? var.attestation_service_count : 0 - name = "${local.name_prefix}-internal-address" - address_type = "INTERNAL" - purpose = "GCE_ENDPOINT" -} - -resource "google_compute_instance" "attestation_service" { - count = var.attestation_service_count > 0 ? var.attestation_service_count : 0 - name = "${local.name_prefix}-${count.index}" - machine_type = var.instance_type - - deletion_protection = false - - tags = ["${var.celo_env}-attestation-service"] - - allow_stopping_for_update = false # cannot update in place w/o a persistent disk - - boot_disk { - initialize_params { - image = "debian-cloud/debian-10" - } - } - - network_interface { - network = var.network_name - network_ip = google_compute_address.attestation_service_internal[count.index].address - access_config { - nat_ip = google_compute_address.attestation_service[count.index].address - } - } - - metadata_startup_script = templatefile( - format("%s/startup.sh", path.module), { - rid : count.index, - attestation_key : "0x${var.attestation_key[count.index]}", - account_address : var.account_address[count.index], - validator_signer_address : var.validator_signer_account_addresses[count.index], - validator_release_gold_address : var.validator_release_gold_addresses[count.index], - celo_provider : var.celo_provider, - attestation_service_docker_image_repository : var.attestation_service_docker_image_repository, - attestation_service_docker_image_tag : var.attestation_service_docker_image_tag, - db_username : google_sql_user.celo[0].name, - db_password : google_sql_user.celo[0].password, - db_connection_name : google_sql_database_instance.main[0].connection_name, - sms_providers : var.sms_providers, - nexmo_key : var.nexmo_key, - nexmo_secret : var.nexmo_secret, - nexmo_blacklist : var.nexmo_blacklist, - nexmo_unsupported_regions : var.nexmo_unsupported_regions, - twilio_account_sid : var.twilio_account_sid, - twilio_messaging_service_sid : var.twilio_messaging_service_sid, - twilio_verify_service_sid : var.twilio_verify_service_sid, - twilio_auth_token : var.twilio_auth_token, - twilio_blacklist : var.twilio_blacklist, - twilio_unsupported_regions : var.twilio_unsupported_regions, - messagebird_api_key : var.messagebird_api_key, - messagebird_unsupported_regions : var.messagebird_unsupported_regions - } - ) - - service_account { - scopes = var.service_account_scopes - } - -} - -resource "random_id" "db_name" { - byte_length = 4 -} diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/attestation-service/startup.sh b/packages/terraform-modules-public/gcp/celo-infra/modules/attestation-service/startup.sh deleted file mode 100644 index 3f03124f275..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/attestation-service/startup.sh +++ /dev/null @@ -1,324 +0,0 @@ -#!/bin/bash - - -# ---- Configure logrotate ---- -echo "Configuring logrotate" | logger -cat <<'EOF' > '/etc/logrotate.d/rsyslog' -/var/log/syslog -/var/log/mail.info -/var/log/mail.warn -/var/log/mail.err -/var/log/mail.log -/var/log/daemon.log -/var/log/kern.log -/var/log/auth.log -/var/log/user.log -/var/log/lpr.log -/var/log/cron.log -/var/log/debug -/var/log/messages -{ - rotate 3 - daily - missingok - notifempty - delaycompress - compress - sharedscripts - postrotate - #invoke-rc.d rsyslog rotate > /dev/null # does not work on debian10 - kill -HUP `pidof rsyslogd` - endscript -} -EOF - -# ---- Tune rsyslog to avoid redundantly logging docker output -echo "Updating rsyslog.conf to avoid redundantly logging docker output" -cat <<'EOF' > /etc/rsyslog.conf -# /etc/rsyslog.conf configuration file for rsyslog -# -# For more information install rsyslog-doc and see -# /usr/share/doc/rsyslog-doc/html/configuration/index.html - -################# -#### MODULES #### -################# - -module(load="imuxsock") # provides support for local system logging -module(load="imklog") # provides kernel logging support - -########################### -#### GLOBAL DIRECTIVES #### -########################### - -# -# Use traditional timestamp format. -# To enable high precision timestamps, comment out the following line. -# -$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat - -# -# Set the default permissions for all log files. -# -$FileOwner root -$FileGroup adm -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 - -# -# Where to place spool and state files -# -$WorkDirectory /var/spool/rsyslog - -# -# Include all config files in /etc/rsyslog.d/ -# -$IncludeConfig /etc/rsyslog.d/*.conf - - -############### -#### RULES #### -############### - -# -# First some standard log files. Log by facility. -# -auth,authpriv.* /var/log/auth.log -*.*;auth,authpriv.none -/var/log/syslog -kern.* -/var/log/kern.log - -# -# Some "catch-all" log files. -# -*.=debug;\ - auth,authpriv.none;\ - news.none;mail.none -/var/log/debug -*.=info;*.=notice;*.=warn;\ - auth,authpriv.none;\ - cron,daemon.none;\ - mail,news.none -/var/log/messages - -# -# Emergencies are sent to everybody logged in. -# -*.emerg :omusrmsg:* -EOF - -# ---- Restart rsyslogd -echo "Restarting rsyslogd" -systemctl restart rsyslog - -# ---- Useful aliases ---- -echo "Configuring aliases" | logger -echo "alias ll='ls -laF'" >> /etc/skel/.bashrc -echo "alias ll='ls -laF'" >> /root/.bashrc -echo "alias gattach='docker exec -it geth geth attach'" >> /etc/skel/.bashrc - -function save_variable { - local var=$1 - local file=$2 - - [ -n "$var" ] && echo -n "$var" > "$file" -} - -# ---- Install Stackdriver Agent -echo "Installing Stackdriver agent" | logger -curl -sSO https://dl.google.com/cloudagents/add-monitoring-agent-repo.sh -bash add-monitoring-agent-repo.sh -apt update -y -apt install -y stackdriver-agent -systemctl restart stackdriver-agent - -# ---- Install Fluent Log Collector -echo "Installing google fluent log collector agent" | logger -curl -sSO https://dl.google.com/cloudagents/add-logging-agent-repo.sh -bash add-logging-agent-repo.sh -apt update -y -apt install -y google-fluentd -apt install -y google-fluentd-catch-all-config-structured -systemctl restart google-fluentd - -# ---- Setup swap -echo "Setting up swapfile" | logger -fallocate -l 2G /swapfile -chmod 600 /swapfile -mkswap /swapfile -swapon /swapfile -swapon -s -# ---- Install Docker ---- - -echo "Installing Docker..." | logger -apt update -y && apt upgrade -y -apt install -y apt-transport-https ca-certificates curl software-properties-common gnupg2 htop screen -curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - -add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" -apt update -y && apt upgrade -y -apt install -y docker-ce -apt upgrade -y -systemctl start docker - -# ---- Config /etc/screenrc ---- -echo "Configuring /etc/screenrc" | logger -cat <<'EOF' >> '/etc/screenrc' -bindkey -k k1 select 1 # F1 = screen 1 -bindkey -k k2 select 2 # F2 = screen 2 -bindkey -k k3 select 3 # F3 = screen 3 -bindkey -k k4 select 4 # F4 = screen 4 -bindkey -k k5 select 5 # F5 = screen 5 -bindkey -k k6 select 6 # F6 = screen 6 -bindkey -k k7 select 7 # F7 = screen 7 -bindkey -k k8 select 8 # F8 = screen 8 -bindkey -k k9 select 9 # F9 = screen 9 -bindkey -k F1 prev # F11 = prev -bindkey -k F2 next # F12 = next -EOF - -echo "Configuring Docker..." -cat <<'EOF' > '/etc/docker/daemon.json' -{ - "log-driver": "json-file", - "log-opts": { - "max-size": "10m", - "max-file": "3", - "mode": "non-blocking" - } -} -EOF - -echo "Restarting docker" | logger -systemctl restart docker - -# ---- Set Up and Run Attestation Service ---- -echo "Configuring Celo attestation service" | logger - -DATA_DIR=/root/.celo -mkdir -p $DATA_DIR -ATTESTATION_KEY='${attestation_key}' -ACCOUNT_ADDRESS='${account_address}' -ATTESTATION_SIGNER_ADDRESS='${account_address}' -CELO_VALIDATOR_ADDRESS='${validator_release_gold_address}' -CELO_PROVIDER='${celo_provider}' -SMS_PROVIDERS='${sms_providers}' -NEXMO_KEY='${nexmo_key}' -NEXMO_SECRET='${nexmo_secret}' -NEXMO_BLACKLIST='${nexmo_blacklist}' -NEXMO_UNSUPPORTED_REGIONS='${nexmo_unsupported_regions}' -TWILIO_ACCOUNT_SID='${twilio_account_sid}' -TWILIO_MESSAGING_SERVICE_SID='${twilio_messaging_service_sid}' -TWILIO_VERIFY_SERVICE_SID='${twilio_verify_service_sid}' -TWILIO_AUTH_TOKEN='${twilio_auth_token}' -TWILIO_BLACKLIST='${twilio_blacklist}' -TWILIO_UNSUPPORTED_REGIONS='${twilio_unsupported_regions}' -MESSAGEBIRD_API_KEY='${messagebird_api_key}' -MESSAGEBIRD_UNSUPPORTED_REGIONS='${messagebird_unsupported_regions}' - - -ATTESTATION_SERVICE_DOCKER_IMAGE='${attestation_service_docker_image_repository}:${attestation_service_docker_image_tag}' -docker pull "$ATTESTATION_SERVICE_DOCKER_IMAGE" - -# Run the Cloud SQL Proxy -echo "Configuring Cloud SQL Proxy" | logger -cat </etc/systemd/system/cloudsql.service -[Unit] -Description=Docker Container %N -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStart=/usr/bin/docker run \\ - --rm \\ - -v /cloudsql:/cloudsql \\ - -p 127.0.0.1:5432:5432 \\ - gcr.io/cloudsql-docker/gce-proxy:1.11 \\ - /cloud_sql_proxy \\ - -instances=${db_connection_name}=tcp:0.0.0.0:5432 -ExecStop=/usr/bin/docker stop -t 60 %N - -[Install] -WantedBy=default.target -EOF -DATABASE_URL="postgres://${db_username}:${db_password}@127.0.0.1:5432/postgres" -systemctl daemon-reload -systemctl enable cloudsql.service -systemctl restart cloudsql.service - -# Saving variables -save_variable "$DATABASE_URL" "$DATA_DIR/databaseUrl" -save_variable "$ATTESTATION_KEY" "$DATA_DIR/attestationKey" -save_variable "$ATTESTATION_SIGNER_ADDRESS" "$DATA_DIR/attestationSignerAddress" -save_variable "$ACCOUNT_ADDRESS" "$DATA_DIR/accountAddress" -save_variable "$CELO_VALIDATOR_ADDRESS" "$DATA_DIR/validatorAddress" -save_variable "$CELO_PROVIDER" "$DATA_DIR/celoProvider" -save_variable "$SMS_PROVIDERS" "$DATA_DIR/smsProviders" -save_variable "$NEXMO_KEY" "$DATA_DIR/nexmoKey" -save_variable "$NEXMO_SECRET" "$DATA_DIR/nexmoSecret" -save_variable "$NEXMO_BLACKLIST" "$DATA_DIR/nexmoBlacklist" -save_variable "$TWILIO_ACCOUNT_SID" "$DATA_DIR/twilioAccountSid" -save_variable "$TWILIO_MESSAGING_SERVICE_SID" "$DATA_DIR/twilioMessagingServiceSid" -save_variable "$TWILIO_VERIFY_SERVICE_SID" "$DATA_DIR/twilioVerifyServiceSid" -save_variable "$TWILIO_AUTH_TOKEN" "$DATA_DIR/twilioAuthToken" -save_variable "$TWILIO_BLACKLIST" "$DATA_DIR/twilioBlacklist" -save_variable "$TWILIO_UNSUPPORTED_REGIONS" "$DATA_DIR/twilioUnsupportedRegions" -save_variable "$MESSAGEBIRD_API_KEY" "$DATA_DIR/messagebird_api_key" -save_variable "$MESSAGEBIRD_UNSUPPORTED_REGIONS" "$DATA_DIR/messagebird_unsupported_regions" - -cat </etc/systemd/system/attestation-service.service -[Unit] -Description=Docker Container %N -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStart=/usr/bin/docker run \\ - --rm \\ - --name attestation-service \\ - --net=host \\ - --entrypoint /bin/bash \\ - -v $DATA_DIR:$DATA_DIR \\ - -e NODE_ENV=production \\ - -e PORT=80 \\ - -e DATABASE_URL="$DATABASE_URL" \\ - -e ACCOUNT_ADDRESS="$ACCOUNT_ADDRESS" \\ - -e ATTESTATION_SIGNER_ADDRESS="$ATTESTATION_SIGNER_ADDRESS" \\ - -e CELO_VALIDATOR_ADDRESS="$CELO_VALIDATOR_ADDRESS" \\ - -e ATTESTATION_KEY="$ATTESTATION_KEY" \\ - -e CELO_PROVIDER="$CELO_PROVIDER" \\ - -e SMS_PROVIDERS="$SMS_PROVIDERS" \\ - -e NEXMO_KEY="$NEXMO_KEY" \\ - -e NEXMO_SECRET="$NEXMO_SECRET" \\ - -e NEXMO_BLACKLIST="$NEXMO_BLACKLIST" \\ - -e NEXMO_UNSUPPORTED_REGIONS="$NEXMO_UNSUPPORTED_REGIONS" \\ - -e TWILIO_ACCOUNT_SID="$TWILIO_ACCOUNT_SID" \\ - -e TWILIO_MESSAGING_SERVICE_SID="$TWILIO_MESSAGING_SERVICE_SID" \\ - -e TWILIO_VERIFY_SERVICE_SID="$TWILIO_VERIFY_SERVICE_SID" \\ - -e TWILIO_AUTH_TOKEN="$TWILIO_AUTH_TOKEN" \\ - -e TWILIO_BLACKLIST="$TWILIO_BLACKLIST" \\ - -e TWILIO_UNSUPPORTED_REGIONS="$TWILIO_UNSUPPORTED_REGIONS" \\ - -e MESSAGEBIRD_API_KEY="$MESSAGEBIRD_API_KEY" \\ - -e MESSAGEBIRD_UNSUPPORTED_REGIONS="$MESSAGEBIRD_UNSUPPORTED_REGIONS" \\ - - $ATTESTATION_SERVICE_DOCKER_IMAGE -c "\\ - ( \\ - cd /celo-monorepo/packages/attestation-service && \\ - yarn run db:migrate && \\ - yarn start \\ - )" -ExecStop=/usr/bin/docker stop -t 30 %N - -[Install] -WantedBy=default.target -EOF -systemctl daemon-reload -systemctl enable attestation-service.service -systemctl restart attestation-service.service - -echo "Adding DC to docker group" -usermod -aG docker dc - -#--- remove compilers -echo "Removing compilers" | logger -sudo apt remove -y build-essential gcc make linux-compiler-gcc-8-x86 cpp -sudo apt -y autoremove \ No newline at end of file diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/attestation-service/variables.tf b/packages/terraform-modules-public/gcp/celo-infra/modules/attestation-service/variables.tf deleted file mode 100644 index db03e5aab62..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/attestation-service/variables.tf +++ /dev/null @@ -1,153 +0,0 @@ -variable attestation_service_count { - type = number - description = "Number of Attestation Service to deploy" -} - -variable celo_env { - type = string - description = "Name of the testnet Celo environment" -} - -variable gcloud_region { - type = string - description = "Name of the Google Cloud region to use" -} - -variable gcloud_project { - type = string - description = "Name of the Google Cloud project to use" -} - -variable instance_type { - description = "The instance type" - type = string - default = "n1-standard-1" -} - -variable attestation_service_docker_image_repository { - type = string - description = "The docker image repository for the attestation service" -} - -variable attestation_service_docker_image_tag { - type = string - description = "The docker image tag for the attestation service" -} - -variable db_username { - type = string - description = "The User for the database" -} - -variable db_password { - type = string - description = "The password for the database" -} - -variable network_name { - type = string - description = "The name of the network to use" -} - -variable account_address { - type = list(string) - description = "The account address for signing the attestations. Must be an authorized address of the associated validator" -} - -variable attestation_key { - type = list(string) - description = "The account private key for signing the attestations. Must be the private key of an authorized address for the associated validator" -} - -variable validator_signer_account_addresses { - type = list(string) - description = "Array with the Validator account addresses" -} - -variable validator_release_gold_addresses { - type = list(string) - description = "Array with the Validator release gold addresses" -} - -variable celo_provider { - type = string - description = "The URL for the RPC interface for the Celo network" -} - -variable sms_providers { - type = string - description = "The SMS Service provider. eg 'nexmo,messagebird,twilio'" -} - -variable nexmo_key { - type = string - description = "Nexmo api key (check nexmo documentation)" -} - -variable nexmo_secret { - type = string - description = "Nexmo api secret (check nexmo documentation)" -} - -variable nexmo_blacklist { - type = string - description = "Nexmo blacklisted country codes, separated by comma (check nexmo documentation)" -} - -variable nexmo_unsupported_regions { - type = string - description = "Nexmo unsupported country codes, separated by comma (check nexmo documentation)" -} - -variable twilio_account_sid { - type = string - description = "Twilio account SID (check twilio documentation)" -} - -variable twilio_messaging_service_sid { - type = string - description = "Twilio account messaging service SID (check twilio documentation)" -} - -variable twilio_verify_service_sid { - type = string - description = "Twilio account verify service SID (check twilio documentation)" -} - -variable twilio_auth_token { - type = string - description = "Twilio account Auth Token (check twilio documentation)" -} - -variable twilio_blacklist { - type = string - description = "Twilio blacklisted country codes, separated by comma (check twilio documentation)" -} - -variable twilio_unsupported_regions { - type = string - description = "Twilio unsupported country codes, separated by comma (check twilio documentation)" -} - -variable messagebird_api_key { - type = string - description = "Messagebird API key" - default = "" -} - -variable messagebird_unsupported_regions { - type = string - description = "Messagebird unsupported country codes, separated by comma (check Messagebird documentation)" - default = "" -} - -variable "service_account_scopes" { - description = "Scopes to apply to the service account which all nodes in the cluster will inherit" - type = list(string) - - default = [ - "https://www.googleapis.com/auth/monitoring.write", - "https://www.googleapis.com/auth/logging.write", - "https://www.googleapis.com/auth/sqlservice.admin" - ] -} \ No newline at end of file diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/backup_node/main.tf b/packages/terraform-modules-public/gcp/celo-infra/modules/backup_node/main.tf deleted file mode 100644 index 4bf47dc6bf2..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/backup_node/main.tf +++ /dev/null @@ -1,98 +0,0 @@ -locals { - attached_disk_name = "celo-data" - #having project in the instance name helps keep you from torching prod when you think you're working on staging - name_prefix = "${var.gcloud_project}-backup-node" -} - -resource "google_compute_address" "backup_node" { - #name = "${local.name_prefix}-address-${count.index}-${random_id.backup-node[count.index].hex}" - name = "${local.name_prefix}-address-${count.index}" - address_type = "EXTERNAL" - - count = var.backup_node_count - - lifecycle { - create_before_destroy = true - } -} - -resource "google_compute_address" "backup_node_internal" { - name = "${local.name_prefix}-internal-address-${count.index}" - address_type = "INTERNAL" - purpose = "GCE_ENDPOINT" - - count = var.backup_node_count -} - -resource "google_compute_instance" "backup_node" { - name = "${local.name_prefix}-${count.index}" - machine_type = var.instance_type - - deletion_protection = false - - count = var.backup_node_count - - tags = ["${var.celo_env}-backup-node"] - - allow_stopping_for_update = true - - boot_disk { - initialize_params { - image = "debian-cloud/debian-10" - size = 10 - } - } - - attached_disk { - source = google_compute_disk.backup_node[count.index].self_link - device_name = local.attached_disk_name - } - - network_interface { - network = var.network_name - network_ip = google_compute_address.backup_node_internal[count.index].address - access_config { - nat_ip = google_compute_address.backup_node[count.index].address - } - } - - metadata_startup_script = templatefile( - format("%s/startup.sh", path.module), { - attached_disk_name : local.attached_disk_name, - block_time : var.block_time, - ethstats_host : var.ethstats_host, - geth_exporter_docker_image_repository : var.geth_exporter_docker_image_repository, - geth_exporter_docker_image_tag : var.geth_exporter_docker_image_tag, - geth_node_docker_image_repository : var.geth_node_docker_image_repository, - geth_node_docker_image_tag : var.geth_node_docker_image_tag, - geth_verbosity : var.geth_verbosity, - in_memory_discovery_table : var.in_memory_discovery_table, - ip_address : google_compute_address.backup_node[count.index].address, - max_peers : var.backup_node_max_peers, - network_id : var.network_id, - gcloud_project : var.gcloud_project, - reset_geth_data : var.reset_geth_data, - rid : count.index, - } - ) - - service_account { - scopes = var.service_account_scopes - } -} - -resource "random_id" "backup_node" { - count = var.backup_node_count - byte_length = 2 -} - -resource "google_compute_disk" "backup_node" { - name = "${local.name_prefix}-celo-data-disk-${count.index}" - count = var.backup_node_count - - #type = "pd-ssd" - type = "pd-standard" #disk I/O doesn't yet warrant SSD backed validators/proxies - # in GB - size = 50 - physical_block_size_bytes = 4096 -} \ No newline at end of file diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/backup_node/outputs.tf b/packages/terraform-modules-public/gcp/celo-infra/modules/backup_node/outputs.tf deleted file mode 100644 index ee4206f34b3..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/backup_node/outputs.tf +++ /dev/null @@ -1,11 +0,0 @@ -output internal_ip_addresses { - value = google_compute_address.backup_node_internal.*.address -} - -output ip_addresses { - value = google_compute_address.backup_node.*.address -} - -output self_links { - value = google_compute_instance.backup_node.*.self_link -} diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/backup_node/startup.sh b/packages/terraform-modules-public/gcp/celo-infra/modules/backup_node/startup.sh deleted file mode 100644 index d89ef28979d..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/backup_node/startup.sh +++ /dev/null @@ -1,412 +0,0 @@ -#!/bin/bash - - -# ---- Configure logrotate ---- -echo "Configuring logrotate" | logger -cat <<'EOF' > '/etc/logrotate.d/rsyslog' -/var/log/syslog -/var/log/mail.info -/var/log/mail.warn -/var/log/mail.err -/var/log/mail.log -/var/log/daemon.log -/var/log/kern.log -/var/log/auth.log -/var/log/user.log -/var/log/lpr.log -/var/log/cron.log -/var/log/debug -/var/log/messages -{ - rotate 3 - daily - missingok - notifempty - delaycompress - compress - sharedscripts - postrotate - #invoke-rc.d rsyslog rotate > /dev/null # does not work on debian10 - kill -HUP `pidof rsyslogd` - endscript -} -EOF - -# ---- Tune rsyslog to avoid redundantly logging docker output -echo "Updating rsyslog.conf to avoid redundantly logging docker output" -cat <<'EOF' > /etc/rsyslog.conf -# /etc/rsyslog.conf configuration file for rsyslog -# -# For more information install rsyslog-doc and see -# /usr/share/doc/rsyslog-doc/html/configuration/index.html - -################# -#### MODULES #### -################# - -module(load="imuxsock") # provides support for local system logging -module(load="imklog") # provides kernel logging support - -########################### -#### GLOBAL DIRECTIVES #### -########################### - -# -# Use traditional timestamp format. -# To enable high precision timestamps, comment out the following line. -# -$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat - -# -# Set the default permissions for all log files. -# -$FileOwner root -$FileGroup adm -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 - -# -# Where to place spool and state files -# -$WorkDirectory /var/spool/rsyslog - -# -# Include all config files in /etc/rsyslog.d/ -# -$IncludeConfig /etc/rsyslog.d/*.conf - - -############### -#### RULES #### -############### - -# -# First some standard log files. Log by facility. -# -auth,authpriv.* /var/log/auth.log -*.*;auth,authpriv.none -/var/log/syslog -kern.* -/var/log/kern.log - - -# -# Some "catch-all" log files. -# -*.=debug;\ - auth,authpriv.none;\ - news.none;mail.none -/var/log/debug -*.=info;*.=notice;*.=warn;\ - auth,authpriv.none;\ - cron,daemon.none;\ - mail,news.none -/var/log/messages - -# -# Emergencies are sent to everybody logged in. -# -*.emerg :omusrmsg:* -EOF - -# ---- Restart rsyslogd -echo "Restarting rsyslogd" -systemctl restart rsyslog - -# ---- Create backup script -echo "Creating chaindata backup script" | logger -cat <<'EOF' > /root/backup.sh -#!/bin/bash -# This script stops geth, tars up the chaindata (with gzip compression), and copies it to GCS. -# The 'chaindata' GCS bucket has versioning enabled, so if a corrupted tarball is uploaded, an older version can be selected for restore. -# This takes quit some time, and takes quite a bit of local disk. -# The rsync variant (below) is more efficient, but tarballs are more portable. -set -x - -echo "Starting chaindata backup" | logger -systemctl stop geth.service -sleep 5 -tar -C /root/.celo/celo -zcvf /root/.celo/celo/chaindata.tgz chaindata -gsutil cp /root/.celo/celo/chaindata.tgz gs://${gcloud_project}-chaindata -rm -f /root/.celo/celo/chaindata.tgz -echo "Chaindata backup completed" | logger -sleep 3 -systemctl start geth.service -EOF -chmod u+x /root/backup.sh - -# ---- Create rsync backup script -echo "Creating rsync chaindata backup script" | logger -cat <<'EOF' > /root/backup_rsync.sh -#!/bin/bash -# This script stops geth, and uses rsync to copy chaindata to GCS. -set -x -CELO_DIR="/root/.celo/celo" - -echo "Starting rsync chaindata backup" | logger -systemctl stop geth.service -sleep 5 -gsutil -m rsync -d -r /root/.celo/celo/chaindata gs://${gcloud_project}-chaindata-rsync -echo "rsync chaindata backup completed" | logger -sleep 3 -systemctl start geth.service -EOF -chmod u+x /root/backup_rsync.sh - -# ---- Add backups to cron -# note that this will make the backup_node geth unavailable during the backup, which is why -# we run this on a dedicated backup node now instead of the attestation service txnode -cat <<'EOF' > /root/backup.crontab -# m h dom mon dow command -# backup full tarball once a day at 00:57 -57 0 * * * /root/backup.sh > /dev/null 2>&1 -# backup via rsync run every six hours at 00:17 past the hour -17 */6 * * * /root/backup_rsync.sh > /dev/null 2>&1 -EOF -/usr/bin/crontab /root/backup.crontab - -# ---- Create restore script -echo "Creating chaindata restore script" | logger -cat <<'EOF' > /root/restore.sh -#!/bin/bash -set -x - -# test to see if chaindata exists in bucket -gsutil -q stat gs://${gcloud_project}-chaindata/chaindata.tgz -if [ $? -eq 0 ] -then - #chaindata exists in bucket - mkdir -p /root/.celo/celo - mkdir -p /root/.celo/celo/restore - echo "downloading chaindata from gs://${gcloud_project}-chaindata/chaindata.tgz" | logger - gsutil cp gs://${gcloud_project}-chaindata/chaindata.tgz /root/.celo/celo/restore/chaindata.tgz - echo "stopping geth to untar chaindata" | logger - systemctl stop geth.service - sleep 3 - echo "Deleting old chaindata" | logger - rm -rf /root/.celo/celo/chaindata/* - echo "untarring chaindata" | logger - tar zxvf /root/.celo/celo/restore/chaindata.tgz --directory /root/.celo/celo - echo "removing chaindata tarball" | logger - rm -rf /root/.celo/celo/restore/chaindata.tgz - sleep 3 - echo "starting geth" | logger - systemctl start geth.service - else - echo "No chaindata.tgz found in bucket gs://${gcloud_project}-chaindata, aborting warp restore" | logger - fi -EOF -chmod u+x /root/restore.sh - -# ---- Create rsync restore script -echo "Creating rsync chaindata restore script" | logger -cat <<'EOF' > /root/restore_rsync.sh -#!/bin/bash -set -x - -# test to see if chaindata exists in the rsync chaindata bucket -gsutil -q stat gs://${gcloud_project}-chaindata-rsync/CURRENT -if [ $? -eq 0 ] -then - #chaindata exists in bucket - echo "stopping geth" | logger - systemctl stop geth.service - echo "downloading chaindata via rsync from gs://${gcloud_project}-chaindata-rsync" | logger - mkdir -p /root/.celo/celo/chaindata - gsutil -m rsync -d -r gs://${gcloud_project}-chaindata-rsync /root/.celo/celo/chaindata - echo "restarting geth" | logger - sleep 3 - systemctl start geth.service - else - echo "No chaindata found in bucket gs://${gcloud_project}-chaindata-rsync, aborting warp restore" | logger - fi -EOF -chmod u+x /root/restore_rsync.sh - -# ---- Useful aliases ---- -echo "Configuring aliases" | logger -echo "alias ll='ls -laF'" >> /etc/skel/.bashrc -echo "alias ll='ls -laF'" >> /root/.bashrc -echo "alias gattach='docker exec -it geth geth attach'" >> /etc/skel/.bashrc - -# ---- Install Stackdriver Agent -echo "Installing Stackdriver agent" | logger -curl -sSO https://dl.google.com/cloudagents/add-monitoring-agent-repo.sh -bash add-monitoring-agent-repo.sh -apt update -y -apt install -y stackdriver-agent -systemctl restart stackdriver-agent - -# ---- Install Fluent Log Collector -echo "Installing google fluent log collector agent" | logger -curl -sSO https://dl.google.com/cloudagents/add-logging-agent-repo.sh -bash add-logging-agent-repo.sh -apt update -y -apt install -y google-fluentd -apt install -y google-fluentd-catch-all-config-structured -systemctl restart google-fluentd - - - -# ---- Set Up Persistent Disk ---- - -# gives a path similar to `/dev/sdb` -DISK_PATH=$(readlink -f /dev/disk/by-id/google-${attached_disk_name}) -DATA_DIR=/root/.celo - -echo "Setting up persistent disk ${attached_disk_name} at $DISK_PATH..." - -DISK_FORMAT=ext4 -CURRENT_DISK_FORMAT=$(lsblk -i -n -o fstype $DISK_PATH) - -echo "Checking if disk $DISK_PATH format $CURRENT_DISK_FORMAT matches desired $DISK_FORMAT..." - -# If the disk has already been formatted previously (this will happen -# if this instance has been recreated with the same disk), we skip formatting -if [[ $CURRENT_DISK_FORMAT == $DISK_FORMAT ]]; then - echo "Disk $DISK_PATH is correctly formatted as $DISK_FORMAT" -else - echo "Disk $DISK_PATH is not formatted correctly, formatting as $DISK_FORMAT..." - mkfs.ext4 -m 0 -F -E lazy_itable_init=0,lazy_journal_init=0,discard $DISK_PATH -fi - -# Mounting the volume -echo "Mounting $DISK_PATH onto $DATA_DIR" -mkdir -p $DATA_DIR -DISK_UUID=$(blkid $DISK_PATH | cut -d '"' -f2) -echo "UUID=$DISK_UUID $DATA_DIR auto discard,defaults 0 0" >> /etc/fstab -mount $DATA_DIR - -# ---- Setup swap -echo "Setting up swapfile" | logger -fallocate -l 4G /root/.celo/swapfile -chmod 600 /root/.celo/swapfile -mkswap /root/.celo/swapfile -swapon /root/.celo/swapfile -swapon -s - -# Remove existing chain data -[[ ${reset_geth_data} == "true" ]] && rm -rf $DATA_DIR/geth -mkdir -p $DATA_DIR/account - -# ---- Install Docker ---- - -echo "Installing Docker..." | logger -apt update -y && apt upgrade -y -apt install -y apt-transport-https ca-certificates curl software-properties-common gnupg2 htop screen -curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - -add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" -apt update -y && apt upgrade -y -apt install -y docker-ce -apt upgrade -y -systemctl start docker - -# ---- Config /etc/screenrc ---- -echo "Configuring /etc/screenrc" | logger -cat <<'EOF' >> '/etc/screenrc' -bindkey -k k1 select 1 # F1 = screen 1 -bindkey -k k2 select 2 # F2 = screen 2 -bindkey -k k3 select 3 # F3 = screen 3 -bindkey -k k4 select 4 # F4 = screen 4 -bindkey -k k5 select 5 # F5 = screen 5 -bindkey -k k6 select 6 # F6 = screen 6 -bindkey -k k7 select 7 # F7 = screen 7 -bindkey -k k8 select 8 # F8 = screen 8 -bindkey -k k9 select 9 # F9 = screen 9 -bindkey -k F1 prev # F11 = prev -bindkey -k F2 next # F12 = next -EOF - -echo "Configuring Docker..." | logger -cat <<'EOF' > '/etc/docker/daemon.json' -{ - "log-driver": "json-file", - "log-opts": { - "max-size": "10m", - "max-file": "3", - "mode": "non-blocking" - } -} -EOF - -echo "Restarting docker" | logger -systemctl restart docker - -# ---- Set Up and Run Geth ---- - -echo "Configuring Geth" | logger - -GETH_NODE_DOCKER_IMAGE=${geth_node_docker_image_repository}:${geth_node_docker_image_tag} - -echo "Pulling geth..." -docker pull $GETH_NODE_DOCKER_IMAGE - -IN_MEMORY_DISCOVERY_TABLE_FLAG="" -[[ ${in_memory_discovery_table} == "true" ]] && IN_MEMORY_DISCOVERY_TABLE_FLAG="--use-in-memory-discovery-table" - -# Load configuration to files -mkdir -p $DATA_DIR/account - -echo -n '${rid}' > $DATA_DIR/replica_id -echo -n '${ip_address}' > $DATA_DIR/ipAddress - -cat </etc/systemd/system/geth.service -[Unit] -Description=Docker Container %N -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStart=/usr/bin/docker run \\ - --rm \\ - --name geth \\ - --net=host \\ - -v $DATA_DIR:$DATA_DIR \\ - --entrypoint /bin/sh \\ - $GETH_NODE_DOCKER_IMAGE -c "\\ - geth \\ - --nousb \\ - --maxpeers ${max_peers} \\ - --rpc \\ - --rpcapi=eth,net,web3 \\ - --networkid=${network_id} \\ - --syncmode=full \\ - --consoleformat=json \\ - --consoleoutput=stdout \\ - --verbosity=${geth_verbosity} \\ - --nat=extip:${ip_address} \\ - --metrics \\ - --pprof \\ - $IN_MEMORY_DISCOVERY_TABLE_FLAG \\ - --light.serve 0 \\ - " -ExecStop=/usr/bin/docker stop -t 300 %N - -[Install] -WantedBy=default.target -EOF - -echo "Adding DC to docker group" | logger -usermod -aG docker dc - -# --- run restore script -# this script tries to restore chaindata from a GCS hosted tarball. -# if the chaindata doesn't exist on GCS, geth will start normal (slow) p2p sync -echo "Attempting to restore chaindata from backup tarball" -bash /root/restore.sh - -# todo: add some logic to look at the chaindata tarball bucket versus the rsync bucket and pick the best one. -# for now we try both, with rsync taking precedence b/c it runs last. - -# --- run rsync restore script -# this script tries to restore chaindata from a GCS hosted bucket via rsync. -# if the chaindata doesn't exist on GCS, geth will start normal (slow) p2p sync, perhaps boosted by what the tarball provided -echo "Attempting to restore chaindata from backup via rsync" -bash /root/restore_rsync.sh - -echo "Starting Geth" -systemctl daemon-reload -systemctl enable geth.service - -#--- remove compilers -echo "Removing compilers" | logger -sudo apt remove -y build-essential gcc make linux-compiler-gcc-8-x86 cpp -sudo apt -y autoremove \ No newline at end of file diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/backup_node/variables.tf b/packages/terraform-modules-public/gcp/celo-infra/modules/backup_node/variables.tf deleted file mode 100644 index 46140bce417..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/backup_node/variables.tf +++ /dev/null @@ -1,87 +0,0 @@ -variable block_time { - type = number - description = "Number of seconds between each block" -} - -variable celo_env { - type = string - description = "Name of the Celo environment" -} - -variable gcloud_project { - type = string - description = "Name of the Google Cloud project to use" -} - -variable instance_type { - description = "The instance type" - type = string - default = "n1-standard-1" -} - -variable ethstats_host { - type = string - description = "Ethstats url or IP address" -} - -variable geth_exporter_docker_image_repository { - type = string - description = "Repository of the geth exporter docker image" -} - -variable geth_exporter_docker_image_tag { - type = string - description = "Tag of the geth exporter docker image" -} - -variable geth_node_docker_image_repository { - type = string - description = "Repository of the geth docker image" -} - -variable geth_node_docker_image_tag { - type = string - description = "Tag of the geth docker image" -} - -variable geth_verbosity { - type = number - description = "Verbosity of the tx-nodes" -} - -variable in_memory_discovery_table { - type = bool - description = "Specifies whether to use an in memory discovery table" -} - -variable network_id { - type = number - description = "The network ID number" -} - -variable network_name { - type = string - description = "Name of the GCP network the tx-node VM is in" -} - -variable backup_node_count { - type = number - description = "Number of backup_nodes to create" -} - -variable reset_geth_data { - type = bool - description = "Specifies if the existing chain data should be removed while creating the instance" - default = true -} - -variable backup_node_max_peers { - type = number - description = "Max number of peers to connect with" - default = 120 -} - -variable service_account_scopes { - type = list(string) - description = "Scopes to apply to the service account which all nodes in the cluster will inherit" -} \ No newline at end of file diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/proxy/main.tf b/packages/terraform-modules-public/gcp/celo-infra/modules/proxy/main.tf deleted file mode 100644 index d9c64668e3a..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/proxy/main.tf +++ /dev/null @@ -1,94 +0,0 @@ -locals { - attached_disk_name = "celo-data" - name_prefix = "${var.gcloud_project}-proxy" -} - -resource "google_compute_address" "proxy" { - name = "${local.name_prefix}-address-${count.index}" - address_type = "EXTERNAL" - - count = var.validator_count -} - -resource "google_compute_address" "proxy_internal" { - name = "${local.name_prefix}-internal-address-${count.index}" - address_type = "INTERNAL" - purpose = "GCE_ENDPOINT" - - count = var.validator_count -} - -resource "google_compute_instance" "proxy" { - name = "${local.name_prefix}-${count.index}" - machine_type = var.instance_type - - #deletion_protection = false - deletion_protection = true - - count = var.validator_count - - tags = ["${var.celo_env}-proxy"] - - allow_stopping_for_update = true - - boot_disk { - initialize_params { - image = "debian-cloud/debian-10" - } - } - - attached_disk { - source = google_compute_disk.proxy[count.index].self_link - device_name = local.attached_disk_name - } - - network_interface { - network = var.network_name - network_ip = google_compute_address.proxy_internal[count.index].address - access_config { - nat_ip = google_compute_address.proxy[count.index].address - } - } - - metadata_startup_script = templatefile( - format("%s/startup.sh", path.module), { - attached_disk_name : local.attached_disk_name, - block_time : var.block_time, - ethstats_host : var.ethstats_host, - geth_exporter_docker_image_repository : var.geth_exporter_docker_image_repository, - geth_exporter_docker_image_tag : var.geth_exporter_docker_image_tag, - geth_node_docker_image_repository : var.geth_node_docker_image_repository, - geth_node_docker_image_tag : var.geth_node_docker_image_tag, - geth_verbosity : var.geth_verbosity, - in_memory_discovery_table : var.in_memory_discovery_table, - ip_address : google_compute_address.proxy[count.index].address, - istanbul_request_timeout_ms : var.istanbul_request_timeout_ms, - max_peers : var.proxy_max_peers, - network_id : var.network_id, - gcloud_project : var.gcloud_project, - rid : count.index, - proxy_name : var.proxy_name, - proxy_address: var.proxy_addresses[count.index], - proxy_private_key : var.proxy_private_keys[count.index], - proxy_geth_account_secret : var.proxy_account_passwords[count.index], - validator_account_address : var.validator_signer_account_addresses[count.index], - reset_geth_data : var.reset_geth_data - } - ) - - service_account { - scopes = var.service_account_scopes - } - -} - -resource "google_compute_disk" "proxy" { - name = "${local.name_prefix}-disk-${count.index}" - count = var.validator_count - - #type = "pd-ssd" - type = "pd-standard" #disk I/O doesn't yet warrant SSD backed validators/proxies - # in GB - size = 50 - physical_block_size_bytes = 4096 -} diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/proxy/outputs.tf b/packages/terraform-modules-public/gcp/celo-infra/modules/proxy/outputs.tf deleted file mode 100644 index a61e005d184..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/proxy/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -output internal_ip_addresses { - value = google_compute_address.proxy_internal.*.address -} - -output external_ip_addresses { - value = google_compute_address.proxy.*.address -} diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/proxy/startup.sh b/packages/terraform-modules-public/gcp/celo-infra/modules/proxy/startup.sh deleted file mode 100644 index 67dfb732bb7..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/proxy/startup.sh +++ /dev/null @@ -1,393 +0,0 @@ -#!/bin/bash - - -# ---- Configure logrotate ---- -echo "Configuring logrotate" | logger -cat <<'EOF' > '/etc/logrotate.d/rsyslog' -/var/log/syslog -/var/log/mail.info -/var/log/mail.warn -/var/log/mail.err -/var/log/mail.log -/var/log/daemon.log -/var/log/kern.log -/var/log/auth.log -/var/log/user.log -/var/log/lpr.log -/var/log/cron.log -/var/log/debug -/var/log/messages -{ - rotate 3 - daily - missingok - notifempty - delaycompress - compress - sharedscripts - postrotate - #invoke-rc.d rsyslog rotate > /dev/null # does not work on debian10 - kill -HUP `pidof rsyslogd` - endscript -} -EOF - -# ---- Tune rsyslog to avoid redundantly logging docker output -echo "Updating rsyslog.conf to avoid redundantly logging docker output" -cat <<'EOF' > /etc/rsyslog.conf -# /etc/rsyslog.conf configuration file for rsyslog -# -# For more information install rsyslog-doc and see -# /usr/share/doc/rsyslog-doc/html/configuration/index.html - -################# -#### MODULES #### -################# - -module(load="imuxsock") # provides support for local system logging -module(load="imklog") # provides kernel logging support - -########################### -#### GLOBAL DIRECTIVES #### -########################### - -# -# Use traditional timestamp format. -# To enable high precision timestamps, comment out the following line. -# -$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat - -# -# Set the default permissions for all log files. -# -$FileOwner root -$FileGroup adm -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 - -# -# Where to place spool and state files -# -$WorkDirectory /var/spool/rsyslog - -# -# Include all config files in /etc/rsyslog.d/ -# -$IncludeConfig /etc/rsyslog.d/*.conf - - -############### -#### RULES #### -############### - -# -# First some standard log files. Log by facility. -# -auth,authpriv.* /var/log/auth.log -*.*;auth,authpriv.none -/var/log/syslog -kern.* -/var/log/kern.log - - -# -# Some "catch-all" log files. -# -*.=debug;\ - auth,authpriv.none;\ - news.none;mail.none -/var/log/debug -*.=info;*.=notice;*.=warn;\ - auth,authpriv.none;\ - cron,daemon.none;\ - mail,news.none -/var/log/messages - -# -# Emergencies are sent to everybody logged in. -# -*.emerg :omusrmsg:* -EOF - -# ---- Restart rsyslogd -echo "Restarting rsyslogd" -systemctl restart rsyslog - -# ---- Create restore script -echo "Creating chaindata restore script" | logger -cat <<'EOF' > /root/restore.sh -#!/bin/bash -set -x - -# test to see if chaindata exists in bucket -gsutil -q stat gs://${gcloud_project}-chaindata/chaindata.tgz -if [ $? -eq 0 ] -then - #chaindata exists in bucket - mkdir -p /root/.celo/celo - mkdir -p /root/.celo/celo/restore - echo "downloading chaindata from gs://${gcloud_project}-chaindata/chaindata.tgz" | logger - gsutil cp gs://${gcloud_project}-chaindata/chaindata.tgz /root/.celo/celo/restore/chaindata.tgz - echo "stopping geth to untar chaindata" | logger - systemctl stop geth.service - sleep 3 - echo "Deleting old chaindata" | logger - rm -rf /root/.celo/celo/chaindata/* - echo "untarring chaindata" | logger - tar zxvf /root/.celo/celo/restore/chaindata.tgz --directory /root/.celo/celo - echo "removing chaindata tarball" | logger - rm -rf /root/.celo/celo/restore/chaindata.tgz - sleep 3 - echo "starting geth" | logger - systemctl start geth.service - else - echo "No chaindata.tgz found in bucket gs://${gcloud_project}-chaindata, aborting warp restore" | logger - fi -EOF -chmod u+x /root/restore.sh - -# ---- Create rsync restore script -echo "Creating rsync chaindata restore script" | logger -cat <<'EOF' > /root/restore_rsync.sh -#!/bin/bash -set -x - -# test to see if chaindata exists in the rsync chaindata bucket -gsutil -q stat gs://${gcloud_project}-chaindata-rsync/CURRENT -if [ $? -eq 0 ] -then - #chaindata exists in bucket - echo "stopping geth" | logger - systemctl stop geth.service - echo "downloading chaindata via rsync from gs://${gcloud_project}-chaindata-rsync" | logger - mkdir -p /root/.celo/celo/chaindata - gsutil -m rsync -d -r gs://${gcloud_project}-chaindata-rsync /root/.celo/celo/chaindata - echo "restarting geth" | logger - sleep 3 - systemctl start geth.service - else - echo "No chaindata found in bucket gs://${gcloud_project}-chaindata-rsync, aborting warp restore" | logger - fi -EOF -chmod u+x /root/restore_rsync.sh - -# ---- Useful aliases ---- -echo "Configuring aliases" | logger -echo "alias ll='ls -laF'" >> /etc/skel/.bashrc -echo "alias ll='ls -laF'" >> /root/.bashrc -echo "alias gattach='docker exec -it geth geth attach'" >> /etc/skel/.bashrc - -# ---- Install Stackdriver Agent -echo "Installing Stackdriver agent" | logger -curl -sSO https://dl.google.com/cloudagents/add-monitoring-agent-repo.sh -bash add-monitoring-agent-repo.sh -apt update -y -apt install -y stackdriver-agent -systemctl restart stackdriver-agent - -# ---- Install Fluent Log Collector -echo "Installing google fluent log collector agent" | logger -curl -sSO https://dl.google.com/cloudagents/add-logging-agent-repo.sh -bash add-logging-agent-repo.sh -apt update -y -apt install -y google-fluentd -apt install -y google-fluentd-catch-all-config-structured -systemctl restart google-fluentd - -# ---- Set Up Persistent Disk ---- - -# gives a path similar to `/dev/sdb` -DISK_PATH=$(readlink -f /dev/disk/by-id/google-${attached_disk_name}) -DATA_DIR=/root/.celo - -echo "Setting up persistent disk ${attached_disk_name} at $DISK_PATH..." - -DISK_FORMAT=ext4 -CURRENT_DISK_FORMAT=$(lsblk -i -n -o fstype $DISK_PATH) - -echo "Checking if disk $DISK_PATH format $CURRENT_DISK_FORMAT matches desired $DISK_FORMAT..." - -# If the disk has already been formatted previously (this will happen -# if this instance has been recreated with the same disk), we skip formatting -if [[ $CURRENT_DISK_FORMAT == $DISK_FORMAT ]]; then - echo "Disk $DISK_PATH is correctly formatted as $DISK_FORMAT" -else - echo "Disk $DISK_PATH is not formatted correctly, formatting as $DISK_FORMAT..." - mkfs.ext4 -m 0 -F -E lazy_itable_init=0,lazy_journal_init=0,discard $DISK_PATH -fi - -# Mounting the volume -echo "Mounting $DISK_PATH onto $DATA_DIR" -mkdir -p $DATA_DIR -DISK_UUID=$(blkid $DISK_PATH | cut -d '"' -f2) -echo "UUID=$DISK_UUID $DATA_DIR auto discard,defaults 0 0" >> /etc/fstab -mount $DATA_DIR - -# ---- Setup swap -echo "Setting up swapfile" | logger -fallocate -l 4G /root/.celo/swapfile -chmod 600 /root/.celo/swapfile -mkswap /root/.celo/swapfile -swapon /root/.celo/swapfile -swapon -s - -# Remove existing chain data -[[ ${reset_geth_data} == "true" ]] && rm -rf $DATA_DIR/geth -mkdir -p $DATA_DIR/account - -# ---- Install Docker ---- - -echo "Installing Docker..." | logger -apt update -y && apt upgrade -y -apt install -y apt-transport-https ca-certificates curl software-properties-common gnupg2 htop screen -curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - -add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" -apt update -y && apt upgrade -y -apt install -y docker-ce -apt upgrade -y -systemctl start docker - -# ---- Config /etc/screenrc ---- -echo "Configuring /etc/screenrc" | logger -cat <<'EOF' >> '/etc/screenrc' -bindkey -k k1 select 1 # F1 = screen 1 -bindkey -k k2 select 2 # F2 = screen 2 -bindkey -k k3 select 3 # F3 = screen 3 -bindkey -k k4 select 4 # F4 = screen 4 -bindkey -k k5 select 5 # F5 = screen 5 -bindkey -k k6 select 6 # F6 = screen 6 -bindkey -k k7 select 7 # F7 = screen 7 -bindkey -k k8 select 8 # F8 = screen 8 -bindkey -k k9 select 9 # F9 = screen 9 -bindkey -k F1 prev # F11 = prev -bindkey -k F2 next # F12 = next -EOF - -echo "Configuring Docker..." | logger -cat <<'EOF' > '/etc/docker/daemon.json' -{ - "log-driver": "json-file", - "log-opts": { - "max-size": "10m", - "max-file": "3", - "mode": "non-blocking" - } -} -EOF - -echo "Restarting docker" | logger -systemctl restart docker - -# ---- Set Up and Run Geth ---- - -echo "Configuring Geth" | logger - -DATA_DIR=/root/.celo - -GETH_NODE_DOCKER_IMAGE=${geth_node_docker_image_repository}:${geth_node_docker_image_tag} - -echo "Pulling geth..." | logger -docker pull $GETH_NODE_DOCKER_IMAGE - -IN_MEMORY_DISCOVERY_TABLE_FLAG="" -[[ ${in_memory_discovery_table} == "true" ]] && IN_MEMORY_DISCOVERY_TABLE_FLAG="--use-in-memory-discovery-table" - -# Load configuration to files -mkdir -p $DATA_DIR/account - -echo -n '${rid}' > $DATA_DIR/replica_id -echo -n '${ip_address}' > $DATA_DIR/ipAddress -echo -n '${proxy_private_key}' > $DATA_DIR/pkey -echo -h '${proxy_geth_account_secret}' > $DATA_DIR/account/accountSecret - -echo "Starting geth..." | logger -# We need to override the entrypoint in the geth image (which is originally `geth`). -# `geth account import` fails when the account has already been imported. In -# this case, we do not want to pipefail - -docker run \ - --rm \ - --net=host \ - -v $DATA_DIR:$DATA_DIR \ - --entrypoint /bin/sh \ - -i $GETH_NODE_DOCKER_IMAGE \ - -c "geth account import --password $DATA_DIR/account/accountSecret $DATA_DIR/pkey | true" - -cat </etc/systemd/system/geth.service -[Unit] -Description=Docker Container %N -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStart=/usr/bin/docker run \\ - --rm \\ - --name geth \\ - --net=host \\ - -v $DATA_DIR:$DATA_DIR \\ - --entrypoint /bin/sh \\ - $GETH_NODE_DOCKER_IMAGE -c "\\ - geth \\ - --etherbase ${proxy_address} \\ - --unlock ${proxy_address} \\ - --password $DATA_DIR/account/accountSecret \\ - --allow-insecure-unlock \\ - --nousb \\ - --rpc \\ - --rpcaddr 0.0.0.0 \\ - --rpcapi=eth,net,web3 \\ - --rpccorsdomain='*' \\ - --rpcvhosts=* \\ - --ws \\ - --wsaddr 0.0.0.0 \\ - --wsorigins=* \\ - --wsapi=eth,net,web3 \\ - --nodekey=$DATA_DIR/pkey \\ - --networkid=${network_id} \\ - --syncmode=full \\ - --consoleformat=json \\ - --consoleoutput=stdout \\ - --verbosity=${geth_verbosity} \\ - --celostats=${proxy_name}@${ethstats_host} \\ - --istanbul.blockperiod=${block_time} \\ - --istanbul.requesttimeout=${istanbul_request_timeout_ms} \\ - --maxpeers=${max_peers} \\ - --nat=extip:${ip_address} \\ - --metrics \\ - --pprof \\ - $IN_MEMORY_DISCOVERY_TABLE_FLAG \\ - --proxy.proxy \\ - --proxy.proxiedvalidatoraddress ${validator_account_address} \\ - --proxy.internalendpoint :30503 \\ - --light.serve 0 \\ - " -ExecStop=/usr/bin/docker stop -t 60 %N - -[Install] -WantedBy=default.target -EOF - -echo "Starting Geth" | logger -systemctl daemon-reload -systemctl enable geth.service - -echo "Adding DC to docker group" | logger -usermod -aG docker dc - -# --- run restore script -# this script tries to restore chaindata from a GCS hosted tarball. -# if the chaindata doesn't exist on GCS, geth will start normal (slow) p2p sync -echo "Restoring chaindata from backup tarball" | logger -bash /root/restore.sh - -# todo: add some logic to look at the chaindata tarball bucket versus the rsync bucket and pick the best one. -# for now we try both, with rsync taking precedence b/c it runs last. - -# --- run rsync restore script -# this script tries to restore chaindata from a GCS hosted bucket via rsync. -# if the chaindata doesn't exist on GCS, geth will start normal (slow) p2p sync, perhaps boosted by what the tarball provided -echo "Restoring chaindata from backup via rsync" | logger -bash /root/restore_rsync.sh - -#--- remove compilers -echo "Removing compilers" | logger -sudo apt remove -y build-essential gcc make linux-compiler-gcc-8-x86 cpp -sudo apt -y autoremove \ No newline at end of file diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/proxy/variables.tf b/packages/terraform-modules-public/gcp/celo-infra/modules/proxy/variables.tf deleted file mode 100644 index f17480938f5..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/proxy/variables.tf +++ /dev/null @@ -1,123 +0,0 @@ -variable block_time { - type = number - description = "Number of seconds between each block" -} - -variable celo_env { - type = string - description = "Name of the testnet Celo environment" -} - -variable gcloud_project { - type = string - description = "Name of the Google Cloud project to use" -} - -variable instance_type { - description = "The instance type" - type = string - default = "n1-standard-2" -} - -variable ethstats_host { - type = string - description = "Ethstats url or IP address" -} - -variable geth_exporter_docker_image_repository { - type = string - description = "Repository of the geth exporter docker image" -} - -variable geth_exporter_docker_image_tag { - type = string - description = "Tag of the geth exporter docker image" -} - -variable geth_node_docker_image_repository { - type = string - description = "Repository of the geth docker image" -} - -variable geth_node_docker_image_tag { - type = string - description = "Tag of the geth docker image" -} - -variable geth_verbosity { - type = number - description = "Verbosity of the proxy nodes" -} - -variable in_memory_discovery_table { - type = bool - description = "Specifies whether to use an in memory discovery table" -} - -variable istanbul_request_timeout_ms { - type = number - description = "The number of ms for the istanbul request timeout" -} - -variable network_id { - type = number - description = "The network ID number" -} - -variable network_name { - type = string - description = "Name of the GCP network the proxy VM is in" -} - -variable tx_node_count { - type = number - description = "Number of tx-nodes that are created" -} - -variable validator_count { - type = number - description = "Number of proxys to create" -} - -variable proxy_private_keys { - type = list(string) - description = "Array with the Proxy private keys" -} - -variable validator_signer_account_addresses { - type = list(string) - description = "Array with the Validator etherbase account addresses" -} - -variable reset_geth_data { - type = bool - description = "Specifies if the existing chain data should be removed while creating the instance" - default = true -} - -variable proxy_name { - type = string - description = "The proxy Name for celostats" -} - -variable proxy_addresses { - type = list(string) - description = "The proxy address for celostats" -} - -variable proxy_max_peers { - type = number - description = "Max number of peers to connect with" - default = 125 - #note this does not behave as expected. 120 means we get 20 (unelected). -} - -variable proxy_account_passwords { - type = list(string) - description = "Array with the proxy account passwords" -} - -variable "service_account_scopes" { - description = "Scopes to apply to the service account which all nodes in the cluster will inherit" - type = list(string) -} \ No newline at end of file diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/tx-node/main.tf b/packages/terraform-modules-public/gcp/celo-infra/modules/tx-node/main.tf deleted file mode 100644 index 417ad339b1e..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/tx-node/main.tf +++ /dev/null @@ -1,106 +0,0 @@ -locals { - attached_disk_name = "celo-data" - #having project in the instance name helps keep you from torching prod when you think you're working on staging - name_prefix = "${var.gcloud_project}-tx-node" -} - -resource "google_compute_address" "tx_node" { - name = "${local.name_prefix}-address-${count.index}-${random_id.tx_node[count.index].hex}" - address_type = "EXTERNAL" - - count = var.tx_node_count - - lifecycle { - create_before_destroy = true - } -} - -resource "google_compute_address" "tx_node_internal" { - name = "${local.name_prefix}-internal-address-${count.index}-${random_id.tx_node[count.index].hex}" - address_type = "INTERNAL" - purpose = "GCE_ENDPOINT" - - count = var.tx_node_count -} - -resource "google_compute_instance" "tx_node" { - name = "${local.name_prefix}-${count.index}" - machine_type = var.instance_type - - deletion_protection = false - - count = var.tx_node_count - - tags = ["${var.celo_env}-txnode"] - - allow_stopping_for_update = true - - boot_disk { - initialize_params { - image = "debian-cloud/debian-10" - size = 12 - } - } - - #375G local SSD is overkill for the txnode. - #scratch_disk { - # interface = "SCSI" - #} - - attached_disk { - source = google_compute_disk.txnode[count.index].self_link - device_name = local.attached_disk_name - } - - network_interface { - network = var.network_name - network_ip = google_compute_address.tx_node_internal[count.index].address - access_config { - nat_ip = google_compute_address.tx_node[count.index].address - } - } - - metadata_startup_script = templatefile( - format("%s/startup.sh", path.module), { - attached_disk_name : local.attached_disk_name, - block_time : var.block_time, - ethstats_host : var.ethstats_host, - geth_exporter_docker_image_repository : var.geth_exporter_docker_image_repository, - geth_exporter_docker_image_tag : var.geth_exporter_docker_image_tag, - geth_node_docker_image_repository : var.geth_node_docker_image_repository, - geth_node_docker_image_tag : var.geth_node_docker_image_tag, - geth_verbosity : var.geth_verbosity, - in_memory_discovery_table : var.in_memory_discovery_table, - ip_address : google_compute_address.tx_node[count.index].address, - max_peers : var.txnode_max_peers, - network_id : var.network_id, - gcloud_project : var.gcloud_project, - reset_geth_data : var.reset_geth_data, - rid : count.index, - attestation_signer_address : var.attestation_signer_addresses[count.index], - attestation_signer_private_key : var.attestation_signer_private_keys[count.index], - attestation_signer_geth_account_secret : var.attestation_signer_account_passwords[count.index], - } - ) - - service_account { - scopes = var.service_account_scopes - } -} - -resource "random_id" "tx_node" { - count = var.tx_node_count - - byte_length = 2 -} - -resource "google_compute_disk" "txnode" { - name = "${local.name_prefix}-celo-data-disk-${count.index}" - count = var.tx_node_count - - #type = "pd-ssd" - type = "pd-standard" #disk I/O doesn't yet warrant SSD backed validators/proxies - # in GB - size = 10 - physical_block_size_bytes = 4096 -} \ No newline at end of file diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/tx-node/outputs.tf b/packages/terraform-modules-public/gcp/celo-infra/modules/tx-node/outputs.tf deleted file mode 100644 index f8749b4ee87..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/tx-node/outputs.tf +++ /dev/null @@ -1,11 +0,0 @@ -output internal_ip_addresses { - value = google_compute_address.tx_node_internal.*.address -} - -output ip_addresses { - value = google_compute_address.tx_node.*.address -} - -output self_links { - value = google_compute_instance.tx_node.*.self_link -} diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/tx-node/startup.sh b/packages/terraform-modules-public/gcp/celo-infra/modules/tx-node/startup.sh deleted file mode 100644 index 435a14abf9d..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/tx-node/startup.sh +++ /dev/null @@ -1,438 +0,0 @@ -#!/bin/bash - - -# ---- Configure logrotate ---- -echo "Configuring logrotate" | logger -cat <<'EOF' > '/etc/logrotate.d/rsyslog' -/var/log/syslog -/var/log/mail.info -/var/log/mail.warn -/var/log/mail.err -/var/log/mail.log -/var/log/daemon.log -/var/log/kern.log -/var/log/auth.log -/var/log/user.log -/var/log/lpr.log -/var/log/cron.log -/var/log/debug -/var/log/messages -{ - rotate 3 - daily - missingok - notifempty - delaycompress - compress - sharedscripts - postrotate - #invoke-rc.d rsyslog rotate > /dev/null # does not work on debian10 - kill -HUP `pidof rsyslogd` - endscript -} -EOF - -# ---- Tune rsyslog to avoid redundantly logging docker output -echo "Updating rsyslog.conf to avoid redundantly logging docker output" -cat <<'EOF' > /etc/rsyslog.conf -# /etc/rsyslog.conf configuration file for rsyslog -# -# For more information install rsyslog-doc and see -# /usr/share/doc/rsyslog-doc/html/configuration/index.html - -################# -#### MODULES #### -################# - -module(load="imuxsock") # provides support for local system logging -module(load="imklog") # provides kernel logging support - -########################### -#### GLOBAL DIRECTIVES #### -########################### - -# -# Use traditional timestamp format. -# To enable high precision timestamps, comment out the following line. -# -$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat - -# -# Set the default permissions for all log files. -# -$FileOwner root -$FileGroup adm -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 - -# -# Where to place spool and state files -# -$WorkDirectory /var/spool/rsyslog - -# -# Include all config files in /etc/rsyslog.d/ -# -$IncludeConfig /etc/rsyslog.d/*.conf - - -############### -#### RULES #### -############### - -# -# First some standard log files. Log by facility. -# -auth,authpriv.* /var/log/auth.log -*.*;auth,authpriv.none -/var/log/syslog -kern.* -/var/log/kern.log - - -# -# Some "catch-all" log files. -# -*.=debug;\ - auth,authpriv.none;\ - news.none;mail.none -/var/log/debug -*.=info;*.=notice;*.=warn;\ - auth,authpriv.none;\ - cron,daemon.none;\ - mail,news.none -/var/log/messages - -# -# Emergencies are sent to everybody logged in. -# -*.emerg :omusrmsg:* -EOF - -# ---- Restart rsyslogd -echo "Restarting rsyslogd" -systemctl restart rsyslog - -# ---- Create backup script -echo "Creating chaindata backup script" | logger -cat <<'EOF' > /root/backup.sh -#!/bin/bash -# This script stops geth, tars up the chaindata (with gzip compression), and copies it to GCS. -# The 'chaindata' GCS bucket has versioning enabled, so if a corrupted tarball is uploaded, an older version can be selected for restore. -# This takes quit some time, and takes quite a bit of local disk. -# The rsync variant (below) is more efficient, but tarballs are more portable. -set -x - -echo "Starting chaindata backup" | logger -systemctl stop geth.service -sleep 5 -tar -C /root/.celo/celo -zcvf /root/.celo/celo/chaindata.tgz chaindata -gsutil cp /root/.celo/celo/chaindata.tgz gs://${gcloud_project}-chaindata -rm -f /root/.celo/celo/chaindata.tgz -echo "Chaindata backup completed" | logger -sleep 3 -systemctl start geth.service -EOF -chmod u+x /root/backup.sh - -# ---- Create rsync backup script -echo "Creating rsync chaindata backup script" | logger -cat <<'EOF' > /root/backup_rsync.sh -#!/bin/bash -# This script stops geth, and uses rsync to copy chaindata to GCS. -set -x -CELO_DIR="/root/.celo/celo" - -echo "Starting rsync chaindata backup" | logger -systemctl stop geth.service -sleep 5 -gsutil -m rsync -d -r /root/.celo/celo/chaindata gs://${gcloud_project}-chaindata-rsync -echo "rsync chaindata backup completed" | logger -sleep 3 -systemctl start geth.service -EOF -chmod u+x /root/backup_rsync.sh - -# ---- Add backups to cron -# note that this will make the txnode unavailable during the backup, so do not run on prod systems -cat <<'EOF' > /root/backup.crontab -# m h dom mon dow command -# backup full tarball once a week at 00:57 -#57 0 * * 0 /root/backup.sh > /dev/null 2>&1 -# backup via rsync run every day at 00:17 -#17 0 * * * /root/backup_rsync.sh > /dev/null 2>&1 -EOF -#/usr/bin/crontab /root/backup.crontab - -# ---- Create restore script -echo "Creating chaindata restore script" | logger -cat <<'EOF' > /root/restore.sh -#!/bin/bash -set -x - -# test to see if chaindata exists in bucket -gsutil -q stat gs://${gcloud_project}-chaindata/chaindata.tgz -if [ $? -eq 0 ] -then - #chaindata exists in bucket - mkdir -p /root/.celo/celo - mkdir -p /root/.celo/celo/restore - echo "downloading chaindata from gs://${gcloud_project}-chaindata/chaindata.tgz" | logger - gsutil cp gs://${gcloud_project}-chaindata/chaindata.tgz /root/.celo/celo/restore/chaindata.tgz - echo "stopping geth to untar chaindata" | logger - systemctl stop geth.service - sleep 3 - echo "Deleting old chaindata" | logger - rm -rf /root/.celo/celo/chaindata/* - echo "untarring chaindata" | logger - tar zxvf /root/.celo/celo/restore/chaindata.tgz --directory /root/.celo/celo - echo "removing chaindata tarball" | logger - rm -rf /root/.celo/celo/restore/chaindata.tgz - sleep 3 - echo "starting geth" | logger - systemctl start geth.service - else - echo "No chaindata.tgz found in bucket gs://${gcloud_project}-chaindata, aborting warp restore" | logger - fi -EOF -chmod u+x /root/restore.sh - -# ---- Create rsync restore script -echo "Creating rsync chaindata restore script" | logger -cat <<'EOF' > /root/restore_rsync.sh -#!/bin/bash -set -x - -# test to see if chaindata exists in the rsync chaindata bucket -gsutil -q stat gs://${gcloud_project}-chaindata-rsync/CURRENT -if [ $? -eq 0 ] -then - #chaindata exists in bucket - echo "stopping geth" | logger - systemctl stop geth.service - echo "downloading chaindata via rsync from gs://${gcloud_project}-chaindata-rsync" | logger - mkdir -p /root/.celo/celo/chaindata - gsutil -m rsync -d -r gs://${gcloud_project}-chaindata-rsync /root/.celo/celo/chaindata - echo "restarting geth" | logger - sleep 3 - systemctl start geth.service - else - echo "No chaindata found in bucket gs://${gcloud_project}-chaindata-rsync, aborting warp restore" | logger - fi -EOF -chmod u+x /root/restore_rsync.sh - -# ---- Useful aliases ---- -echo "Configuring aliases" | logger -echo "alias ll='ls -laF'" >> /etc/skel/.bashrc -echo "alias ll='ls -laF'" >> /root/.bashrc -echo "alias gattach='docker exec -it geth geth attach'" >> /etc/skel/.bashrc - -# ---- Install Stackdriver Agent -echo "Installing Stackdriver agent" | logger -curl -sSO https://dl.google.com/cloudagents/add-monitoring-agent-repo.sh -bash add-monitoring-agent-repo.sh -apt update -y -apt install -y stackdriver-agent -systemctl restart stackdriver-agent - -# ---- Install Fluent Log Collector -echo "Installing google fluent log collector agent" | logger -curl -sSO https://dl.google.com/cloudagents/add-logging-agent-repo.sh -bash add-logging-agent-repo.sh -apt update -y -apt install -y google-fluentd -apt install -y google-fluentd-catch-all-config-structured -systemctl restart google-fluentd - -# ---- Set Up Persistent Disk ---- - -# gives a path similar to `/dev/sdb` -DISK_PATH=$(readlink -f /dev/disk/by-id/google-${attached_disk_name}) -DATA_DIR=/root/.celo - -echo "Setting up persistent disk ${attached_disk_name} at $DISK_PATH..." - -DISK_FORMAT=ext4 -CURRENT_DISK_FORMAT=$(lsblk -i -n -o fstype $DISK_PATH) - -echo "Checking if disk $DISK_PATH format $CURRENT_DISK_FORMAT matches desired $DISK_FORMAT..." - -# If the disk has already been formatted previously (this will happen -# if this instance has been recreated with the same disk), we skip formatting -if [[ $CURRENT_DISK_FORMAT == $DISK_FORMAT ]]; then - echo "Disk $DISK_PATH is correctly formatted as $DISK_FORMAT" -else - echo "Disk $DISK_PATH is not formatted correctly, formatting as $DISK_FORMAT..." - mkfs.ext4 -m 0 -F -E lazy_itable_init=0,lazy_journal_init=0,discard $DISK_PATH -fi - -# Mounting the volume -echo "Mounting $DISK_PATH onto $DATA_DIR" -mkdir -p $DATA_DIR -DISK_UUID=$(blkid $DISK_PATH | cut -d '"' -f2) -echo "UUID=$DISK_UUID $DATA_DIR auto discard,defaults 0 0" >> /etc/fstab -mount $DATA_DIR - -# ---- Setup swap -echo "Setting up swapfile" | logger -fallocate -l 4G /root/.celo/swapfile -chmod 600 /root/.celo/swapfile -mkswap /root/.celo/swapfile -swapon /root/.celo/swapfile -swapon -s - -# Remove existing chain data -[[ ${reset_geth_data} == "true" ]] && rm -rf $DATA_DIR/geth -mkdir -p $DATA_DIR/account - -# ---- Install Docker ---- - -echo "Installing Docker..." | logger -apt update -y && apt upgrade -y -apt install -y apt-transport-https ca-certificates curl software-properties-common gnupg2 htop screen -curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - -add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" -apt update -y && apt upgrade -y -apt install -y docker-ce -apt upgrade -y -systemctl start docker - -# ---- Config /etc/screenrc ---- -echo "Configuring /etc/screenrc" | logger -cat <<'EOF' >> '/etc/screenrc' -bindkey -k k1 select 1 # F1 = screen 1 -bindkey -k k2 select 2 # F2 = screen 2 -bindkey -k k3 select 3 # F3 = screen 3 -bindkey -k k4 select 4 # F4 = screen 4 -bindkey -k k5 select 5 # F5 = screen 5 -bindkey -k k6 select 6 # F6 = screen 6 -bindkey -k k7 select 7 # F7 = screen 7 -bindkey -k k8 select 8 # F8 = screen 8 -bindkey -k k9 select 9 # F9 = screen 9 -bindkey -k F1 prev # F11 = prev -bindkey -k F2 next # F12 = next -EOF - -echo "Configuring Docker..." | logger -cat <<'EOF' > '/etc/docker/daemon.json' -{ - "log-driver": "json-file", - "log-opts": { - "max-size": "10m", - "max-file": "3", - "mode": "non-blocking" - } -} -EOF - -echo "Restarting docker" | logger -systemctl restart docker - -# ---- Set Up and Run Geth ---- - -echo "Configuring Geth" | logger - -GETH_NODE_DOCKER_IMAGE=${geth_node_docker_image_repository}:${geth_node_docker_image_tag} - -echo "Pulling geth..." -docker pull $GETH_NODE_DOCKER_IMAGE - -IN_MEMORY_DISCOVERY_TABLE_FLAG="" -[[ ${in_memory_discovery_table} == "true" ]] && IN_MEMORY_DISCOVERY_TABLE_FLAG="--use-in-memory-discovery-table" - -# Load configuration to files -mkdir -p $DATA_DIR/account - -echo -n '${rid}' > $DATA_DIR/replica_id -echo -n '${ip_address}' > $DATA_DIR/ipAddress -echo -n '${attestation_signer_geth_account_secret}' > $DATA_DIR/account/accountSecret -echo -n '${attestation_signer_private_key}' > $DATA_DIR/pkey - -echo "Starting geth..." | logger -# We need to override the entrypoint in the geth image (which is originally `geth`). -# `geth account import` fails when the account has already been imported. In -# this case, we do not want to pipefail - -docker run \ - --rm \ - --net=host \ - -v $DATA_DIR:$DATA_DIR \ - --entrypoint /bin/sh \ - -i $GETH_NODE_DOCKER_IMAGE \ - -c "geth account import --password $DATA_DIR/account/accountSecret $DATA_DIR/pkey | true" - -cat </etc/systemd/system/geth.service -[Unit] -Description=Docker Container %N -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStart=/usr/bin/docker run \\ - --rm \\ - --name geth \\ - --net=host \\ - -v $DATA_DIR:$DATA_DIR \\ - --entrypoint /bin/sh \\ - $GETH_NODE_DOCKER_IMAGE -c "\\ - geth \\ - --etherbase ${attestation_signer_address} \\ - --unlock ${attestation_signer_address} \\ - --password $DATA_DIR/account/accountSecret \\ - --allow-insecure-unlock \\ - --nousb \\ - --maxpeers ${max_peers} \\ - --rpc \\ - --rpcaddr 0.0.0.0 \\ - --rpcapi=eth,net,web3 \\ - --rpccorsdomain='*' \\ - --rpcvhosts=* \\ - --ws \\ - --wsaddr 0.0.0.0 \\ - --wsorigins=* \\ - --wsapi=eth,net,web3 \\ - --nodekey=$DATA_DIR/pkey \\ - --networkid=${network_id} \\ - --syncmode=full \\ - --consoleformat=json \\ - --consoleoutput=stdout \\ - --verbosity=${geth_verbosity} \\ - --nat=extip:${ip_address} \\ - --metrics \\ - --pprof \\ - $IN_MEMORY_DISCOVERY_TABLE_FLAG \\ - --light.serve 0 \\ - --syncmode lightest \\ - " -ExecStop=/usr/bin/docker stop -t 60 %N - -[Install] -WantedBy=default.target -EOF - -echo "Starting Geth" | logger -systemctl daemon-reload -systemctl enable geth.service - -echo "Adding DC to docker group" | logger -usermod -aG docker dc - -# note that we no longer restore chaindata since txnode is now using syncmode=lightest -# --- run restore script -# this script tries to restore chaindata from a GCS hosted tarball. -# if the chaindata doesn't exist on GCS, geth will start normal (slow) p2p sync -#echo "Restoring chaindata from backup tarball" | logger -#bash /root/restore.sh - -# todo: add some logic to look at the chaindata tarball bucket versus the rsync bucket and pick the best one. -# for now we try both, with rsync taking precedence b/c it runs last. - -# --- run rsync restore script -# this script tries to restore chaindata from a GCS hosted bucket via rsync. -# if the chaindata doesn't exist on GCS, geth will start normal (slow) p2p sync, perhaps boosted by what the tarball provided -#echo "Restoring chaindata from backup via rsync" | logger -#bash /root/restore_rsync.sh - -#--- remove compilers -echo "Removing compilers" | logger -sudo apt remove -y build-essential gcc make linux-compiler-gcc-8-x86 cpp -sudo apt -y autoremove \ No newline at end of file diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/tx-node/variables.tf b/packages/terraform-modules-public/gcp/celo-infra/modules/tx-node/variables.tf deleted file mode 100644 index 8b200e57cd6..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/tx-node/variables.tf +++ /dev/null @@ -1,112 +0,0 @@ -variable block_time { - type = number - description = "Number of seconds between each block" -} - -variable celo_env { - type = string - description = "Name of the Celo environment" -} - -variable gcloud_project { - type = string - description = "Name of the Google Cloud project to use" -} - -variable instance_type { - description = "The instance type" - type = string - default = "n1-standard-1" -} - -variable ethstats_host { - type = string - description = "Ethstats url or IP address" -} - -#variable genesis_content_base64 { -# type = string -# description = "Content of the genesis file encoded in base64" -#} - -variable geth_exporter_docker_image_repository { - type = string - description = "Repository of the geth exporter docker image" -} - -variable geth_exporter_docker_image_tag { - type = string - description = "Tag of the geth exporter docker image" -} - -variable geth_node_docker_image_repository { - type = string - description = "Repository of the geth docker image" -} - -variable geth_node_docker_image_tag { - type = string - description = "Tag of the geth docker image" -} - -variable geth_verbosity { - type = number - description = "Verbosity of the tx-nodes" -} - -variable in_memory_discovery_table { - type = bool - description = "Specifies whether to use an in memory discovery table" -} - -variable network_id { - type = number - description = "The network ID number" -} - -variable network_name { - type = string - description = "Name of the GCP network the tx-node VM is in" -} - -variable tx_node_count { - type = number - description = "Number of tx-nodes to create" -} - -#variable bootnodes_base64 { -# type = string -# description = "Bootnodes ethereum address encoded as base64" -#} - -variable reset_geth_data { - type = bool - description = "Specifies if the existing chain data should be removed while creating the instance" - default = true -} - -variable txnode_max_peers { - type = number - description = "Max number of peers to connect with" - default = 120 -} - -variable attestation_signer_addresses { - type = list(string) - description = "The address to use for signing attestation requests" -} - -variable attestation_signer_account_passwords { - type = list(string) - description = "Array with the attestation_signer account passwords" -} - -variable attestation_signer_private_keys { - type = list(string) - description = "Array with the attestation_signer private keys" -} - -variable service_account_scopes { - type = list(string) - description = "Scopes to apply to the service account which all nodes in the cluster will inherit" -} \ No newline at end of file diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/validator/main.tf b/packages/terraform-modules-public/gcp/celo-infra/modules/validator/main.tf deleted file mode 100644 index 5b0354f3b46..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/validator/main.tf +++ /dev/null @@ -1,86 +0,0 @@ -locals { - attached_disk_name = "celo-data" - #name_prefix = "${var.celo_env}-validator" - name_prefix = "${var.gcloud_project}-validator" -} - -resource "google_compute_address" "validator_internal" { - name = "${local.name_prefix}-internal-address-${count.index}" - address_type = "INTERNAL" - purpose = "GCE_ENDPOINT" - - count = var.validator_count -} - -resource "google_compute_instance" "validator" { - name = "${local.name_prefix}-${count.index}" - machine_type = var.instance_type - - #deletion_protection = false - deletion_protection = true - - count = var.validator_count - - tags = ["${var.celo_env}-validator"] - - allow_stopping_for_update = true - - boot_disk { - initialize_params { - image = "debian-cloud/debian-10" - } - } - - attached_disk { - source = google_compute_disk.validator[count.index].self_link - device_name = local.attached_disk_name - } - - network_interface { - network = var.network_name - network_ip = google_compute_address.validator_internal[count.index].address - } - - metadata_startup_script = templatefile( - format("%s/startup.sh", path.module), { - attached_disk_name : local.attached_disk_name, - block_time : var.block_time, - ethstats_host : var.ethstats_host, - geth_exporter_docker_image_repository : var.geth_exporter_docker_image_repository, - geth_exporter_docker_image_tag : var.geth_exporter_docker_image_tag, - geth_node_docker_image_repository : var.geth_node_docker_image_repository, - geth_node_docker_image_tag : var.geth_node_docker_image_tag, - geth_verbosity : var.geth_verbosity, - in_memory_discovery_table : var.in_memory_discovery_table, - ip_address : google_compute_address.validator_internal[count.index].address, - istanbul_request_timeout_ms : var.istanbul_request_timeout_ms, - max_peers : var.validator_max_peers, - network_id : var.network_id, - gcloud_project : var.gcloud_project, - rid : count.index, - validator_name : var.validator_name, - validator_account_address : var.validator_signer_account_addresses[count.index], - validator_private_key : var.validator_signer_private_keys[count.index], - validator_geth_account_secret : var.validator_signer_account_passwords[count.index], - proxy_enode : var.proxy_enodes[count.index], - proxy_internal_ip : var.proxy_internal_ips[count.index], - proxy_external_ip : var.proxy_external_ips[count.index], - reset_geth_data : var.reset_geth_data - } - ) - - service_account { - scopes = var.service_account_scopes - } -} - -resource "google_compute_disk" "validator" { - name = "${local.name_prefix}-celo-data-disk-${count.index}" - count = var.validator_count - - #type = "pd-ssd" - type = "pd-standard" #disk I/O doesn't yet warrant SSD backed validators/proxies - # in GB - size = 50 - physical_block_size_bytes = 4096 -} diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/validator/outputs.tf b/packages/terraform-modules-public/gcp/celo-infra/modules/validator/outputs.tf deleted file mode 100644 index 36040dbb6ab..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/validator/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output internal_ip_addresses { - value = google_compute_address.validator_internal.*.address -} diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/validator/startup.sh b/packages/terraform-modules-public/gcp/celo-infra/modules/validator/startup.sh deleted file mode 100644 index bf63d5e61dc..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/validator/startup.sh +++ /dev/null @@ -1,405 +0,0 @@ -#!/bin/bash - -# ---- Configure logrotate ---- -echo "Configuring logrotate" | logger -cat <<'EOF' > '/etc/logrotate.d/rsyslog' -/var/log/syslog -/var/log/mail.info -/var/log/mail.warn -/var/log/mail.err -/var/log/mail.log -/var/log/daemon.log -/var/log/kern.log -/var/log/auth.log -/var/log/user.log -/var/log/lpr.log -/var/log/cron.log -/var/log/debug -/var/log/messages -{ - rotate 3 - daily - missingok - notifempty - delaycompress - compress - sharedscripts - postrotate - #invoke-rc.d rsyslog rotate > /dev/null # does not work on debian10 - kill -HUP `pidof rsyslogd` - endscript -} -EOF - -# ---- Tune rsyslog to avoid redundantly logging docker output -echo "Updating rsyslog.conf to avoid redundantly logging docker output" -cat <<'EOF' > /etc/rsyslog.conf -# /etc/rsyslog.conf configuration file for rsyslog -# -# For more information install rsyslog-doc and see -# /usr/share/doc/rsyslog-doc/html/configuration/index.html - -################# -#### MODULES #### -################# - -module(load="imuxsock") # provides support for local system logging -module(load="imklog") # provides kernel logging support - -########################### -#### GLOBAL DIRECTIVES #### -########################### - -# -# Use traditional timestamp format. -# To enable high precision timestamps, comment out the following line. -# -$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat - -# -# Set the default permissions for all log files. -# -$FileOwner root -$FileGroup adm -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 - -# -# Where to place spool and state files -# -$WorkDirectory /var/spool/rsyslog - -# -# Include all config files in /etc/rsyslog.d/ -# -$IncludeConfig /etc/rsyslog.d/*.conf - - -############### -#### RULES #### -############### - -# -# First some standard log files. Log by facility. -# -auth,authpriv.* /var/log/auth.log -*.*;auth,authpriv.none -/var/log/syslog -kern.* -/var/log/kern.log - - -# -# Some "catch-all" log files. -# -*.=debug;\ - auth,authpriv.none;\ - news.none;mail.none -/var/log/debug -*.=info;*.=notice;*.=warn;\ - auth,authpriv.none;\ - cron,daemon.none;\ - mail,news.none -/var/log/messages - -# -# Emergencies are sent to everybody logged in. -# -*.emerg :omusrmsg:* -EOF - -# ---- Restart rsyslogd -echo "Restarting rsyslogd" -systemctl restart rsyslog - -# ---- Create restore script -echo "Creating chaindata restore script" | logger -cat <<'EOF' > /root/restore.sh -#!/bin/bash -set -x - -# test to see if chaindata exists in bucket -gsutil -q stat gs://${gcloud_project}-chaindata/chaindata.tgz -if [ $? -eq 0 ] -then - #chaindata exists in bucket - mkdir -p /root/.celo/celo - mkdir -p /root/.celo/celo/restore - echo "downloading chaindata from gs://${gcloud_project}-chaindata/chaindata.tgz" | logger - gsutil cp gs://${gcloud_project}-chaindata/chaindata.tgz /root/.celo/celo/restore/chaindata.tgz - echo "stopping geth to untar chaindata" | logger - systemctl stop geth.service - sleep 3 - echo "Deleting old chaindata" | logger - rm -rf /root/.celo/celo/chaindata/* - echo "untarring chaindata" | logger - tar zxvf /root/.celo/celo/restore/chaindata.tgz --directory /root/.celo/celo - echo "removing chaindata tarball" | logger - rm -rf /root/.celo/celo/restore/chaindata.tgz - sleep 3 - echo "starting geth" | logger - systemctl start geth.service - else - echo "No chaindata.tgz found in bucket gs://${gcloud_project}-chaindata, aborting warp restore" | logger - fi -EOF -chmod u+x /root/restore.sh - -# ---- Create rsync restore script -echo "Creating rsync chaindata restore script" | logger -cat <<'EOF' > /root/restore_rsync.sh -#!/bin/bash -set -x - -# test to see if chaindata exists in the rsync chaindata bucket -gsutil -q stat gs://${gcloud_project}-chaindata-rsync/CURRENT -if [ $? -eq 0 ] -then - #chaindata exists in bucket - echo "stopping geth" | logger - systemctl stop geth.service - echo "downloading chaindata via rsync from gs://${gcloud_project}-chaindata-rsync" | logger - mkdir -p /root/.celo/celo/chaindata - gsutil -m rsync -d -r gs://${gcloud_project}-chaindata-rsync /root/.celo/celo/chaindata - echo "restarting geth" | logger - sleep 3 - systemctl start geth.service - else - echo "No chaindata found in bucket gs://${gcloud_project}-chaindata-rsync, aborting warp restore" | logger - fi -EOF -chmod u+x /root/restore_rsync.sh - -# ---- Useful aliases ---- -echo "Configuring aliases" | logger -echo "alias ll='ls -laF'" >> /etc/skel/.bashrc -echo "alias ll='ls -laF'" >> /root/.bashrc -echo "alias gattach='docker exec -it geth geth attach'" >> /etc/skel/.bashrc - -# ---- Install Stackdriver Agent -echo "Installing Stackdriver agent" | logger -curl -sSO https://dl.google.com/cloudagents/add-monitoring-agent-repo.sh -bash add-monitoring-agent-repo.sh -apt update -y -apt install -y stackdriver-agent -systemctl restart stackdriver-agent - -# ---- Install Fluent Log Collector -echo "Installing google fluent log collector agent" | logger -curl -sSO https://dl.google.com/cloudagents/add-logging-agent-repo.sh -bash add-logging-agent-repo.sh -apt update -y -apt install -y google-fluentd -apt install -y google-fluentd-catch-all-config-structured -systemctl restart google-fluentd - -# ---- Set Up Persistent Disk ---- - -# gives a path similar to `/dev/sdb` -DISK_PATH=$(readlink -f /dev/disk/by-id/google-${attached_disk_name}) -DATA_DIR=/root/.celo - -echo "Setting up persistent disk ${attached_disk_name} at $DISK_PATH..." - -DISK_FORMAT=ext4 -CURRENT_DISK_FORMAT=$(lsblk -i -n -o fstype $DISK_PATH) - -echo "Checking if disk $DISK_PATH format $CURRENT_DISK_FORMAT matches desired $DISK_FORMAT..." - -# If the disk has already been formatted previously (this will happen -# if this instance has been recreated with the same disk), we skip formatting -if [[ $CURRENT_DISK_FORMAT == $DISK_FORMAT ]]; then - echo "Disk $DISK_PATH is correctly formatted as $DISK_FORMAT" -else - echo "Disk $DISK_PATH is not formatted correctly, formatting as $DISK_FORMAT..." - mkfs.ext4 -m 0 -F -E lazy_itable_init=0,lazy_journal_init=0,discard $DISK_PATH -fi - -# Mounting the volume -echo "Mounting $DISK_PATH onto $DATA_DIR" -mkdir -p $DATA_DIR -DISK_UUID=$(blkid $DISK_PATH | cut -d '"' -f2) -echo "UUID=$DISK_UUID $DATA_DIR auto discard,defaults 0 0" >> /etc/fstab -mount $DATA_DIR - -# ---- Setup swap -echo "Setting up swapfile" | logger -fallocate -l 4G /root/.celo/swapfile -chmod 600 /root/.celo/swapfile -mkswap /root/.celo/swapfile -swapon /root/.celo/swapfile -swapon -s - -# Remove existing chain data -[[ ${reset_geth_data} == "true" ]] && rm -rf $DATA_DIR/geth -mkdir -p $DATA_DIR/account - -# ---- Install Docker ---- - -echo "Installing Docker..." | logger -apt update -y && apt upgrade -y -apt install -y apt-transport-https ca-certificates curl software-properties-common gnupg2 htop screen -curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - -add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" -apt update -y && apt upgrade -y -apt install -y docker-ce -apt upgrade -y -systemctl start docker - -# ---- Config /etc/screenrc ---- -echo "Configuring /etc/screenrc" | logger -cat <<'EOF' >> '/etc/screenrc' -bindkey -k k1 select 1 # F1 = screen 1 -bindkey -k k2 select 2 # F2 = screen 2 -bindkey -k k3 select 3 # F3 = screen 3 -bindkey -k k4 select 4 # F4 = screen 4 -bindkey -k k5 select 5 # F5 = screen 5 -bindkey -k k6 select 6 # F6 = screen 6 -bindkey -k k7 select 7 # F7 = screen 7 -bindkey -k k8 select 8 # F8 = screen 8 -bindkey -k k9 select 9 # F9 = screen 9 -bindkey -k F1 prev # F11 = prev -bindkey -k F2 next # F12 = next -EOF - -echo "Configuring Docker..." | logger -cat <<'EOF' > '/etc/docker/daemon.json' -{ - "log-driver": "json-file", - "log-opts": { - "max-size": "10m", - "max-file": "3", - "mode": "non-blocking" - } -} -EOF - -echo "Restarting docker" | logger -systemctl restart docker - -# ---- Set Up and Run Geth ---- - -echo "Configuring Geth" | logger - -GETH_NODE_DOCKER_IMAGE=${geth_node_docker_image_repository}:${geth_node_docker_image_tag} - -ACCOUNT_ADDRESS=${validator_account_address} -echo "Address: $ACCOUNT_ADDRESS" - -echo "Proxy enode address: ${proxy_enode}" -echo "Proxy internal ip address: ${proxy_internal_ip}" -echo "Proxy external ip address: ${proxy_external_ip}" -PROXY_INTERNAL_ENODE="enode://${proxy_enode}@${proxy_internal_ip}:30503" -PROXY_EXTERNAL_ENODE="enode://${proxy_enode}@${proxy_external_ip}:30303" - -PROXY_URL="$PROXY_INTERNAL_ENODE;$PROXY_EXTERNAL_ENODE" -echo "Proxy URL: $PROXY_URL" - -echo "Pulling geth..." | logger -docker pull $GETH_NODE_DOCKER_IMAGE - -IN_MEMORY_DISCOVERY_TABLE_FLAG="" -[[ ${in_memory_discovery_table} == "true" ]] && IN_MEMORY_DISCOVERY_TABLE_FLAG="--use-in-memory-discovery-table" - -# Load configuration to files -echo -n '${rid}' > $DATA_DIR/replica_id -echo -n '${ip_address}' > $DATA_DIR/ipAddress -echo -n '${validator_private_key}' > $DATA_DIR/pkey -echo -n '${validator_account_address}' > $DATA_DIR/address -echo -n '${proxy_enode}' > $DATA_DIR/proxyEnodeAddress -echo -n '$PROXY_URL' > $DATA_DIR/proxyURL -echo -n '${validator_geth_account_secret}' > $DATA_DIR/account/accountSecret -echo -n $PROXY_INTERNAL_ENODE > /root/.celo/proxyInternalEnode -echo -n $PROXY_EXTERNAL_ENODE > /root/.celo/proxyExternalEnode - -echo "Starting geth..." | logger -# We need to override the entrypoint in the geth image (which is originally `geth`). -# `geth account import` fails when the account has already been imported. In -# this case, we do not want to pipefail - -docker run \ - --rm \ - --net=host \ - -v $DATA_DIR:$DATA_DIR \ - --entrypoint /bin/sh \ - -i $GETH_NODE_DOCKER_IMAGE \ - -c "geth account import --password $DATA_DIR/account/accountSecret $DATA_DIR/pkey | true" - -cat </etc/systemd/system/geth.service -[Unit] -Description=Docker Container %N -Requires=docker.service -After=docker.service - -[Service] -Restart=always -ExecStart=/usr/bin/docker run \\ - --rm \\ - --name geth \\ - --net=host \\ - -v $DATA_DIR:$DATA_DIR \\ - --entrypoint /bin/sh \\ - $GETH_NODE_DOCKER_IMAGE -c "\\ - geth \\ - --etherbase=$ACCOUNT_ADDRESS \\ - --password=$DATA_DIR/account/accountSecret \\ - --unlock=$ACCOUNT_ADDRESS \\ - --allow-insecure-unlock \\ - --nousb \\ - --mine \\ - --rpc \\ - --rpcaddr 0.0.0.0 \\ - --rpcapi=eth,net,web3 \\ - --rpccorsdomain='*' \\ - --rpcvhosts=* \\ - --ws \\ - --wsaddr 0.0.0.0 \\ - --wsorigins=* \\ - --wsapi=eth,net,web3 \\ - --networkid=${network_id} \\ - --syncmode=full \\ - --consoleformat=json \\ - --consoleoutput=stdout \\ - --verbosity=${geth_verbosity} \\ - --ethstats=${validator_name}@${ethstats_host} \\ - --istanbul.blockperiod=${block_time} \\ - --istanbul.requesttimeout=${istanbul_request_timeout_ms} \\ - --maxpeers=${max_peers} \\ - --nat=extip:${ip_address} \\ - --metrics \\ - --pprof \\ - $IN_MEMORY_DISCOVERY_TABLE_FLAG \\ - --nodiscover \\ - --proxy.proxied \\ - --proxy.proxyenodeurlpairs=\\"$PROXY_URL\\" \\ - --light.serve 0 \\ - " -ExecStop=/usr/bin/docker stop -t 60 %N - -[Install] -WantedBy=default.target -EOF - -echo "Starting Geth" | logger -systemctl daemon-reload -systemctl enable geth.service - -echo "Adding DC to docker group" | logger -usermod -aG docker dc - -# --- run restore script -# this script tries to restore chaindata from a GCS hosted tarball. -# if the chaindata doesn't exist on GCS, geth will start normal (slow) p2p sync -echo "Restoring chaindata from backup tarball" | logger -bash /root/restore.sh - -# todo: add some logic to look at the chaindata tarball bucket versus the rsync bucket and pick the best one. -# for now we try both, with rsync taking precedence b/c it runs last. - -# --- run rsync restore script -# this script tries to restore chaindata from a GCS hosted bucket via rsync. -# if the chaindata doesn't exist on GCS, geth will start normal (slow) p2p sync, perhaps boosted by what the tarball provided -echo "Restoring chaindata from backup via rsync" | logger -bash /root/restore_rsync.sh - -#--- remove compilers -echo "Removing compilers" | logger -sudo apt remove -y build-essential gcc make linux-compiler-gcc-8-x86 cpp -sudo apt -y autoremove diff --git a/packages/terraform-modules-public/gcp/celo-infra/modules/validator/variables.tf b/packages/terraform-modules-public/gcp/celo-infra/modules/validator/variables.tf deleted file mode 100644 index c09685a5a7d..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/modules/validator/variables.tf +++ /dev/null @@ -1,132 +0,0 @@ -variable block_time { - type = number - description = "Number of seconds between each block" -} - -variable celo_env { - type = string - description = "Name of the Celo environment" -} - -variable gcloud_project { - type = string - description = "Name of the Google Cloud project to use" -} - -variable instance_type { - description = "The instance type" - type = string - default = "n1-standard-2" -} - -variable ethstats_host { - type = string - description = "Celostats url or IP address" -} - -variable geth_exporter_docker_image_repository { - type = string - description = "Repository of the geth exporter docker image" -} - -variable geth_exporter_docker_image_tag { - type = string - description = "Tag of the geth exporter docker image" -} - -variable geth_node_docker_image_repository { - type = string - description = "Repository of the geth docker image" -} - -variable geth_node_docker_image_tag { - type = string - description = "Tag of the geth docker image" -} - -variable geth_verbosity { - type = number - description = "Verbosity of the validator nodes" -} - -variable in_memory_discovery_table { - type = bool - description = "Specifies whether to use an in memory discovery table" -} - -variable istanbul_request_timeout_ms { - type = number - description = "The number of ms for the istanbul request timeout" -} - -variable network_id { - type = number - description = "The network ID number" -} - -variable network_name { - type = string - description = "Name of the GCP network the validator VM is in" -} - -variable tx_node_count { - type = number - description = "Number of tx-nodes that are created" -} - -variable validator_count { - type = number - description = "Number of validators to create" -} - -variable validator_signer_account_addresses { - type = list(string) - description = "Array with the Validator account addresses" -} - -variable validator_signer_private_keys { - type = list(string) - description = "Array with the Validator account private keys" -} - -variable validator_signer_account_passwords { - type = list(string) - description = "Array with the Validator account passwords" -} - -variable proxy_enodes { - type = list(string) - description = "Array list with the proxy enode address (without enode://)" -} - -variable proxy_internal_ips { - type = list(string) - description = "Array list with the proxy internal addresses" -} - -variable proxy_external_ips { - type = list(string) - description = "Array list with the proxy external addresses" -} - -variable reset_geth_data { - type = bool - description = "Specifies if the existing chain data should be removed while creating the instance" - default = true -} - -variable validator_name { - type = string - description = "The validator Name for ethstats" -} - -variable validator_max_peers { - type = number - description = "Max number of peers to connect with" - default = 120 -} - -variable "service_account_scopes" { - description = "Scopes to apply to the service account which all nodes in the cluster will inherit" - type = list(string) -} \ No newline at end of file diff --git a/packages/terraform-modules-public/gcp/celo-infra/outputs.tf b/packages/terraform-modules-public/gcp/celo-infra/outputs.tf deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/packages/terraform-modules-public/gcp/celo-infra/variables.tf b/packages/terraform-modules-public/gcp/celo-infra/variables.tf deleted file mode 100644 index 30e300709d0..00000000000 --- a/packages/terraform-modules-public/gcp/celo-infra/variables.tf +++ /dev/null @@ -1,311 +0,0 @@ -variable block_time { - type = number - description = "Number of seconds between each block" -} - -variable celo_env { - type = string - description = "Name of the testnet Celo environment" -} - -variable ethstats_host { - type = string - description = "Ethstats url or IP address" -} - -variable gcloud_project { - type = string - description = "Name of the Google Cloud project to use" -} - -variable instance_types { - description = "The instance type for each component" - type = map(string) - - default = { - validator = "n1-standard-2" - proxy = "n1-standard-2" - txnode = "n1-standard-1" - attestation_service = "n1-standard-1" - backup_node = "n1-standard-1" - } -} - -variable geth_exporter_docker_image_repository { - type = string - description = "Repository of the geth exporter docker image" -} - -variable geth_exporter_docker_image_tag { - type = string - description = "Tag of the geth exporter docker image" -} - -variable geth_node_docker_image_repository { - type = string - description = "Repository of the geth docker image" -} - -variable geth_node_docker_image_tag { - type = string - description = "Tag of the geth docker image" -} - -variable geth_verbosity { - type = number - description = "Verbosity of all geth nodes" -} - -variable in_memory_discovery_table { - type = bool - description = "Specifies whether to use an in memory discovery table" -} - -variable istanbul_request_timeout_ms { - type = number - description = "The number of ms for the istanbul request timeout" -} - -variable network_id { - type = number - description = "The network ID number" -} - -variable network_name { - type = string - description = "The name of the network to use" -} - -variable tx_node_count { - type = number - description = "Number of tx-nodes to create" -} - -variable backup_node_count { - type = number - description = "Number of backup_nodes to create" -} - -variable validator_count { - type = number - description = "Number of validators to create" -} - -# New vars -variable gcloud_region { - type = string - description = "Name of the Google Cloud region to use" -} - -variable gcloud_zone { - type = string - description = "Name of the Google Cloud zone to use" -} - -variable validator_signer_account_addresses { - type = list(string) - description = "Array with the Validator etherbase account addresses" -} - -variable validator_signer_private_keys { - type = list(string) - description = "Array with the Validator etherbase account private keys" -} - -variable validator_signer_account_passwords { - type = list(string) - description = "Array with the Validator etherbase account passwords" -} - -variable validator_release_gold_addresses { - type = list(string) - description = "Array with the Validator release gold address(es)" -} - -variable proxy_enodes { - type = list(string) - description = "Array list with the proxy enode address (without enode://)" -} - -variable proxy_private_keys { - type = list(string) - description = "Array with the Proxy private keys" -} - -variable proxy_account_passwords { - type = list(string) - description = "Array with the proxy etherbase account passwords" -} - -variable reset_geth_data { - type = bool - description = "Specifies if the existing chain data should be removed while creating the instance" -} - -# Attestation service vars -variable attestation_service_count { - type = number - description = "Number of Attestation Service to deploy" -} - -variable attestation_service_db_username { - type = string - description = "The User for the database" - default = "celo" -} - -variable attestation_service_db_password { - type = string - description = "The password for the database" - default = "secret" -} - -variable attestation_service_docker_image_repository { - type = string - description = "The docker image repository for the attestation service" - default = "" -} - -variable attestation_service_docker_image_tag { - type = string - description = "The docker image tag for the attestation service" - default = "" -} - -variable attestation_signer_addresses { - type = list(string) - description = "The account address for signing the attestations. Must be the address of the associated validator" - default = [""] -} - -variable attestation_signer_private_keys { - type = list(string) - description = "The account private key for signing the attestations. Must be the private key of the associated validator" - default = [""] -} - -variable attestation_signer_account_passwords { - type = list(string) - description = "Array with the attestation_signer account passwords" -} - - -variable attestation_service_celo_provider { - type = string - description = "The URL for the RPC interface for the Celo network" - default = "" -} - -variable attestation_service_sms_providers { - type = string - description = "The SMS Service provider. Must be nexmo or twilio" - default = "" -} - -variable attestation_service_nexmo_key { - type = string - description = "Nexmo api key (check nexmo documentation)" - default = "" -} - -variable attestation_service_nexmo_secret { - type = string - description = "Nexmo api secret (check nexmo documentation)" - default = "" -} - -variable attestation_service_nexmo_blacklist { - type = string - description = "Nexmo blacklisted country codes, separated by comma (check nexmo documentation)" - default = "" -} - -variable attestation_service_nexmo_unsupported_regions { - type = string - description = "Nexmo unsupported country codes, separated by comma (check nexmo documentation)" - default = "" -} - -variable attestation_service_twilio_account_sid { - type = string - description = "Twilio account SID (check twilio documentation)" - default = "" -} - -variable attestation_service_twilio_messaging_service_sid { - type = string - description = "Twilio account messaging service SID (check twilio documentation)" - default = "" -} - -variable attestation_service_twilio_verify_service_sid { - type = string - description = "Twilio account verify service SID (check twilio documentation)" - default = "" -} - -variable attestation_service_twilio_auth_token { - type = string - description = "Twilio account Auth Token (check twilio documentation)" - default = "" -} - -variable attestation_service_twilio_blacklist { - type = string - description = "Twilio blacklisted country codes, separated by comma (check twilio documentation)" - default = "" -} - -variable attestation_service_twilio_unsupported_regions { - type = string - description = "Twilio unsupported country codes, separated by comma (check twilio documentation)" - default = "" -} - -variable attestation_service_messagebird_api_key { - type = string - description = "Messagebird API key" - default = "" -} - -variable attestation_service_messagebird_unsupported_regions { - type = string - description = "Messagebird unsupported country codes, separated by comma (check Messagebird documentation)" - default = "" -} - -variable validator_name { - type = string - description = "The validator Name for ethstats" -} - -variable proxy_name { - type = string - description = "The proxy Name for ethstats" -} - -variable proxy_addresses { - type = list(string) - description = "The proxy address for ethstats" -} - -variable "stackdriver_logging_exclusions" { - description = "List of objects that define logs to exclude on stackdriver" - type = map(object({ - description = string - filter = string - })) -} - -variable "stackdriver_logging_metrics" { - description = "List of objects that define COUNT (DELTA) logging metric filters to apply to Stackdriver to graph and alert on useful signals" - type = map(object({ - description = string - filter = string - })) -} - -variable "service_account_scopes" { - description = "Scopes to apply to the service account which all nodes in the cluster will inherit" - type = list(string) -} \ No newline at end of file diff --git a/packages/terraform-modules-public/gcp/example/README.md b/packages/terraform-modules-public/gcp/example/README.md deleted file mode 100644 index ec311f55364..00000000000 --- a/packages/terraform-modules-public/gcp/example/README.md +++ /dev/null @@ -1,485 +0,0 @@ -# HOWTO - -1. Create and checkout new branch (optional) - - ```console - git checkout -b $new_branch - ``` - - -2. Update gcloud.env - - If starting from scratch, - - ```console - cp gcloud.env.example gcloud.env - ``` - - or just run - - ```console - ./bootstrap.sh - ``` - - which will create gcloud.env for you. - - Now set the project name. If this is a key rotation rather than a fresh install, also comment out the last line, which sets the service account name, e.g. - - `#export TF_VAR_GCP_DEFAULT_SERVICE_ACCOUNT="151785056447-compute@developer.gserviceaccount.com"` - - This account will be created when the project is created, and will be appended to gcloud.env by bootstrap.sh - - -3. Source gcloud.env - - ```console - source gcloud.env - ``` - - So that bootstrap.sh has the env vars it needs to properly provision the project. - - -4. Run bootstrap.sh - - ```console - ./bootstrap.sh - ``` - - This will take awhile, as it enables and configures a series of API's within GCP. - -5. Source gcloud.env again - - This is necessary because bootstrap.sh creates a service account that Terraform needs to know about - - ```console - source gcloud.env - ``` - - ** If storing terraform (tfstate) on GCS, now is a good time to browse to that bucket and remove permissions to the tfstate bucket for 'viewers' and 'editors' of the proejct. This will prevent an attacker who gets code execution on the proxy or validator or txnode or attestation service node from pulling the tfstate from gcs, which is important because the tfstate contains sensitive data such as signing keys ** - - -6. Update terraform.tfvars with the following critical and environment sensitive values: - - ``` - google = { - project = "celo-rc1" - region = "asia-southeast1" - zone = "asia-southeast1-c" - } - - validator_name = "Acme-RC1-Validator" - - proxy_name = "Acme-RC1-Proxy" - - validator_signer_accounts = { - account_addresses = [ - "0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", - ] - private_keys = [ - "cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", - ] - #define your own strong password here - account_passwords = [ - "Iez5lodohzaShap7ohH6ro5ohm9aecaezied4Esii3xeeBo1uxooP6aeluithu0u", - ] - release_gold_addresses = [ - "0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - ] - } - - proxy_accounts = { - - account_addresses = [ - "0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", - ] - private_keys = [ - "10xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", - ] - - #note that complete enode is not revealed from celocli account:new. FIXME - enodes = [ - "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - ] - #define your own strong password here - account_passwords = [ - "oi0ahsas8ahghaaxeenoh0fo7ar2EoFa2aloj2chaveelu6Veegh4ahNgeikaegh", - ] - } - - attestation_signer_accounts = { - account_addresses = [ - "0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxf7", - ] - private_keys = [ - "46xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx58", - ] - #define your own strong password here - account_passwords = [ - "el5Lai2ohvex4ohv1ree9Noo2iethoolae6be0aijeishaemiexohtae3meika2u" - ] - } - - attestation_service_db = { - username = "celo" - #define your own strong password here - password = "Yeu4Chaotoh0eiG4xij2oob5phaekaeGeexel5thoo0xahsha2meihahLohk9wai" - } - - attestation_service_credentials = { - sms_providers = "twilio" - nexmo_key = "" - nexmo_secret = "" - nexmo_blacklist = "" - twilio_account_sid = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - twilio_messaging_service_sid = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - twilio_verify_service_sid = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - twilio_auth_token = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - twilio_blacklist = "" - } - - public_www_fqdn = "www.mysite.org" - ``` - - Note re: proxy enodes: these are critical and tell the validator which proxy to connect to. - - They aren't properly exposed yet by Celocli. - - Until this is resolved you'll need to pull this from the running proxy by running - - ```console - docker exec geth geth --exec "admin.nodeInfo['enode'].split('//')[1].split('@')[0]" attach | tr -d '"' - ``` - - and then updating the enodes value in terraform.tfvars - - We recommend using a unique proxy account address for each new validator. - - For key rotations we do not usually rotate attestation signers. - - The metadata is signed by the group vote signer, so there is no need to update metadata when rotating a validator signer. - -7. Update variables.tf - - Set the quantity of validators as desired. Note that a proxy is created automatically for each validator. This is also where you can adjust instance types to taste. - - -8. Run terraform plan - - ```console - terraform plan - ``` - - This will reveal ~50 some resources to create. - -9. Run terraform apply - - ```console - terraform apply -auto-approve - ``` - - This will create the resources. - -10. Run terraform apply again - - This is necessary because Terraform will error out trying to apply IAM policies to GCS buckets that are created but are waiting for 'eventual consistency' :) - - ```console - terraform apply -auto-approve - ``` - -11. Upload chaindata archive - - In order for this new project to quickly bootstrap nodes, it needs chain data. A GCS bucket has been created for this purpose, but it's empty. There are two ways to deal with this - - 1. Wait for the P2P network to sync, and then run /root/backup.sh or /root/backup_rsync.sh from the tx-node, once the p2p sync is completed. OR - - 2. Upload a tarball of chaindata to the GCS bucket: - - ```console - gsutil cp chaindata.tgz gs://${TF_VAR_project}-chaindata - ``` - - Chaindata inside the tarball (should) include the chaindata directory and all the containing DB files. - - -12. Redeploy nodes quickly - - Now that chaindata exists in the GCS bucket, you can run - - ```console - terraform destroy - ``` - - to destroy existing infrastructure and then run - - ```console - terraform apply -auto-approve - ``` - - to deploy new infrastructure which will be synced much more quickly. - - Note that `terraform destroy` won't destroy the chaindata in the GCS bucket, so can be run safely. Alternatively you can just set node count to 0 in variables.tf and `terraform apply`. - -13. Configure Dashboards - - Even with the Monitoring API enabled, for some reason you still need to go to the [GCP Monitoring Console](https://console.cloud.google.com/monitoring/dashboards) prior to uploading the Celo dashboard configuration. You'll see a modal that says "Finishing Workspace creation". Once this is done and then you can run - - ```console - cd dashboards && gcloud monitoring dashboards create --config-from-file=hud.json - ``` - - Voila, magically a Celo specific dashboard is created. The Celo dashboard is called "HUD", for Heads Up Display. - -14. Generate a proof of possession for the new validator signer - - Familiarize yourself with the [Celo Validator Signer Key Rotation](https://docs.celo.org/validator-guide/summary/key-rotation) docs before continuing. - - The validator signer key needs to be unlocked to complete this next step. You can either do this on the freshly deployed validator instance, or you can do it on your accounts node. Your choice. There are pros and cons to each. Specifically, you shouldn't be SSH'ing into production validators, but similarly the validator signer key shouldn't really be hanging around on the accounts node either. - - Edit [../scripts/generate_pop.sh]. Specifically you need to update the following variables: - - ```bash - SIGNER_TO_AUTHORIZE= - VALIDATOR_ACCOUNT_ADDRESS= - ``` - - Now run the following command, again on a node that has the validator signer key available: - - ```console - ./generate_pop.sh - ``` - - The generate_pop.sh script executes the following commands, which generate a proof of possession and a BLS proof of possession of the validator signer key. - - ```console - docker run -v $PWD:/root/.celo --rm -it $CELO_IMAGE --nousb account proof-of-possession $SIGNER_TO_AUTHORIZE $VALIDATOR_ACCOUNT_ADDRESS - docker run -v $PWD:/root/.celo --rm -it $CELO_IMAGE --nousb account proof-of-possession $SIGNER_TO_AUTHORIZE $VALIDATOR_ACCOUNT_ADDRESS --bls - ``` - - Copy the output of these commands, as we'll need them for the next step, in which these signatures will be used in the next step to authorize the new signer. - -15. Authorize new signer - - Do *not* do this until the new validator and proxy are alive and synced. - Once this step is completed, the new signer will take over for the old one at the beginning of the next epoch. - - Edit [../scripts/authorize_signer.sh]. Specifically you need to update the following variables: - - ```bash - CELO_VALIDATOR_RG_ADDRESS - SIGNER_TO_AUTHORIZE - ``` - - Update the next three variables using output from the previous step: - - ```bash - SIGNER_PROOF_OF_POSSESSION - BLS_PUBLIC_KEY - BLS_PROOF_OF_POSSESSION - ``` - - Note that the `SIGNER_PROOF_OF_POSSESSION` and the `BLS_PROOF_OF_POSSESSION` are the signature and BLS signature outputs from the previous step. - - You may also need to update the `--ledgerCustomAddresses=[1]` parameter to match whichever Ledger slot holds your Validator RG beneficiary key. - - Once you have made 100% sure that the new validator and proxy are ready to take over, run the following command, again on a node that has the validator signer key available: - - ```console - ./authorize_signer.sh - ``` - - This will execute the following command: - - ```console - npx celocli releasegold:authorize --contract $CELO_VALIDATOR_RG_ADDRESS --role validator \ - --signer $SIGNER_TO_AUTHORIZE --signature 0x$SIGNER_PROOF_OF_POSSESSION --blsKey $BLS_PUBLIC_KEY --blsPop $BLS_PROOF_OF_POSSESSION \ - --useLedger --ledgerCustomAddresses=[1] - ``` - -16. Wait for new epoch - - Now sit back, pull up [TheCelo](http://www.thecelo.com/) and wait for the new epoch to roll around. You can track your validator on the [PRL Block Map Site](https://cauldron.pretoriaresearchlab.io/rc1-block-map), and get a visual indication of when your new signer has taken over. - -17. Troubleshooting - - If your new validator isn't signing, check the following: - - * Make sure that both the proxy and the validator are synced. You can verify this in the geth console: - ```console - docker exec -it geth geth attach - eth.syncing - ``` - * Ensure that the validator signer key is unlocked on the validator: - ```console - docker exec -it geth geth attach - personal - ``` - * Ensure that the proxy has >100 peers - ```console - docker exec -it geth geth attach - admin.peers.length - ``` - * Check that the enode variable for the proxy is set correctly in terraform.tfvars. - * Verify network connectivity from the validator to the proxy on tcp/30503 - -18. Attestation Service - - First generate a new account to use for the attestation signer. - - ```console - celocli account:new - ``` - - Use these values for the `attestation_signer_accounts` attributes: - - * account_addresses - * private_keys - * account_passwords - - Put these into terraform.tfvars. - - Now, on a system which has access to the attestation_signer private key, generate a proof of possession for that key as follows: - - ```bash - #!/bin/bash - set -x - - ###### - # use this script on an attestation signer tx-node to generate a proof of possession, needed for key rotation - - CELO_IMAGE=us.gcr.io/celo-org/geth:1.1.0 - CELO_ATTESTATION_SIGNER_ADDRESS=YOUR_ATTESTATION_SIGNER_ADDRESS - CELO_VALIDATOR_RG_ADDRESS=YOUR_VALIDATOR_RELEASE_GOLD_ADDRESS - - # On the Attestation machine - docker run -v $PWD:/root/.celo --rm -it $CELO_IMAGE account proof-of-possession $CELO_ATTESTATION_SIGNER_ADDRESS $CELO_VALIDATOR_RG_ADDRESS - ``` - - Use the generated signature to authorize a new attestation signer as follows: - - ```bash - #!/bin/bash - set -x - - ###### - # use this script to authorize a new attestation signer - # signed by the validator release gold account - - CELO_ATTESTATION_SIGNER_SIGNATURE=YOUR_SIGNATURE_FROM_PREVIOUS_STEP - CELO_ATTESTATION_SIGNER_ADDRESS=YOUR_ATTESTATION_SIGNER_ADDRESS - CELO_VALIDATOR_RG_ADDRESS=YOUR_VALIDATOR_RELEASE_GOLD_ADDRESS - - npx celocli releasegold:authorize --contract $CELO_VALIDATOR_RG_ADDRESS --role attestation --signature 0x$CELO_ATTESTATION_SIGNER_SIGNATURE --signer $CELO_ATTESTATION_SIGNER_ADDRESS --useLedger --ledgerCustomAddresses=[1] - ``` - - 19. Update DNS with public IP of attestation service - - This could be done via terraform down the track. - This DNS name must be used in for the ATTESTATION_URL parameter used in the next step. - - Terminating SSL for the attestation service is presently out of scope for this doc, but can be set up quickly and easily using GCP load balancing, Cloudflare, or nginx as a reverse proxy. - - The attestation service requires that the following routes be exposed to the Internet to function correctly: - * POST /attestations - * POST /test_attestations - * GET /get_attestations - * POST /delivery_status_twilio - * GET /delivery_status_nexmo - * GET /status - * GET /healthz - * GET /metrics - - 20. Validator metadata - - First create validator metadata as follows: - - ```console - celocli account:create-metadata ./validator_metadata.json --from $CELO_VALIDATOR_RG_ADDRESS - ``` - - Claim the validator account on the group account: - - ```celocli account:claim-account ./validator_metadata.json --address $CELO_VALIDATOR_GROUP_RG_ADDRESS --from $CELO_ATTESTATION_SIGNER_ADDRESS``` - - Now claim your attestation URL. Note this must be run on a node that has the attestation signer key unlocked: - - ```console - celocli account:claim-attestation-service-url ./validator_metadata.json --url https://YOUR_ATTESTATION_URL --from $CELO_ATTESTATION_SIGNER_ADDRESS - ``` - - Now register this url on-chain: - ```console - celocli releasegold:set-account --contract $CELO_VALIDATOR_RG_ADDRESS --property metaURL --value "https://YOUR_VALIDATOR_METADATA_URL" - ``` - - Verify that this worked as expected by running: - - ```console - celocli account:get-metadata $CELO_VALIDATOR_RG_ADDRESS - ``` - - Verify that the attestation service works by running: - - ```console - celocli identity:test-attestation-service --from $CELO_ATTESTATION_SIGNER_ADDRESS --phoneNumber "YOUR_PHONE_NUM" --message "hello world" - ``` - - 21. Group metadata - - First create the group metadata - - ```console - celocli account:create-metadata ./group_metadata.json --from $CELO_VALIDATOR_GROUP_RG_ADDRESS - ``` - - Now set the group's name on chain - - ```console - celocli releasegold:set-account --contract $CELO_VALIDATOR_GROUP_RG_ADDRESS --property name --value YourGroupName - ``` - - ```console - celocli account:claim-domain ./group_metadata.json --domain YOURDOMAIN --from $CELO_VALIDATOR_GROUP_SIGNER_ADDRESS --useLedger --ledgerCustomAddresses=[2] - ``` - - This will output your claim signed under the provided signer address. This output should then be recorded via a DNS TXT Record on your domain. - - Now test that the metadata has been created successfully: - - ```console - celocli account:show-metadata ./group_metadata.json - ``` - - Next claim the validator address from the group account: - - ```console - celocli account:claim-account ./group_metadata.json --address $CELO_VALIDATOR_RG_ADDRESS --from $CELO_VALIDATOR_GROUP_SIGNER_ADDRESS --useLedger --ledgerCustomAddresses=[2] - ``` - - Now let's submit the corresponding claim from the validator account on the group account - - ```console - celocli account:claim-account ./validator_metadata.json --address $CELO_VALIDATOR_GROUP_RG_ADDRESS --from $CELO_ATTESTATION_SIGNER_ADDRESS - ```console - - Now upload the validator_metadata.json and group_metadata.json to a publicly available location. - - Finally, test that everything is properly configured: - - ```console - celocli account:get-metadata $CELO_VALIDATOR_GROUP_RG_ADDRESS - celocli account:get-metadata $CELO_VALIDATOR_RG_ADDRESS - ``` - -22. Verify validator and attestation performance - You can see how well your validator group is performing visually by looking at the [Mainnet Block Map](https://cauldron.pretoriaresearchlab.io/block-map) from [Pretoria Research Lab](https://cauldron.pretoriaresearchlab.io/). - - Pretoria has also created an [Attestation Map](https://cauldron.pretoriaresearchlab.io/attestations). - - The cLabs team also has a [firebase dashboard](https://metabase.celo-networks-dev.org/public/dashboard/b0a27650-1d62-4645-81d7-26ff7546ff0d?date_filter=past2weeks~&validator_address=0x474df04481f778b46Fc71204C72B6A8BE396F0FF) that allows you to visualize attestation performance, and also seeks to identify situations in which an attestation failed due to operator (rather than user) error. - -# Areas for improvement -* move sshd to non standard port to reduce brute force noise - - - diff --git a/packages/terraform-modules-public/gcp/example/bootstrap.sh b/packages/terraform-modules-public/gcp/example/bootstrap.sh deleted file mode 100755 index b01c26fab03..00000000000 --- a/packages/terraform-modules-public/gcp/example/bootstrap.sh +++ /dev/null @@ -1,128 +0,0 @@ -#!/bin/bash -set -x - -########## -# this will create a new project in GCP, and prepare the service account for it as well as necessary API's -# best practice is to use a separate git branch for each environment (eg blue/green) -# dependencies: gcloud cli, terraform cli - -GCLOUD_ENV_FILE="gcloud.env" - -echo "Sourcing gcloud env vars from gcloud.env." -if [ -f gcloud.env ]; then - source gcloud.env -else - cat <<'EOF' > $GCLOUD_ENV_FILE - export TF_VAR_org_id=YOUR_GCLOUD_ORG_ID - export TF_VAR_billing_account=YOUR_GCLOUD_BILLING_ACCOUNT_ID - export TF_VAR_project=YOUR_TERRAFORM_PROJECT_NAME - export TF_CREDS=~/.config/gcloud/${USER}-${TF_VAR_project}.json - export GOOGLE_APPLICATION_CREDENTIALS=${TF_CREDS} - export GOOGLE_PROJECT=${TF_VAR_project} -EOF -echo "Please set gcloud environment variables in $GCLOUD_ENV_FILE before running $0" -exit 1 -fi - -echo "Creating new gcloud project for terraform" -gcloud projects create ${TF_VAR_project} \ - --organization ${TF_VAR_org_id} \ - --set-as-default - -echo "Linking new gcloud project to billing account" -gcloud beta billing projects link ${TF_VAR_project} \ - --billing-account ${TF_VAR_billing_account} - -echo "Creating iam service account for terraform" -gcloud iam service-accounts create terraform \ - --display-name "Terraform admin account" - -echo "Creating gcloud keys on filesystem for terraform" -gcloud iam service-accounts keys create ${TF_CREDS} \ - --iam-account terraform@${TF_VAR_project}.iam.gserviceaccount.com - -echo "Granting storage.admin and logging.configWriter and project editor and monitoring.admin roles to terraform service account." -gcloud projects add-iam-policy-binding ${TF_VAR_project} \ - --member serviceAccount:terraform@${TF_VAR_project}.iam.gserviceaccount.com \ - --role roles/storage.admin -gcloud projects add-iam-policy-binding ${TF_VAR_project} \ - --member serviceAccount:terraform@${TF_VAR_project}.iam.gserviceaccount.com \ - --role roles/logging.configWriter -gcloud projects add-iam-policy-binding ${TF_VAR_project} \ - --member serviceAccount:terraform@${TF_VAR_project}.iam.gserviceaccount.com \ - --role roles/editor - gcloud projects add-iam-policy-binding ${TF_VAR_project} \ - --member serviceAccount:terraform@${TF_VAR_project}.iam.gserviceaccount.com \ - --role roles/monitoring.admin - -echo "Enabling required gcp API's for terraform" -gcloud services enable cloudresourcemanager.googleapis.com -gcloud services enable cloudbilling.googleapis.com -gcloud services enable iam.googleapis.com -gcloud services enable compute.googleapis.com -gcloud services enable serviceusage.googleapis.com -gcloud services enable stackdriver.googleapis.com -gcloud services enable clouderrorreporting.googleapis.com -gcloud services enable iap.googleapis.com #required for ssh into validator w/o public IP - -echo "Enumerating default service account email address" -GCP_DEFAULT_SERVICE_ACCOUNT=`gcloud iam service-accounts list | grep 'Compute Engine default service account' | cut -d ' ' -f 7` -echo "export TF_VAR_GCP_DEFAULT_SERVICE_ACCOUNT=\"$GCP_DEFAULT_SERVICE_ACCOUNT\"" >> gcloud.env -#plan is to use this from within TF to grant explicit access to a logs bucket rather than use a broad storage.rw scope - -echo "Creating a bucket for storing remote TFSTATE" -#note namespace on gcp cloud storage buckets is global, so this must be unique -TF_STATE_BUCKET=${TF_VAR_project}-tfstate -gsutil mb -p ${TF_VAR_project} gs://${TF_STATE_BUCKET} -#gsutil iam ch serviceAccount:terraform@${TF_VAR_project}.iam.gserviceaccount.com:objectCreator,objectViewer gs://${TF_STATE_BUCKET} -#above is redundant, given that tf svc acct has storage.admin role, but granting it explictly here anyway. -# this works, but results in 'no change'. default svc account can still hit the TF_STATE_BUCKET -#gsutil iam ch -d serviceAccount:${TF_VAR_GCP_DEFAULT_SERVICE_ACCOUNT} gs://${TF_STATE_BUCKET} -cat > iam.txt << EOF -{ - "bindings": [ - { - "members": [ - "projectOwner:${TF_VAR_project}" - ], - "role": "roles/storage.legacyBucketOwner" - }, - { - "members": [ - "projectViewer:${TF_VAR_project}" - ], - "role": "roles/storage.legacyBucketReader" - }, - { - "members": [ - "serviceAccount:terraform@${TF_VAR_project}.iam.gserviceaccount.com" - ], - "role": "roles/storage.objectCreator" - }, - { - "members": [ - "serviceAccount:terraform@${TF_VAR_project}.iam.gserviceaccount.com" - ], - "role": "roles/storage.objectViewer" - } - ] -} -EOF - - -cat > backend.tf << EOF -terraform { - backend "gcs" { - bucket = "${TF_STATE_BUCKET}" - prefix = "terraform/state" - } -} -EOF - -echo "Initializing terraform" -terraform init - -echo "Don't forget to 'source gcloud.env' before using Terraform!" -echo "A dynamically named service account was created that Terraform needs to know about" - - diff --git a/packages/terraform-modules-public/gcp/example/dashboards/hud.json b/packages/terraform-modules-public/gcp/example/dashboards/hud.json deleted file mode 100644 index 60195ccb11a..00000000000 --- a/packages/terraform-modules-public/gcp/example/dashboards/hud.json +++ /dev/null @@ -1,327 +0,0 @@ -{ - "displayName": "HUD", - "gridLayout": { - "columns": "2", - "widgets": [ - { - "title": "Blocks Signed", - "xyChart": { - "chartOptions": { - "mode": "COLOR" - }, - "dataSets": [ - { - "minAlignmentPeriod": "60s", - "plotType": "LINE", - "timeSeriesQuery": { - "timeSeriesFilter": { - "aggregation": { - "perSeriesAligner": "ALIGN_DELTA" - }, - "filter": "metric.type=\"logging.googleapis.com/user/tf_eth_block_signed\" resource.type=\"gce_instance\" metadata.user_labels.\"rc1-validator\"=\"\"", - "secondaryAggregation": {} - }, - "unitOverride": "1" - } - } - ], - "timeshiftDuration": "0s", - "yAxis": { - "label": "y1Axis", - "scale": "LINEAR" - } - } - }, - { - "title": "Blocks Mined", - "xyChart": { - "chartOptions": { - "mode": "COLOR" - }, - "dataSets": [ - { - "minAlignmentPeriod": "60s", - "plotType": "LINE", - "timeSeriesQuery": { - "timeSeriesFilter": { - "aggregation": { - "perSeriesAligner": "ALIGN_DELTA" - }, - "filter": "metric.type=\"logging.googleapis.com/user/tf_eth_block_signed\" resource.type=\"gce_instance\"", - "secondaryAggregation": {} - }, - "unitOverride": "1" - } - } - ], - "timeshiftDuration": "0s", - "yAxis": { - "label": "y1Axis", - "scale": "LINEAR" - } - } - }, - { - "title": "Memory Free", - "xyChart": { - "chartOptions": { - "mode": "COLOR" - }, - "dataSets": [ - { - "minAlignmentPeriod": "60s", - "plotType": "LINE", - "timeSeriesQuery": { - "timeSeriesFilter": { - "aggregation": { - "perSeriesAligner": "ALIGN_MEAN" - }, - "filter": "metric.type=\"agent.googleapis.com/memory/percent_used\" resource.type=\"gce_instance\" metric.label.\"state\"=\"free\"", - "secondaryAggregation": {} - }, - "unitOverride": "%" - } - } - ], - "timeshiftDuration": "0s", - "yAxis": { - "label": "y1Axis", - "scale": "LINEAR" - } - } - }, - { - "title": "CPU", - "xyChart": { - "chartOptions": { - "mode": "COLOR" - }, - "dataSets": [ - { - "minAlignmentPeriod": "60s", - "plotType": "LINE", - "timeSeriesQuery": { - "timeSeriesFilter": { - "aggregation": { - "perSeriesAligner": "ALIGN_MEAN" - }, - "filter": "metric.type=\"agent.googleapis.com/cpu/load_1m\" resource.type=\"gce_instance\"", - "secondaryAggregation": {} - }, - "unitOverride": "1" - } - } - ], - "timeshiftDuration": "0s", - "yAxis": { - "label": "y1Axis", - "scale": "LINEAR" - } - } - }, - { - "title": "Network", - "xyChart": { - "chartOptions": { - "mode": "COLOR" - }, - "dataSets": [ - { - "minAlignmentPeriod": "60s", - "plotType": "LINE", - "timeSeriesQuery": { - "timeSeriesFilter": { - "aggregation": { - "perSeriesAligner": "ALIGN_RATE" - }, - "filter": "metric.type=\"compute.googleapis.com/instance/network/sent_bytes_count\" resource.type=\"gce_instance\"", - "secondaryAggregation": {} - }, - "unitOverride": "By" - } - }, - { - "minAlignmentPeriod": "60s", - "plotType": "LINE", - "timeSeriesQuery": { - "timeSeriesFilter": { - "aggregation": { - "perSeriesAligner": "ALIGN_RATE" - }, - "filter": "metric.type=\"compute.googleapis.com/instance/network/received_bytes_count\" resource.type=\"gce_instance\"", - "secondaryAggregation": {} - }, - "unitOverride": "By" - } - } - ], - "timeshiftDuration": "0s", - "yAxis": { - "label": "y1Axis", - "scale": "LINEAR" - } - } - }, - { - "title": "Blocks Ingested", - "xyChart": { - "chartOptions": { - "mode": "COLOR" - }, - "dataSets": [ - { - "minAlignmentPeriod": "60s", - "plotType": "LINE", - "timeSeriesQuery": { - "timeSeriesFilter": { - "aggregation": { - "crossSeriesReducer": "REDUCE_PERCENTILE_99", - "perSeriesAligner": "ALIGN_SUM" - }, - "filter": "metric.type=\"logging.googleapis.com/user/tf_eth_blocks_ingested\" resource.type=\"gce_instance\"", - "secondaryAggregation": {} - }, - "unitOverride": "blocks" - } - } - ], - "timeshiftDuration": "0s", - "yAxis": { - "label": "y1Axis", - "scale": "LINEAR" - } - } - }, - { - "title": "Eth Handshakes Failed", - "xyChart": { - "chartOptions": { - "mode": "COLOR" - }, - "dataSets": [ - { - "minAlignmentPeriod": "60s", - "plotType": "LINE", - "timeSeriesQuery": { - "timeSeriesFilter": { - "aggregation": { - "perSeriesAligner": "ALIGN_RATE" - }, - "filter": "metric.type=\"logging.googleapis.com/user/tf_eth_handshake_failed\" resource.type=\"gce_instance\"", - "secondaryAggregation": {} - }, - "unitOverride": "1" - } - } - ], - "timeshiftDuration": "0s", - "yAxis": { - "label": "y1Axis", - "scale": "LINEAR" - } - } - }, - { - "title": "Genesis Mismatches", - "xyChart": { - "chartOptions": { - "mode": "COLOR" - }, - "dataSets": [ - { - "minAlignmentPeriod": "60s", - "plotType": "LINE", - "timeSeriesQuery": { - "timeSeriesFilter": { - "aggregation": { - "perSeriesAligner": "ALIGN_RATE" - }, - "filter": "metric.type=\"logging.googleapis.com/user/tf_eth_genesis_mismatch\" resource.type=\"gce_instance\"", - "secondaryAggregation": {} - }, - "unitOverride": "1" - } - } - ], - "timeshiftDuration": "0s", - "yAxis": { - "label": "y1Axis", - "scale": "LINEAR" - } - } - }, - { - "title": "Disk Usage", - "xyChart": { - "chartOptions": { - "mode": "COLOR" - }, - "dataSets": [ - { - "minAlignmentPeriod": "60s", - "plotType": "LINE", - "timeSeriesQuery": { - "timeSeriesFilter": { - "aggregation": { - "perSeriesAligner": "ALIGN_MEAN" - }, - "filter": "metric.type=\"agent.googleapis.com/disk/percent_used\" resource.type=\"gce_instance\" metric.label.\"state\"=\"used\" metric.label.\"device\"!=\"overlay\" metric.label.\"device\"!=\"tmpfs\" metric.label.\"device\"!=\"tmpfs\" metric.label.\"device\"!=\"udev\"", - "secondaryAggregation": {} - }, - "unitOverride": "%" - } - } - ], - "timeshiftDuration": "0s", - "yAxis": { - "label": "y1Axis", - "scale": "LINEAR" - } - } - }, - { - "title": "Disk I/O", - "xyChart": { - "chartOptions": { - "mode": "COLOR" - }, - "dataSets": [ - { - "minAlignmentPeriod": "60s", - "plotType": "LINE", - "timeSeriesQuery": { - "timeSeriesFilter": { - "aggregation": { - "perSeriesAligner": "ALIGN_RATE" - }, - "filter": "metric.type=\"compute.googleapis.com/instance/disk/read_bytes_count\" resource.type=\"gce_instance\"", - "secondaryAggregation": {} - }, - "unitOverride": "By" - } - }, - { - "minAlignmentPeriod": "60s", - "plotType": "LINE", - "timeSeriesQuery": { - "timeSeriesFilter": { - "aggregation": { - "perSeriesAligner": "ALIGN_RATE" - }, - "filter": "metric.type=\"compute.googleapis.com/instance/disk/write_bytes_count\" resource.type=\"gce_instance\"", - "secondaryAggregation": {} - }, - "unitOverride": "By" - } - } - ], - "timeshiftDuration": "0s", - "yAxis": { - "label": "y1Axis", - "scale": "LINEAR" - } - } - } - ] - } -} diff --git a/packages/terraform-modules-public/gcp/example/dashboards/readme.md b/packages/terraform-modules-public/gcp/example/dashboards/readme.md deleted file mode 100644 index c010acdf97b..00000000000 --- a/packages/terraform-modules-public/gcp/example/dashboards/readme.md +++ /dev/null @@ -1,6 +0,0 @@ -# Stackdriver Monitoring Dashboard - -There presently is no support for creating Stackdriver monitoring dashboards via Terraform -So instead we have use the gcloud cli to import the dashboard from a json file - -`gcloud monitoring dashboards create --config-from-file=hud.json` diff --git a/packages/terraform-modules-public/gcp/example/gcloud.env.example b/packages/terraform-modules-public/gcp/example/gcloud.env.example deleted file mode 100644 index 2462da1480e..00000000000 --- a/packages/terraform-modules-public/gcp/example/gcloud.env.example +++ /dev/null @@ -1,8 +0,0 @@ -export TF_VAR_org_id=YOUR_ORG_ID -export TF_VAR_billing_account=YOUR_BILLING_ACCOUNT -export TF_VAR_project=NAME_OF_PROJECT_TO_BE_CREATED_BY_THIS_SCRIPT -export TF_CREDS=~/.config/gcloud/${USER}-${TF_VAR_project}.json -export GOOGLE_APPLICATION_CREDENTIALS=${TF_CREDS} -export GOOGLE_PROJECT=${TF_VAR_project} -#next line is derived by bootstrap.sh, used later by TF to grant perms to write to logging bucket -#export TF_VAR_GCP_DEFAULT_SERVICE_ACCOUNT="PROJECTID-compute@developer.gserviceaccount.com" diff --git a/packages/terraform-modules-public/gcp/example/main.tf b/packages/terraform-modules-public/gcp/example/main.tf deleted file mode 100644 index b3bce24d4a8..00000000000 --- a/packages/terraform-modules-public/gcp/example/main.tf +++ /dev/null @@ -1,256 +0,0 @@ -provider "google" { - project = var.google["project"] - region = var.google["region"] - zone = var.google["zone"] -} - -resource "google_project_service" "compute" { - project = var.google["project"] - service = "compute.googleapis.com" - disable_dependent_services = true - disable_on_destroy = false -} - -resource "google_project_service" "db" { - project = var.google["project"] - service = "sqladmin.googleapis.com" - disable_dependent_services = true - disable_on_destroy = false -} - -resource "google_compute_network" "celo_network" { - name = var.network_name - timeouts { - delete = "15m" - } -} - -data "google_compute_subnetwork" "celo_subnetwork" { - name = google_compute_network.celo_network.name - region = var.google["region"] - depends_on = [google_compute_network.celo_network] -} - -resource "google_compute_router" "router" { - name = "${var.celo_env}-celo-router" - region = data.google_compute_subnetwork.celo_subnetwork.region - network = google_compute_network.celo_network.self_link - - bgp { - asn = 64514 - } -} - -resource "google_compute_router_nat" "nat" { - name = "${var.celo_env}-celo-router-nat" - router = google_compute_router.router.name - region = google_compute_router.router.region - nat_ip_allocate_option = "AUTO_ONLY" - source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES" - - log_config { - enable = false - filter = "ERRORS_ONLY" - } -} - -module "celo_cluster" { - source = "../celo-infra" - network_depends_on = [google_compute_network.celo_network] - - gcloud_project = var.google["project"] - gcloud_region = var.google["region"] - gcloud_zone = var.google["zone"] - network_name = google_compute_network.celo_network.name - celo_env = var.celo_env - instance_types = var.instance_types - service_account_scopes = var.service_account_scopes - - stackdriver_logging_exclusions = var.stackdriver_logging_exclusions - stackdriver_logging_metrics = var.stackdriver_logging_metrics - - - tx_node_count = var.replicas["txnode"] - backup_node_count = var.replicas["backup_node"] - validator_count = var.replicas["validator"] - - validator_signer_account_addresses = var.validator_signer_accounts["account_addresses"] - validator_signer_private_keys = var.validator_signer_accounts["private_keys"] - validator_signer_account_passwords = var.validator_signer_accounts["account_passwords"] - validator_release_gold_addresses = var.validator_signer_accounts["release_gold_addresses"] - - proxy_private_keys = var.proxy_accounts["private_keys"] - proxy_addresses = var.proxy_accounts["account_addresses"] - proxy_enodes = var.proxy_accounts["enodes"] - proxy_account_passwords = var.proxy_accounts["account_passwords"] - - validator_name = var.validator_name - proxy_name = var.proxy_name - - reset_geth_data = var.reset_geth_data - - ethstats_host = var.ethstats_host - in_memory_discovery_table = var.in_memory_discovery_table - geth_node_docker_image_repository = var.geth_node_docker_image["repository"] - geth_node_docker_image_tag = var.geth_node_docker_image["tag"] - network_id = var.network_id - block_time = var.block_time - istanbul_request_timeout_ms = var.istanbul_request_timeout_ms - geth_verbosity = var.geth_verbosity - geth_exporter_docker_image_repository = var.geth_exporter_docker_image["repository"] - geth_exporter_docker_image_tag = var.geth_exporter_docker_image["tag"] - - attestation_service_count = var.replicas["attestation_service"] - attestation_service_db_username = var.attestation_service_db["username"] - attestation_service_db_password = var.attestation_service_db["password"] - attestation_service_docker_image_repository = var.attestation_service_docker_image["repository"] - attestation_service_docker_image_tag = var.attestation_service_docker_image["tag"] - attestation_signer_addresses = var.attestation_signer_accounts["account_addresses"] - attestation_signer_private_keys = var.attestation_signer_accounts["private_keys"] - attestation_signer_account_passwords = var.attestation_signer_accounts["account_passwords"] - attestation_service_sms_providers = var.attestation_service_credentials["sms_providers"] - attestation_service_nexmo_key = var.attestation_service_credentials["nexmo_key"] - attestation_service_nexmo_secret = var.attestation_service_credentials["nexmo_secret"] - attestation_service_nexmo_blacklist = var.attestation_service_credentials["nexmo_blacklist"] - attestation_service_nexmo_unsupported_regions = var.attestation_service_credentials["nexmo_unsupported_regions"] - attestation_service_twilio_account_sid = var.attestation_service_credentials["twilio_account_sid"] - attestation_service_twilio_messaging_service_sid = var.attestation_service_credentials["twilio_messaging_service_sid"] - attestation_service_twilio_verify_service_sid = var.attestation_service_credentials["twilio_verify_service_sid"] - attestation_service_twilio_auth_token = var.attestation_service_credentials["twilio_auth_token"] - attestation_service_twilio_blacklist = var.attestation_service_credentials["twilio_blacklist"] - attestation_service_twilio_unsupported_regions = var.attestation_service_credentials["twilio_unsupported_regions"] - attestation_service_messagebird_api_key = var.attestation_service_credentials["messagebird_api_key"] - attestation_service_messagebird_unsupported_regions = var.attestation_service_credentials["messagebird_unsupported_regions"] -} - -resource "google_logging_project_exclusion" "logging_exclusion" { - for_each = var.stackdriver_logging_exclusions - - name = each.key #maybe make this a random_id to ensure no naming conflicts - description = each.value["description"] - filter = each.value["filter"] -} - -resource "random_id" "stackdriver_logging_exclusions" { - for_each = var.stackdriver_logging_exclusions - byte_length = 4 -} - -resource "random_id" "stackdriver_logging_metrics" { - for_each = var.stackdriver_logging_metrics - byte_length = 4 -} - -resource "google_logging_metric" "logging_metric" { - for_each = var.stackdriver_logging_metrics - name = each.key - description = each.value["description"] - filter = each.value["filter"] - metric_descriptor { - metric_kind = "DELTA" - value_type = "INT64" - display_name = each.value["description"] - } -} - -resource "google_logging_metric" "distribution_blocks_ingested" { - name = "tf_eth_blocks_ingested" - description = "Ethereum blocks ingested" - filter = "resource.type=\"gce_instance\" AND \"Imported new chain segment\"" - metric_descriptor { - metric_kind = "DELTA" - value_type = "DISTRIBUTION" - unit = "blocks" - display_name = "Blocks Ingested" - } - value_extractor = "REGEXP_EXTRACT(jsonPayload.message, \"\\\"blocks\\\":(\\\\d+)\")" - bucket_options { - explicit_buckets { - bounds = [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,40,60,80,100,120,140,160,180,200,400,500,600,700,800,900,1000,1200,1400,1600,1800,2000,2200,2400,2600,2800,3000,3500,4000,5000] - } - } -} - -resource "google_storage_bucket" "chaindata_bucket" { - name = "${var.google["project"]}-chaindata" - location = "US" - - lifecycle_rule { - condition { - num_newer_versions = 10 # keep 10 copies of chaindata backups (use `gsutil ls -la $bucket` to see versioned objects) - } - action { - type = "Delete" - } - } - - versioning { - enabled = true - } -} - -resource "google_storage_bucket_iam_binding" "chaindata_binding_write" { - bucket = "${var.google["project"]}-chaindata" - role = "roles/storage.objectCreator" - members = [ - "serviceAccount:${var.GCP_DEFAULT_SERVICE_ACCOUNT}", - ] -} - -resource "google_storage_bucket_iam_binding" "chaindata_binding_read" { - bucket = "${var.google["project"]}-chaindata" - role = "roles/storage.objectViewer" - members = [ - "serviceAccount:${var.GCP_DEFAULT_SERVICE_ACCOUNT}", - ] -} - -resource "google_storage_bucket" "chaindata_rsync_bucket" { - name = "${var.google["project"]}-chaindata-rsync" - location = "US" - -} - -resource "google_storage_bucket_iam_binding" "chaindata_rsync_binding_write" { - bucket = "${var.google["project"]}-chaindata-rsync" - role = "roles/storage.objectCreator" - members = [ - "serviceAccount:${var.GCP_DEFAULT_SERVICE_ACCOUNT}", - ] -} - -resource "google_storage_bucket_iam_binding" "chaindata_rsync_binding_read" { - bucket = "${var.google["project"]}-chaindata-rsync" - role = "roles/storage.objectViewer" - members = [ - "serviceAccount:${var.GCP_DEFAULT_SERVICE_ACCOUNT}", - ] -} - -# validators need to expose metadata publicly -# uncomment the following two blocks if you would like to use GCS for this purpose - -#resource "google_storage_bucket" "public_www_bucket" { -# name = var.public_www_fqdn -# location = "US" -# force_destroy = true -# -# website { -# main_page_suffix = "index.html" -# not_found_page = "404.html" -# } -# cors { -# origin = ["https://${var.public_www_fqdn}"] -# method = ["GET", "HEAD"] -# response_header = ["*"] -# max_age_seconds = 3600 -# } -#} - -#resource "google_storage_bucket_iam_binding" "public_www_binding_read" { -# bucket = var.public_www_fqdn -# role = "roles/storage.objectViewer" -# members = [ -# "allUsers" -# ] -#} \ No newline at end of file diff --git a/packages/terraform-modules-public/gcp/example/metrics.md b/packages/terraform-modules-public/gcp/example/metrics.md deleted file mode 100644 index c159709eb22..00000000000 --- a/packages/terraform-modules-public/gcp/example/metrics.md +++ /dev/null @@ -1,49 +0,0 @@ -# metrics - -## geth exporter -The geth exporter is no longer needed, since Geth now includes the ability to export metrics natively. -Previously, the proxy, validator and tx-node services included the geth-exporter service to export geth metrics for Prometheus. Serving at port 9200, you could configure your Prometheus server to collect the metrics at endpoint http://:9200/metrics - -This has been deprecated and removed. - -## geth metrics -geth is now invoked started with --metrics and --pprof -which exposes metrics on http://localhost:6060/debug/metrics - -## prometheus -[prometheus](https://prometheus.io/) style metrics are now exposed and can be accessed at -http://localhost:6060/debug/metrics/prometheus -prometheus data can be scraped by prometheus using a static config target specified in -prometheus.yml, as follows: - -``` -global: - scrape_interval: 15s # By default, scrape targets every 15 seconds. - - # Attach these labels to any time series or alerts when communicating with - # external systems (federation, remote storage, Alertmanager). - external_labels: - monitor: 'codelab-monitor' - -# A scrape configuration containing exactly one endpoint to scrape: -# Here it's Prometheus itself. -scrape_configs: - # The job name is added as a label `job=` to any timeseries scraped from this config. - - job_name: 'prometheus' - - # Override the global default and scrape targets from this job every 5 seconds. - scrape_interval: 5s - - static_configs: - - targets: ['localhost:9090'] -``` - - -## visualization -grafana is a good choice for graphing -`docker run --rm -it --net=host grafana/grafana` - -## further reading -See https://blog.ethereum.org/2019/07/10/geth-v1-9-0/#metrics-collection for more information - - diff --git a/packages/terraform-modules-public/gcp/example/outputs.tf b/packages/terraform-modules-public/gcp/example/outputs.tf deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/packages/terraform-modules-public/gcp/example/scripts/authorize_attestation_signer.sh b/packages/terraform-modules-public/gcp/example/scripts/authorize_attestation_signer.sh deleted file mode 100644 index 93c95ed7192..00000000000 --- a/packages/terraform-modules-public/gcp/example/scripts/authorize_attestation_signer.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -set -x - -###### -# use this script to authorize a new attestation signer -# signed by the validator release gold account - -CELO_ATTESTATION_SIGNER_SIGNATURE=FIXME -CELO_ATTESTATION_SIGNER_ADDRESS=FIXME -CELO_VALIDATOR_RG_ADDRESS=FIXME -LEDGER_INDEX=0 - -npx celocli releasegold:authorize --contract $CELO_VALIDATOR_RG_ADDRESS --role attestation --signature 0x$CELO_ATTESTATION_SIGNER_SIGNATURE --signer $CELO_ATTESTATION_SIGNER_ADDRESS --useLedger --ledgerCustomAddresses=$LEDGER_INDEX - - diff --git a/packages/terraform-modules-public/gcp/example/scripts/authorize_signer.sh b/packages/terraform-modules-public/gcp/example/scripts/authorize_signer.sh deleted file mode 100755 index afe026772a7..00000000000 --- a/packages/terraform-modules-public/gcp/example/scripts/authorize_signer.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -set -x - -# authorize a new signer - -CELO_VALIDATOR_RG_ADDRESS=FIXME -SIGNER_TO_AUTHORIZE=FIXME -SIGNER_PROOF_OF_POSSESSION=FIXME -BLS_PUBLIC_KEY=FIXME -BLS_PROOF_OF_POSSESSION=FIXME -LEDGER_INDEX=0 - -# DO NOT RUN THE FOLLOWING UNTIL THE NEW SIGNER IS READY TO ROCK AND ROLL. -# NEW SIGNER WILL TAKE OVER FOR OLD SIGNER AT BEGINNING OF NEW EPOCH - -# From a node with access to the beneficiary key of VALIDATOR_ACCOUNT_ADDRESS -npx celocli releasegold:authorize --contract $CELO_VALIDATOR_RG_ADDRESS --role validator \ - --signer $SIGNER_TO_AUTHORIZE --signature 0x$SIGNER_PROOF_OF_POSSESSION --blsKey $BLS_PUBLIC_KEY --blsPop $BLS_PROOF_OF_POSSESSION \ - --useLedger --ledgerCustomAddresses=$LEDGER_INDEX - diff --git a/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/activate.sh b/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/activate.sh deleted file mode 100644 index f9865a40d0e..00000000000 --- a/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/activate.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -set -x - -COLD_ADDRESS=FIXME # --ledgerCustomAddresses=[5] -GROUP=FIXME -LEDGER_CMD='--useLedger --ledgerCustomAddresses=[5]' - -npx celocli election:activate --from $COLD_ADDRESS $LEDGER_CMD - - - diff --git a/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/cold_to_hot.sh b/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/cold_to_hot.sh deleted file mode 100755 index c755cc8023d..00000000000 --- a/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/cold_to_hot.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -set -x - -#echo `which celocli` -#exit - - -CELOCLI='/Users/dc/.nvm/versions/node/v10.22.0/bin/celocli' -LEDGER_CMD='--useLedger --ledgerCustomAddresses=[5]' - -#$CELOCLI -v -#exit - -HOT_ADDRESS=FIXME -COLD_ADDRESS=FIXME # --ledgerCustomAddresses=[5] -#CUSD_RESERVE=1*10^18 -#CUSD_RESERVE=6738*10^18 -CUSD_RESERVE=0 -#tax reserve as of 8/31/2020 - -echo "Checking cUSD balance of COLD_ADDRESS" -COLD_ADDRESS_CUSD_BALANCE=$($CELOCLI account:balance $COLD_ADDRESS | grep "cUSD" | cut -d " " -f 2) -echo "COLD_ADDRESS cUSD Balance: $COLD_ADDRESS_CUSD_BALANCE" -COLD_ADDRESS_CUSD_BALANCE_SIMPLE_NOTATION=$(echo $COLD_ADDRESS_CUSD_BALANCE | sed -E 's/([+-]?[0-9.]+)[eE]\+?(-?)([0-9]+)/(\1*10^\2\3)/g') -echo "Cold_ADDRESS cUSD Balance (simple): $COLD_ADDRESS_CUSD_BALANCE_SIMPLE_NOTATION" -if (( $(echo "$COLD_ADDRESS_CUSD_BALANCE_SIMPLE_NOTATION > $CUSD_RESERVE" |bc -l) )); - then - echo "COLD_ADDRESS has > $CUSD_RESERVE cUSD" - CUSD_TO_SEND=$(echo "$COLD_ADDRESS_CUSD_BALANCE_SIMPLE_NOTATION - $CUSD_RESERVE" | bc) - echo "Sending $CUSD_TO_SEND to HOT_ADDRESS at $HOT_ADDRESS" - $CELOCLI transfer:dollars --from $COLD_ADDRESS --to $HOT_ADDRESS --value $CUSD_TO_SEND $LEDGER_CMD -else - echo "COLD_ADDRESS has < $CUSD_RESERVE cUSD, exiting" - exit 0 -fi diff --git a/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/hot_exchange.sh b/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/hot_exchange.sh deleted file mode 100755 index 0f4bd6a5a01..00000000000 --- a/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/hot_exchange.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -set -x - -HOT_ADDRESS=FIXME -#TARGET_CELO=25e18 -CELOCLI='/Users/dc/.nvm/versions/node/v10.22.0/bin/celocli' -MAXSLEEP=900 -EXCHANGERATE=6e18 -VALUE=25e18 - - -while : -do - echo "Checking cUSD balance of HOT_ADDRESS" - HOT_ADDRESS_USD_BALANCE=$($CELOCLI account:balance $HOT_ADDRESS | grep "cUSD" | cut -d " " -f 2) - echo "HOT_ADDRESS USD Balance: $HOT_ADDRESS_USD_BALANCE" - HOT_ADDRESS_USD_BALANCE_SIMPLE_NOTATION=$(echo $HOT_ADDRESS_USD_BALANCE | sed -E 's/([+-]?[0-9.]+)[eE]\+?(-?)([0-9]+)/(\1*10^\2\3)/g') - echo "HOT_ADDRESS USD Balance (simple): $HOT_ADDRESS_USD_BALANCE_SIMPLE_NOTATION" - if (( $(echo "$HOT_ADDRESS_USD_BALANCE_SIMPLE_NOTATION > 0" |bc -l) )); - then - echo "Exchanging cUSD for CELO" - $CELOCLI exchange:dollars --value $VALUE --from $HOT_ADDRESS --forAtLeast $EXCHANGERATE - if [ $? -eq 1 ] - then - echo "Exchange failed, please check exchange rate." - exit 1 - fi - sleep $((1 + RANDOM % $MAXSLEEP)) - else - echo "No cUSD balance on hot account, exiting" - exit 0 - fi -done diff --git a/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/hot_to_cold.sh b/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/hot_to_cold.sh deleted file mode 100755 index d046a6f7952..00000000000 --- a/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/hot_to_cold.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -set -x - -HOT_ADDRESS=FIXME -COLD_ADDRESS=FIXME # --ledgerCustomAddresses=[5] -CELO_RESERVE=1*10^18 # keep some CELO handy for gas - -echo "Checking CELO balance of HOT_ADDRESS" -HOT_ADDRESS_CELO_BALANCE=$(npx celocli account:balance $HOT_ADDRESS | grep "CELO" | grep -v 'lockedCELO'| cut -d " " -f 2) -echo "HOT_ADDRESS CELO Balance: $HOT_ADDRESS_CELO_BALANCE" -HOT_ADDRESS_CELO_BALANCE_SIMPLE_NOTATION=$(echo $HOT_ADDRESS_CELO_BALANCE | sed -E 's/([+-]?[0-9.]+)[eE]\+?(-?)([0-9]+)/(\1*10^\2\3)/g') -echo "HOT_ADDRESS CELO Balance (simple): $HOT_ADDRESS_CELO_BALANCE_SIMPLE_NOTATION" -if (( $(echo "$HOT_ADDRESS_CELO_BALANCE_SIMPLE_NOTATION > $CELO_RESERVE" |bc -l) )); - then - echo "HOT_ADDRESS has > $CELO_RESERVE CELO" - CELO_TO_SEND=$(echo "$HOT_ADDRESS_CELO_BALANCE_SIMPLE_NOTATION - $CELO_RESERVE" | bc) - echo "Sending $CELO_TO_SEND to COLD_ADDRESS at $COLD_ADDRESS" - npx celocli transfer:celo --from $HOT_ADDRESS --to $COLD_ADDRESS --value $CELO_TO_SEND -else - echo "HOT_ADDRESS has < $CELO_RESERVE CELO, exiting" - exit 0 -fi \ No newline at end of file diff --git a/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/reamde.md b/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/reamde.md deleted file mode 100644 index 16747440fc3..00000000000 --- a/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/reamde.md +++ /dev/null @@ -1,24 +0,0 @@ -# Celo USD Management Scripts -Collection of bash scripts to help automate the management of cUSD rewards from staking operation - -## Requirements -1. `celocli` installed locally, with a secure connection (eg SSH tunnel) to a trusted full node - `ssh -L 8545:localhost:8545 celo-manager` - `celocli node:synced` should return 'true' - -# General Flow -1. sweep_cusd.sh - Checks balance of cUSD on validator and group accounts, sweeps them to the Ledger - -2. cold_to_hot.sh - Moves cUSD (net of reserve) to hot wallet for automated exchange w/ stability protocol. - -3. hot_exchange.sh - Trades cUSD for CELO by interacting w/ the on-chain stability protocol. This should run in a (detached) screen. - Note that the hot wallet needs to be unlocked on the full node this runs on. - `personal.unlockAccount("0xE6DDd7bb03E5e8338Be22f33ee47849fB2BF66A2", "$password", 86400)` - This will take some time to run, as exchanging too much too fast will result in considerable slippage. - -4. hot_to_cold.sh - Moves CELO from the hot account back to the Ledger - \ No newline at end of file diff --git a/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/sweep_cusd.sh b/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/sweep_cusd.sh deleted file mode 100755 index 25aad415974..00000000000 --- a/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/sweep_cusd.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -set -x -CELO_VALIDATOR_GROUP_RG_ADDRESS=FIXME # --ledgerCustomAddresses=[0] -CELO_VALIDATOR_RG_ADDRESS=FIXME # --ledgerCustomAddresses=[1] -SWEEP_ADDRESS=FIXME # --ledgerCustomAddresses=[5] -CELO_RESERVE=1000000000000000000 -#CELO_RESERVE=1e18 - -echo "Checking cUSD balance of CELO_VALIDATOR_GROUP_RG_ADDRESS" -npx celocli account:balance $CELO_VALIDATOR_GROUP_RG_ADDRESS -GROUP_USD_BALANCE=$(npx celocli account:balance $CELO_VALIDATOR_GROUP_RG_ADDRESS | grep "cUSD" | cut -d " " -f 2) -echo "Group USD Balance: $GROUP_USD_BALANCE" -GROUP_USD_BALANCE_SIMPLE_NOTATION=$(echo $GROUP_USD_BALANCE | sed -E 's/([+-]?[0-9.]+)[eE]\+?(-?)([0-9]+)/(\1*10^\2\3)/g') -echo "Group USD Balance (simple): $GROUP_USD_BALANCE_SIMPLE_NOTATION" -if (( $(echo "$GROUP_USD_BALANCE_SIMPLE_NOTATION > 0" |bc -l) )); -then - echo "Transferring cUSD from CELO_VALIDATOR_GROUP_RG_ADDRESS to SWEEP_ADDRESS" - npx celocli releasegold:transfer-dollars --contract $CELO_VALIDATOR_GROUP_RG_ADDRESS --to $SWEEP_ADDRESS --value $GROUP_USD_BALANCE --useLedger --ledgerCustomAddresses=[0] -else - echo "No cUSD balance on group account, skipping" -fi - -echo "Checking cUSD balance of CELO_VALIDATOR_RG_ADDRESS" -npx celocli account:balance $CELO_VALIDATOR_RG_ADDRESS -VALIDATOR_USD_BALANCE=$(npx celocli account:balance $CELO_VALIDATOR_RG_ADDRESS | grep "cUSD" | cut -d " " -f 2) -echo "Validator USD Balance: $VALIDATOR_USD_BALANCE" -VALIDATOR_USD_BALANCE_SIMPLE_NOTATION=$(echo $VALIDATOR_USD_BALANCE | sed -E 's/([+-]?[0-9.]+)[eE]\+?(-?)([0-9]+)/(\1*10^\2\3)/g') -echo "Validator USD Balance (simple): $VALIDATOR_USD_BALANCE_SIMPLE_NOTATION" - -if (( $(echo "$VALIDATOR_USD_BALANCE_SIMPLE_NOTATION > 0" |bc -l) )); then - echo "VALIDATOR_USD_BALANCE is greater than 0" - echo "Transferring cUSD from CELO_VALIDATOR_RG_ADDRESS to SWEEP_ADDRESS" - npx celocli releasegold:transfer-dollars --contract $CELO_VALIDATOR_RG_ADDRESS --to $SWEEP_ADDRESS --value $VALIDATOR_USD_BALANCE --useLedger --ledgerCustomAddresses=[1] -else - echo "VALIDATOR_USD_BALANCE is == 0" - echo "No cUSD balance on validator account, skipping" -fi - - diff --git a/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/vote_cold.sh b/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/vote_cold.sh deleted file mode 100755 index eceaadf75ae..00000000000 --- a/packages/terraform-modules-public/gcp/example/scripts/cUSD_mgt/vote_cold.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -set -x - -COLD_ADDRESS=FIXME # --ledgerCustomAddresses=[5] -CELO_RESERVE=1*10^18 -GROUP=FIXME -LEDGER_CMD='--useLedger --ledgerCustomAddresses=[5]' - -echo "Checking CELO balance of COLD_ADDRESS" -COLD_ADDRESS_CELO_BALANCE=$(npx celocli account:balance $COLD_ADDRESS | grep "CELO" | grep -v 'lockedCELO' | cut -d " " -f 2) -echo "COLD_ADDRESS CELO Balance: $COLD_ADDRESS_CELO_BALANCE" -COLD_ADDRESS_CELO_BALANCE_SIMPLE_NOTATION=$(echo $COLD_ADDRESS_CELO_BALANCE | sed -E 's/([+-]?[0-9.]+)[eE]\+?(-?)([0-9]+)/(\1*10^\2\3)/g') -echo "COLD_ADDRESS CELO Balance (simple): $COLD_ADDRESS_CELO_BALANCE_SIMPLE_NOTATION" -if (( $(echo "$COLD_ADDRESS_CELO_BALANCE_SIMPLE_NOTATION > $CELO_RESERVE" |bc -l) )); - then - echo "COLD_ADDRESS has > $CELO_RESERVE CELO, let's lock it and vote it" - CELO_TO_LOCK=$(echo "$COLD_ADDRESS_CELO_BALANCE_SIMPLE_NOTATION - $CELO_RESERVE" | bc) - echo "Locking $CELO_TO_LOCK on COLD_ADDRESS at $COLD_ADDRESS" - npx celocli lockedgold:lock --from $COLD_ADDRESS --value $CELO_TO_LOCK $LEDGER_CMD - if [[ $? -eq 1 ]]; - then - echo "Locked gold operation failed, exiting" - exit 1 - else - # note this will fail on subsequent runs of lock+vote due to celocli not exposing the locked non-voting balance. - # use explorer to calculate and vote this manually for now [FIXME] - echo "Checking locked CELO balance of COLD_ADDRESS" - COLD_ADDRESS_LOCKED_CELO_BALANCE=$(npx celocli account:balance $COLD_ADDRESS | grep "lockedCELO" | cut -d " " -f 2) - echo "COLD_ADDRESS Locked CELO Balance: $COLD_ADDRESS_LOCKED_CELO_BALANCE" - echo "Voting $COLD_ADDRESS_LOCKED_CELO_BALANCE for group $GROUP" - npx celocli election:vote --for $GROUP --from $COLD_ADDRESS --value $COLD_ADDRESS_LOCKED_CELO_BALANCE $LEDGER_CMD - echo "do not forget to activate these votes after the start of the next epoch" - echo "use the following command to activate your votes" - echo "npx celocli election:activate --from $COLD_ADDRESS $LEDGER_CMD" - fi -else - echo "COLD_ADDRESS has < $CELO_RESERVE CELO, exiting" - exit 0 -fi - - diff --git a/packages/terraform-modules-public/gcp/example/scripts/generate_attestation_pop.sh b/packages/terraform-modules-public/gcp/example/scripts/generate_attestation_pop.sh deleted file mode 100644 index 469e76171b9..00000000000 --- a/packages/terraform-modules-public/gcp/example/scripts/generate_attestation_pop.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -set -x - -###### -# use this script on an attestation signer tx-node to generate a proof of possession, needed for key rotation - -CELO_IMAGE=us.gcr.io/celo-org/celo-node:mainnet -CELO_ATTESTATION_SIGNER_ADDRESS=FIXME -CELO_VALIDATOR_RG_ADDRESS=FIXME - -# On the Attestation machine -docker run -v $PWD:/root/.celo --rm -it $CELO_IMAGE account proof-of-possession $CELO_ATTESTATION_SIGNER_ADDRESS $CELO_VALIDATOR_RG_ADDRESS diff --git a/packages/terraform-modules-public/gcp/example/scripts/generate_pop.sh b/packages/terraform-modules-public/gcp/example/scripts/generate_pop.sh deleted file mode 100644 index 6231a35589f..00000000000 --- a/packages/terraform-modules-public/gcp/example/scripts/generate_pop.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -set -x - -echo "Run this in /root/.celo on the validator" - -###### -# use this script on a validator to generate a proof of possession, needed for key rotation -CELO_IMAGE=us.gcr.io/celo-org/geth:mainnet -SIGNER_TO_AUTHORIZE=FIXME -VALIDATOR_ACCOUNT_ADDRESS=FIXME - -# With $SIGNER_TO_AUTHORIZE as the new validator signer: -# On the new validator node which contains the new $SIGNER_TO_AUTHORIZE key -docker run -v $PWD:/root/.celo --rm -it $CELO_IMAGE --nousb account proof-of-possession $SIGNER_TO_AUTHORIZE $VALIDATOR_ACCOUNT_ADDRESS -docker run -v $PWD:/root/.celo --rm -it $CELO_IMAGE --nousb account proof-of-possession $SIGNER_TO_AUTHORIZE $VALIDATOR_ACCOUNT_ADDRESS --bls diff --git a/packages/terraform-modules-public/gcp/example/scripts/metadata.sh b/packages/terraform-modules-public/gcp/example/scripts/metadata.sh deleted file mode 100644 index 8539de98a55..00000000000 --- a/packages/terraform-modules-public/gcp/example/scripts/metadata.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash -set -x - -DOMAIN="EXAMPLE.COM" - -#metadata process from scratch -#create validator metadata -celocli account:create-metadata ./validator_metadata.json --from $CELO_VALIDATOR_RG_ADDRESS - -# On your local machine -# requires that the $CELO_ATTESTATION_SIGNER_ADDRESS account be unlocked, and that $CELO_ATTESTATION_SERVICE_URL be defined -celocli account:claim-attestation-service-url ./validator_metadata.json --url $CELO_ATTESTATION_SERVICE_URL --from $CELO_ATTESTATION_SIGNER_ADDRESS - - -#now create group metadata -celocli account:create-metadata ./group_metadata.json --from $CELO_VALIDATOR_GROUP_RG_ADDRESS - -#set the group name -# On your local machine -celocli releasegold:set-account --contract $CELO_VALIDATOR_GROUP_RG_ADDRESS --property name --value $DOMAIN - - - -#Now we can generate a claim for the domain associated with this name -celocli account:claim-domain ./group_metadata.json --domain $DOMAIN --from $CELO_VALIDATOR_GROUP_SIGNER_ADDRESS --useLedger --ledgerCustomAddresses=[2] - -#put the TXT record this spits out into DNS - -#make sure it worked -celocli account:show-metadata ./group_metadata.json - -#First lets claim the validator address from the group account -# On your local machine -celocli account:claim-account ./group_metadata.json --address $CELO_VALIDATOR_RG_ADDRESS --from $CELO_VALIDATOR_GROUP_SIGNER_ADDRESS --useLedger --ledgerCustomAddresses=[2] - -#Now let's submit the corresponding claim from the validator account on the group account -#(note: if you followed the directions to set up the attestation service, you may have already -#registered metadata for your validator. If that is the case, skip the steps to create the validator's metadata -#and just add the account claim.) - -# Requires that validator vote signer account be unlocked -celocli account:claim-account ./validator_metadata.json --address $CELO_VALIDATOR_GROUP_RG_ADDRESS --from $CELO_VALIDATOR_VOTE_SIGNER_ADDRESS - -#push these to s3 -s3cmd put validator_metadata.json s3://$DOMAIN/metadata/ -s3cmd put group_metadata.json s3://$DOMAIN/metadata/ - - -# On your local machine -celocli releasegold:set-account --contract $CELO_VALIDATOR_GROUP_RG_ADDRESS --property metaURL --value 'https://www.$DOMAIN/metadata/group_metadata.json' --useLedger --ledgerCustomAddresses=[0] -celocli releasegold:set-account --contract $CELO_VALIDATOR_RG_ADDRESS --property metaURL --value 'https://www.$DOMAIN/metadata/validator_metadata.json' --useLedger --ledgerCustomAddresses=[1] - - -#verify everything worked -celocli account:get-metadata $CELO_VALIDATOR_GROUP_RG_ADDRESS -celocli account:get-metadata $CELO_VALIDATOR_RG_ADDRESS diff --git a/packages/terraform-modules-public/gcp/example/scripts/regen_gcp_creds.sh b/packages/terraform-modules-public/gcp/example/scripts/regen_gcp_creds.sh deleted file mode 100755 index f5e2784bf86..00000000000 --- a/packages/terraform-modules-public/gcp/example/scripts/regen_gcp_creds.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -set -x - -GCLOUD_ENV_FILE="gcloud.env" - -echo "Sourcing gcloud env vars from gcloud.env." -if [ -f gcloud.env ]; then - source gcloud.env -else -echo "Please set gcloud environment variables in $GCLOUD_ENV_FILE before running $0" -exit 1 -fi - -echo "Creating gcloud keys on filesystem for terraform" -gcloud iam service-accounts keys create ${TF_CREDS} \ - --iam-account terraform@${TF_VAR_project}.iam.gserviceaccount.com - -gcloud config set project $GOOGLE_PROJECT \ No newline at end of file diff --git a/packages/terraform-modules-public/gcp/example/scripts/validator transfer.txt b/packages/terraform-modules-public/gcp/example/scripts/validator transfer.txt deleted file mode 100644 index f68b230e630..00000000000 --- a/packages/terraform-modules-public/gcp/example/scripts/validator transfer.txt +++ /dev/null @@ -1,85 +0,0 @@ -validator transfer - -0) transfer gold from beneficiary to RG contract -test small -celocli transfer:gold - -USAGE - $ celocli transfer:gold --from $FROM_GROUP_ADDR --to $CELO_VALIDATOR_GROUP_RG_ADDRESS --value=1e18 --useLedger --ledgerCustomAddresses=[0] - -celocli transfer:gold --from $TO_GROUP_ADDR --to $CELO_VALIDATOR_GROUP_RG_ADDRESS --value=9999e18 --useLedger --ledgerCustomAddresses=[0] - - -export CELO_VALIDATOR_GROUP_RG_ADDRESS='FIXME' - -OPTIONS - --from=0xc1912fEE45d61C87Cc5EA59DaE31190FFFFf232d (required) Address of the sender - --ledgerAddresses=ledgerAddresses [default: 1] If --useLedger is set, this will get the first N addresses for local signing - --ledgerConfirmAddress Set it to ask confirmation for the address of the transaction from the ledger - --ledgerCustomAddresses=ledgerCustomAddresses [default: [0]] If --useLedger is set, this will get the array of index addresses for local signing. Example --ledgerCustomAddresses "[4,99]" - --to=0xc1912fEE45d61C87Cc5EA59DaE31190FFFFf232d (required) Address of the receiver - --useLedger Set it to use a ledger wallet - --value=value (required) Amount to transfer (in wei) - -EXAMPLE - gold --from 0xa0Af2E71cECc248f4a7fD606F203467B500Dd53B --to 0x5409ed021d9299bf6814279a6a1411a7e866a631 --value 10000000000000000000 - - - -1) lock gold -celocli releasegold:locked-gold --contract $CELO_VALIDATOR_GROUP_RG_ADDRESS --action lock --value 100000e17 --useLedger --ledgerCustomAddresses=[0] - -test lock 1 gold -celocli releasegold:locked-gold --contract $CELO_VALIDATOR_GROUP_RG_ADDRESS --action lock --value 1e18 --useLedger --ledgerCustomAddresses=[0] - -2) check that it's locked -# On your local machine -celocli lockedgold:show $CELO_VALIDATOR_GROUP_RG_ADDRESS - -3) show group info -# On your local machine -celocli validatorgroup:show $CELO_VALIDATOR_GROUP_RG_ADDRESS - -4) john does this -# On the Validator machine -celocli validator:affiliate $CELO_VALIDATOR_GROUP_RG_ADDRESS --from $CELO_VALIDATOR_SIGNER_ADDRESS - - - - -5) I accept the affiliation -# On your local machine -celocli validatorgroup:member --accept 0x1b4A54049a8652c4c3E62C8c6959F06280aCFC6c --from $CELO_VALIDATOR_GROUP_SIGNER_ADDRESS --useLedger --ledgerCustomAddresses=[2] -C6c is John's validator -- will need to claim this in metadata - -6) Verify affiliation worked -# On your local machine -celocli validator:show $CELO_VALIDATOR_RG_ADDRESS -celocli validatorgroup:show $CELO_VALIDATOR_GROUP_RG_ADDRESS - - -7) Vote -# On your local machine -#celocli election:vote --from $CELO_VALIDATOR_VOTE_SIGNER_ADDRESS --for $CELO_VALIDATOR_GROUP_RG_ADDRESS --value 10000e18 -celocli election:vote --from $CELO_VALIDATOR_GROUP_VOTE_SIGNER_ADDRESS --for $CELO_VALIDATOR_GROUP_RG_ADDRESS --value 10000000000000000000000 - - -8) Verify votes -# On your local machine -celocli election:show $CELO_VALIDATOR_GROUP_RG_ADDRESS --group -celocli election:show $CELO_VALIDATOR_GROUP_RG_ADDRESS --voter -celocli election:show $CELO_VALIDATOR_RG_ADDRESS --voter - -9) Activate votes -# On your local machine -# Note that this command will wait for the next epoch transition, which may be up to 24 hours in the future. -celocli election:activate --from $CELO_VALIDATOR_VOTE_SIGNER_ADDRESS --wait && celocli election:activate --from $CELO_VALIDATOR_GROUP_VOTE_SIGNER_ADDRESS --wait - -10) verify vote activation -# On your local machine -celocli election:show $CELO_VALIDATOR_GROUP_RG_ADDRESS --voter -celocli election:show $CELO_VALIDATOR_RG_ADDRESS --voter - - -11) metadata - diff --git a/packages/terraform-modules-public/gcp/example/terraform.tfvars.example b/packages/terraform-modules-public/gcp/example/terraform.tfvars.example deleted file mode 100644 index b009532fa7c..00000000000 --- a/packages/terraform-modules-public/gcp/example/terraform.tfvars.example +++ /dev/null @@ -1,82 +0,0 @@ -# Provide the next vars with a vars-file or modifying the default value -google = { - project = "celo-rc1" - region = "asia-southeast1" - zone = "asia-southeast1-c" -} - -validator_name = "Acme-RC1-Validator" - -proxy_name = "Acme-RC1-Proxy" - -validator_signer_accounts = { - account_addresses = [ - "0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", - ] - private_keys = [ - "cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", - ] - #define your own strong password here - account_passwords = [ - "Iez5lodohzaShap7ohH6ro5ohm9aecaezied4Esii3xeeBo1uxooP6aeluithu0u", - ] - release_gold_addresses = [ - "0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - ] -} - -proxy_accounts = { - - account_addresses = [ - "0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", - ] - private_keys = [ - "10xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", - ] - - #note that complete enode is not revealed from celocli account:new. FIXME - enodes = [ - "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - ] - #define your own strong password here - account_passwords = [ - "oi0ahsas8ahghaaxeenoh0fo7ar2EoFa2aloj2chaveelu6Veegh4ahNgeikaegh", - ] -} - -attestation_signer_accounts = { - account_addresses = [ - "0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxf7", - ] - private_keys = [ - "46xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx58", - ] - #define your own strong password here - account_passwords = [ - "el5Lai2ohvex4ohv1ree9Noo2iethoolae6be0aijeishaemiexohtae3meika2u" - ] -} - -attestation_service_db = { - username = "celo" - #define your own strong password here - password = "Yeu4Chaotoh0eiG4xij2oob5phaekaeGeexel5thoo0xahsha2meihahLohk9wai" -} - -attestation_service_credentials = { - sms_providers = "twilio" - nexmo_key = "" - nexmo_secret = "" - nexmo_blacklist = "CU,SY,KP,IR,SD" - nexmo_unsupported_regions = "CU,SY,KP,IR,SD" - twilio_account_sid = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - twilio_messaging_service_sid = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - twilio_verify_service_sid = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - twilio_auth_token = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - twilio_blacklist = "CU,SY,KP,IR,SD" - twilio_unsupported_regions = "CU,SY,KP,IR,SD" - messagebird_api_key = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - messagebird_unsupported_regions = "CU,SY,KP,IR,SD" -} - -public_www_fqdn = "www.mysite.org" \ No newline at end of file diff --git a/packages/terraform-modules-public/gcp/example/variables.tf b/packages/terraform-modules-public/gcp/example/variables.tf deleted file mode 100644 index cd51c5fd375..00000000000 --- a/packages/terraform-modules-public/gcp/example/variables.tf +++ /dev/null @@ -1,349 +0,0 @@ -# Provide the next vars with a vars-file or modifying the default value -variable google { - description = "The GCP Data" - type = map(string) - - default = { - #update these in terraform.tfvars - project = "MY_PROJECT_NAME" - region = "MY_REGION" - zone = "MY_ZONE" - } -} - -variable replicas { - description = "The replica number for each component" - type = map(number) - - default = { - validator = 1 # Each validator will create a dedicated proxy that is exposed to the Internet - txnode = 1 - backup_node = 1 - attestation_service = 1 # Attestation service requires >= 1 txnode - } -} - -variable instance_types { - description = "The instance type for each component" - type = map(string) - - default = { - validator = "n1-standard-2" #use n1-standard-2 or better for production - proxy = "n1-standard-2" #use n1-standard-2 or better for production - txnode = "n1-standard-1" - backup_node = "n1-standard-1" - attestation_service = "n1-standard-1" - } -} - -variable network_name { - description = "The name of the new VPC network created" - type = string - - default = "celo-network" -} - -variable celo_env { - description = "The celo network to connect with" - type = string - - default = "mainnet" -} - -variable network_id { - description = "The ethereum network ID" - type = number - default = 42220 -} - -variable ethstats_host { - description = "Ethstats host to report data" - type = string - default = "stats-server.celo.org" -} - -variable geth_node_docker_image { - description = "The Celo Blockchain docker image" - type = map(string) - - default = { - repository = "us.gcr.io/celo-org/geth" - tag = "1.3.2" - } -} - -variable validator_signer_accounts { - description = "The account data for the validator nodes" - type = map - - default = { - account_addresses = [ - "secret in terraform.tfvars", - ] - private_keys = [ - "secret in terraform.tfvars", - ] - account_passwords = [ - "secret in terraform.tfvars", - ] - release_gold_addresses = [ - "secret in terraform.tfvars", - ] - } -} - -variable proxy_accounts { - description = "The account data for the proxy nodes" - type = map - - default = { - - account_addresses = [ - "set in terraform.tfvars", - ] - private_keys = [ - "secret in terraform.tfvars", - ] - enodes = [ - "set in terraform.tfvars", - ] - account_passwords = [ - "set in terraform.tfvars", - ] - } -} - -variable attestation_signer_accounts { - description = "Etherbase address and private key to sign the attestations" - type = map - - default = { - account_addresses = [ - "set in terraform.tfvars", - ] - private_keys = [ - "secret in terraform.tfvars", - ] - account_passwords = [ - "secret in terraform.tfvars" - ] - } -} - -variable validator_name { - type = string - description = "The validator Name for ethstats" - default = "YourValidator" -} - -variable proxy_name { - type = string - description = "The proxy Name for ethstats" - default = "Your-Proxy" -} - -variable reset_geth_data { - type = bool - description = "Specifies if the existing chain data should be removed while creating the instance" - default = true #will restore chaindata from GCS if available -} - -variable geth_verbosity { - description = "Geth log level" - type = number - default = 3 -} - -# Attestation variables -variable attestation_service_db { - description = "Configuration for the Postgres Cloud SQL DB" - type = map(string) - - default = { - username = "celo" - password = "secret in terraform.tfvars" - } -} - -variable attestation_service_docker_image { - description = "The attestation_service docker image" - type = map(string) - - default = { - repository = "us.gcr.io/celo-testnet/celo-monorepo" - tag = "attestation-service-v1.2.0" - } -} - -# SMS provider configuration -variable attestation_service_credentials { - description = "Provider with the credentials for the SMS provider. Provider must be nexmo or twilio" - type = map(string) - - default = { - sms_providers = "twilio" - #sms_providers = "twilio,messagebird" - nexmo_key = "" - nexmo_secret = "" - nexmo_blacklist = "CU,SY,KP,IR,SD" - nexmo_unsupported_regions = "CU,SY,KP,IR,SD" - twilio_account_sid = "secret in terraform.tfvars" - twilio_messaging_service_sid = "secret in terraform.tfvars" - twilio_verify_service_sid = "secret in terraform.tfvars" - twilio_auth_token = "secret in terraform.tfvars" - twilio_blacklist = "CU,SY,KP,IR,SD,BY,TD,CZ,EG,ID,IL,CI,JP,JO,KZ,KE,KW,LB,MW,MX,MA,NP,NG,OM,PK,PS,PH,QA,RU,SA,LK,TZ,TH,TN,TR,AE,UA,VN,ZM,ZW" - twilio_unsupported_regions = "CU,SY,KP,IR,SD,BY,TD,CZ,EG,ID,IL,CI,JP,JO,KZ,KE,KW,LB,MW,MX,MA,NP,NG,OM,PK,PS,PH,QA,RU,SA,LK,TZ,TH,TN,TR,AE,UA,VN,ZM,ZW" - messagebird_api_key = "secret in terraform.tfvars" - messagebird_unsupported_regions = "CU,SY,KP,IR,SD" - } -} - -################## -# The next variables have a default value are not intended to be changed if you do not have a reason for it -variable in_memory_discovery_table { - description = "Geth parameter" - type = bool - default = false -} - -variable block_time { - description = "The ethereum network block time" - type = number - default = 5 -} - -variable istanbul_request_timeout_ms { - description = "The ethereum request timeout" - type = number - default = 10000 -} - -variable geth_exporter_docker_image { - description = "The geth exporter docker image" - type = map(string) - - default = { - repository = "us.gcr.io/celo-testnet/geth-exporter" - tag = "ed7d21bd50592709173368cd697ef73c1774a261" - } -} - -#not yet implemented. intent is to only install the stackdriver agents and inject the log exclusions if 'true' -variable "enable_stackdriver" { - description = "If set to true, enable Stackdriver for monitoring and logging" - type = bool - - default = true -} - -variable "stackdriver_logging_exclusions" { - description = "List of objects that define logs to exclude on stackdriver" - type = map(object({ - description = string - filter = string - })) - - default = { - tf_gcm_infinite = { - description = "Ignore stackdriver agent errors re: infinite values" - filter = "resource.type = gce_instance AND \"write_gcm: can not take infinite value\"" - } - - tf_gcm_swap = { - description = "Ignore stackdriver agent errors re: swap percent/value" - filter = "resource.type = gce_instance AND \"write_gcm: wg_typed_value_create_from_value_t_inline failed for swap/percent/value! Continuing\"" - } - - tf_gcm_invalid_time = { - description = "Ignore stackdriver agent errors related to timing" - filter = "resource.type = gce_instance AND \"write_gcm: Unsuccessful HTTP request 400\" AND \"The start time must be before the end time\"" - } - - tf_gcm_transmit_unique_segments = { - description = "Ignore stackdriver agent errors re: transmit_unique_segments" - filter = "resource.type = gce_instance AND \"write_gcm: wg_transmit_unique_segment\"" - } - - tf_ver_certs = { - description = "Ignore Eth peer flapping warnings caused by peers disconnecting naturally when exceeding max_peers" - filter = "resource.type = gce_instance AND \"Error sending all version certificates\"" - } - - tf_peer_conns = { - description = "Ignore Eth peer connections. Constant flux" - filter = "resource.type = gce_instance AND \"Ethereum peer connected\"" - } - } -} - -variable "stackdriver_logging_metrics" { - description = "List of objects that define COUNT (DELTA) logging metric filters to apply to Stackdriver to graph and alert on useful signals" - type = map(object({ - description = string - filter = string - })) - - default = { - - tf_eth_handshake_failed = { - description = "Ethereum peer handshake failed" - filter = "resource.type=gce_instance AND \"Ethereum handshake failed\"" - } - - tf_eth_genesis_mismatch = { - description = "Client with different genesis block attempted connection" - filter = "resource.type=gce_instance AND \"Genesis mismatch\"" - } - - tf_eth_block_ingested = { - description = "Ethereum block(s) ingested" - filter = "resource.type=gce_instance AND \"blocks\" AND \"Imported new chain segment\"" - } - - # note that this log isn't firing anymore on successfully proposing a block (on 1.1.0) FIXME - tf_eth_block_mined = { - description = "Block mined" - filter = "resource.type=gce_instance AND \"Successfully sealed new block\"" - } - - tf_eth_block_signed = { - description = "Block signed" - filter = "resource.type=gce_instance AND \"Commit new mining work\"" - } - - tf_eth_commit_old_block = { - description = "Committed seal on old block" - filter = "resource.type=gce_instance AND \"Would have sent a commit message for an old block\"" - } - - tf_validator_not_elected = { - description = "Validator failed to be elected" - filter = "resource.type=gce_instance \"Validator Election Results\" AND \"\\\"elected\\\":\\\"false\\\"\" AND NOT \"tx-node\"" - } - - } -} - - -variable "service_account_scopes" { - description = "Scopes to apply to the service account which all nodes in the cluster will inherit" - type = list(string) - - #scope reference: https://cloud.google.com/sdk/gcloud/reference/alpha/compute/instances/set-scopes#--scopes - #verify scopes: curl --silent --connect-timeout 1 -f -H "Metadata-Flavor: Google" http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/scopes - default = [ - "https://www.googleapis.com/auth/monitoring.write", - "https://www.googleapis.com/auth/logging.write", - "https://www.googleapis.com/auth/cloud-platform" #this gives r/w to all storage buckets, which is overly broad - ] -} - -variable "GCP_DEFAULT_SERVICE_ACCOUNT" { - description = "gcp default service account for project, $projectid-compute@developer.gserviceaccount.com" - type = string -} - -variable "public_www_fqdn" { - description = "fully qualified domain name for public website" - type = string -} \ No newline at end of file diff --git a/packages/terraform-modules-public/images/Makefile b/packages/terraform-modules-public/images/Makefile deleted file mode 100644 index 075435a5df3..00000000000 --- a/packages/terraform-modules-public/images/Makefile +++ /dev/null @@ -1,31 +0,0 @@ -alfajores-full: - packer build \ - -var 'sync_mode=full' \ - -var 'additional_params="--alfajores"' \ - -var 'network_name=alfajores' \ - -force node.json - -alfajores-lightest: - packer build \ - -var 'sync_mode=lightest' \ - -var 'additional_params="--alfajores"' \ - -var 'network_name=alfajores' \ - -force node.json - -mainnet-full: - packer build \ - -var 'sync_mode=full' \ - -var 'network_name=mainnet' \ - -force node.json - -mainnet-lightest: - packer build \ - -var 'sync_mode=lightest' \ - -var 'network_name=mainnet' \ - -force node.json - -alfajores: alfajores-lightest alfajores-full - -mainnet: mainnet-lightest mainnet-full - -.PHONY: alfajores alfajores-full alfajores-lightest mainnet mainnet-full mainnet-lightest \ No newline at end of file diff --git a/packages/terraform-modules-public/images/node.json b/packages/terraform-modules-public/images/node.json deleted file mode 100644 index 3350d82e6cf..00000000000 --- a/packages/terraform-modules-public/images/node.json +++ /dev/null @@ -1,104 +0,0 @@ -{ - "variables": { - "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}", - "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}", - "azure_client_id": "{{env `AZURE_CLIENT_ID`}}", - "azure_client_secret": "{{env `AZURE_CLIENT_SECRET`}}", - "azure_tenant_id": "{{env `AZURE_TENANT_ID`}}", - "azure_subscription_id": "{{env `AZURE_SUBSCRIPTION_ID`}}", - "gcp_project_id": "{{env `GCP_PROJECT_ID`}}", - "region": "us-east-1", - "sync_mode": "full", - "network_name": "mainnet", - "additional_params": "" - }, - "builders": [ - { - "name": "aws", - "type": "amazon-ebs", - "access_key": "{{user `aws_access_key`}}", - "secret_key": "{{user `aws_secret_key`}}", - "ami_name": "celo-{{user `network_name`}}-{{user `sync_mode`}}-node-latest", - "instance_type": "t2.medium", - "region": "{{user `region`}}", - "source_ami_filter": { - "filters": { - "virtualization-type": "hvm", - "name": "ubuntu/images/*ubuntu-bionic-18.04-amd64-server-*", - "root-device-type": "ebs" - }, - "owners": ["099720109477"], - "most_recent": true - }, - "ssh_username": "ubuntu" - }, - { - "name": "azure", - "type": "azure-arm", - "client_id": "{{user `azure_client_id`}}", - "client_secret": "{{user `azure_client_secret`}}", - "tenant_id": "{{user `azure_tenant_id`}}", - "subscription_id": "{{user `azure_subscription_id`}}", - "image_publisher": "Canonical", - "image_offer": "UbuntuServer", - "image_sku": "18.04-LTS", - "managed_image_name": "celo-{{user `network_name`}}-{{user `sync_mode`}}-node-latest", - "managed_image_resource_group_name": "CeloNodeImages", - "location": "West Us 2", - "temp_resource_group_name": "CeloNodeImageBuilder", - "os_type": "Linux", - "ssh_username": "ubuntu" - }, - { - "name": "gcp", - "type": "googlecompute", - "project_id": "{{user `gcp_project_id`}}", - "source_image": "ubuntu-1804-bionic-v20200317", - "image_name": "celo-{{user `network_name`}}-{{user `sync_mode`}}-node-latest", - "ssh_username": "ubuntu", - "zone": "us-central1-a" - } - ], - "provisioners": [ - { - "type": "shell", - "execute_command": "echo 'packer' | sudo -S sh -c '{{ .Vars }} {{ .Path }}'", - "script": "../aws/testnet/modules/startup-scripts/install-base.sh" - }, - { - "type": "shell", - "execute_command": "echo 'packer' | sudo -S sh -c '{{ .Vars }} {{ .Path }}'", - "script": "../aws/testnet/modules/startup-scripts/install-docker.sh" - }, - { - "type": "shell", - "inline": [ - "echo {{user `additional_params`}} >> additional_params", - "echo {{user `sync_mode`}} >> sync_mode" - ] - }, - { - "type": "shell", - "execute_command": "echo 'packer' | sudo -S sh -c '{{ .Vars }} {{ .Path }}'", - "script": "scripts/init.sh" - }, - { - "type": "file", - "source": "scripts/start.sh", - "destination": "/tmp/start.sh" - }, - { - "type": "shell", - "execute_command": "echo 'packer' | sudo -S sh -c '{{ .Vars }} {{ .Path }}'", - "inline": [ - "cp /tmp/start.sh /var/lib/cloud/scripts/per-instance/start.sh", - "chmod +x /var/lib/cloud/scripts/per-instance/start.sh" - ] - }, - { - "type": "shell", - "execute_command": "echo 'packer' | sudo -S sh -c '{{ .Vars }} {{ .Path }}'", - "inline": ["find / -name \"authorized_keys\" -exec rm -f {} \\;"] - } - ] -} diff --git a/packages/terraform-modules-public/images/readme.md b/packages/terraform-modules-public/images/readme.md deleted file mode 100644 index 1b3adc39f4e..00000000000 --- a/packages/terraform-modules-public/images/readme.md +++ /dev/null @@ -1,33 +0,0 @@ -# Celo Blockchain Images - -Hashicorp Packer is a tool for building machine images to ease deployment on various cloud platforms. - -As cLabs we provide prebuilt full and lightest Celo blockchain machine images for popular cloud platforms using this Packer script, however anyone is free to use this as inspiration for generating their own. - -## Setup - -To generate a machine image for a cloud provider you'll first need to [install Packer](https://learn.hashicorp.com/tutorials/packer/getting-started-install) and configure your credentials as specified. - -## Building Images - -A Makefile is provided for easy image generation, running `make alfajores` for example, will generate full and lightest nodes for each major cloud provider (AWS, GCP and Azure). - -For more fine grained control you can run Packer manually with `packer build node.json`. One handy flag to note is `-only`, ie. `packer build -only=gcp,aws node.json` will only build images for GCP and AWS. - -See the Makefile for precise examples of how you can generate machine images and pass through additional variables. - -## Making Images Public - -### AWS - -Navigate to the your AMIs tab in AWS (under the EC2 screen) and select the image before clicking `Actions` ->`Modify Image Permissions` -> `Public`. - -### GCP - -Making an image public to the world on GCP requires you to run the following command after you've correctly configured your `gcloud` access. - -```bash -gcloud compute images add-iam-policy-binding - --member='allAuthenticatedUsers' \ - --role='roles/compute.imageUser' -``` diff --git a/packages/terraform-modules-public/images/scripts/init.sh b/packages/terraform-modules-public/images/scripts/init.sh deleted file mode 100644 index 83d56aa75f5..00000000000 --- a/packages/terraform-modules-public/images/scripts/init.sh +++ /dev/null @@ -1,3 +0,0 @@ -NODE_DIRECTORY=/home/ubuntu/celo-data-directory -mkdir -p $NODE_DIRECTORY -cd $NODE_DIRECTORY diff --git a/packages/terraform-modules-public/images/scripts/start.sh b/packages/terraform-modules-public/images/scripts/start.sh deleted file mode 100644 index 7deeea4a3f8..00000000000 --- a/packages/terraform-modules-public/images/scripts/start.sh +++ /dev/null @@ -1,8 +0,0 @@ -#! /bin/bash - - -SYNC_MODE=$(cat /home/ubuntu/sync_mode) -ADDITIONAL_PARAMS=$(cat /home/ubuntu/additional_params) - -cd /home/ubuntu/celo-data-directory -sudo docker run --name celo-$SYNC_MODE-node -d --restart unless-stopped -p 127.0.0.1:8545:8545 -p 127.0.0.1:8546:8546 -p 30303:30303 -p 30303:30303/udp -v $PWD:/root/.celo us.gcr.io/celo-org/geth:mainnet --verbosity 3 --syncmode $SYNC_MODE --rpc --rpcaddr 0.0.0.0 --rpcapi eth,net,web3,debug,admin,personal --light.serve 1 --light.maxpeers 1 --maxpeers 10 --nousb --datadir /root/.celo $ADDITIONAL_PARAMS diff --git a/packages/terraform-modules/.gitignore b/packages/terraform-modules/.gitignore deleted file mode 100644 index 42b565799f5..00000000000 --- a/packages/terraform-modules/.gitignore +++ /dev/null @@ -1 +0,0 @@ -plan/ diff --git a/packages/terraform-modules/README.md b/packages/terraform-modules/README.md deleted file mode 100644 index 91b921d1f57..00000000000 --- a/packages/terraform-modules/README.md +++ /dev/null @@ -1,20 +0,0 @@ -# Terraform Testnets - -## Overview - -Terraform is a tool that allows developers to treat "infrastructure as code." -Infrastructure is defined in modules, and Terraform creates/changes/destroys -when changes are applied. - -## Local Setup - -It's best to use this package with `celotool`, but if you need to -run `terraform` commands locally: - -1. Download Terraform https://www.terraform.io/downloads.html -1. Ensure you have a service account key file at the path shown in the - module's `provider "google"` section. -1. `terraform init` to download anything specific to the module (i.e. GCP specific - binaries) -1. `terraform apply` to initially deploy or upgrade -1. `terraform destroy` to destroy diff --git a/packages/terraform-modules/forno/main.tf b/packages/terraform-modules/forno/main.tf deleted file mode 100644 index 641b7ed2206..00000000000 --- a/packages/terraform-modules/forno/main.tf +++ /dev/null @@ -1,176 +0,0 @@ -# For managing terraform state remotely -terraform { - backend "gcs" { - bucket = "celo_tf_state" - } - required_providers { - google = { - source = "hashicorp/google" - version = "3.69.0" - } - google-beta = { - source = "hashicorp/google-beta" - version = "3.69.0" - } - random = { - source = "hashicorp/random" - version = "3.1.0" - } - } -} - -provider "google" { - credentials = file(var.gcloud_credentials_path) - project = var.gcloud_project - region = "us-west1" - zone = "us-west1-a" -} - -provider "google-beta" { - credentials = file(var.gcloud_credentials_path) - project = var.gcloud_project - region = "us-west1" - zone = "us-west1-a" -} - -data "terraform_remote_state" "state" { - backend = "gcs" - config = { - bucket = "celo_tf_state" - prefix = "${var.celo_env}/forno" - } -} - -module "http_backends" { - source = "./modules/backends" - # variables - backend_max_requests_per_second = var.backend_max_requests_per_second - celo_env = var.celo_env - context_info = var.context_info_http - health_check_destination_port = 6000 - type = "http" - timeout_sec = 60 # 1 minute - security_policy_id = google_compute_security_policy.forno.self_link -} - -module "ws_backends" { - source = "./modules/backends" - # variables - backend_max_requests_per_second = var.backend_max_requests_per_second - celo_env = var.celo_env - context_info = var.context_info_ws - health_check_destination_port = 6001 - type = "ws" - timeout_sec = 1200 # 20 minutes - security_policy_id = google_compute_security_policy.forno.self_link -} - -module "kong" { - source = "./modules/backends" - # variables - backend_max_requests_per_second = var.backend_max_requests_per_second_kong - celo_env = var.celo_env - context_info = var.context_info_kong - health_check_destination_port = 8000 - health_check_request_path = "/kong/status" - type = "kong" - timeout_sec = 60 # 1 minute - security_policy_id = google_compute_security_policy.forno.self_link -} - -resource "google_compute_global_address" "global_address" { - name = "${var.celo_env}-forno-global-address" - - address_type = "EXTERNAL" - ip_version = "IPV4" -} - -resource "google_compute_managed_ssl_certificate" "ssl_cert" { - provider = google-beta - - name = "${var.celo_env}-forno-ssl-cert-${random_id.ssl_random_suffix.hex}" - - managed { - domains = var.ssl_cert_domains - } - - lifecycle { - create_before_destroy = true - } -} - -resource "random_id" "ssl_random_suffix" { - byte_length = 4 - - keepers = { - domains = join(",", var.ssl_cert_domains) - } -} - -resource "google_compute_url_map" "url_map" { - name = "${var.celo_env}-forno-url-map" - default_service = module.kong.backend_service_id - - host_rule { - hosts = ["*"] - path_matcher = "${var.celo_env}-forno-path-matcher" - } - - path_matcher { - name = "${var.celo_env}-forno-path-matcher" - default_service = module.kong.backend_service_id - - path_rule { - paths = ["/ws"] - service = module.ws_backends.backend_service_id - route_action { - url_rewrite { - path_prefix_rewrite = "/" - } - } - } - - path_rule { - paths = ["/kong", "/kong/*"] - service = module.kong.backend_service_id - } - - path_rule { - paths = ["/kong", "/kong/*"] - service = module.kong.backend_service_id - } - } -} - -# This will route ingress traffic to the geographically closest backend -# whose utilization is not full. -# See https://cloud.google.com/load-balancing/docs/https#network-service-tiers_1 -resource "google_compute_target_https_proxy" "target_https_proxy" { - name = "${var.celo_env}-forno-target-https-proxy" - url_map = google_compute_url_map.url_map.id - ssl_certificates = [ - google_compute_managed_ssl_certificate.ssl_cert.id, - ] -} - -resource "google_compute_global_forwarding_rule" "forwarding_rule" { - name = "${var.celo_env}-forno-forwarding-rule" - - target = google_compute_target_https_proxy.target_https_proxy.id - ip_address = google_compute_global_address.global_address.address - port_range = "443" -} - -# This allows GCP health check traffic AND traffic that is being sent from LBs -# to network endpoints -resource "google_compute_firewall" "allow-health-check" { - name = "${var.celo_env}-forno-health-check-firewall" - direction = "INGRESS" - source_ranges = ["130.211.0.0/22", "35.191.0.0/16"] - network = var.vpc_network_name - - allow { - protocol = "tcp" - ports = ["6000", "6001", "8000", "8545", "8546"] - } -} diff --git a/packages/terraform-modules/forno/modules/backends/main.tf b/packages/terraform-modules/forno/modules/backends/main.tf deleted file mode 100644 index 6b99e5bd963..00000000000 --- a/packages/terraform-modules/forno/modules/backends/main.tf +++ /dev/null @@ -1,46 +0,0 @@ -resource "google_compute_health_check" "http_health_check" { - name = "${var.celo_env}-forno-http-health-check-${var.type}" - - http_health_check { - port = var.health_check_destination_port - # For NetworkEndpointGroup, the port specified for each network endpoint is used for health checking - port_specification = "USE_FIXED_PORT" - request_path = var.health_check_request_path - } -} - -# This is a reference to the ClusterIP service inside this region's k8s cluster. -# We get the NEG for each context. -data "google_compute_network_endpoint_group" "service_network_endpoint_group" { - name = each.value.service_network_endpoint_group_name - zone = each.value.zone - - for_each = var.context_info -} - -# A backend that can route traffic to all of the context NEGs. -resource "google_compute_backend_service" "backend_service" { - provider = google-beta - name = "${var.celo_env}-forno-backend-service-${var.type}" - - health_checks = [google_compute_health_check.http_health_check.self_link] - timeout_sec = var.timeout_sec - - custom_response_headers = [ - "Access-Control-Allow-Origin:*", - "Access-Control-Allow-Methods:GET, POST, OPTIONS", - "Access-Control-Allow-Headers:DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range", - "Access-Control-Expose-Headers:Content-Length,Content-Range" - ] - - security_policy = var.security_policy_id - - dynamic "backend" { - for_each = var.context_info - content { - balancing_mode = "RATE" - max_rate_per_endpoint = var.backend_max_requests_per_second - group = data.google_compute_network_endpoint_group.service_network_endpoint_group[backend.key].self_link - } - } -} diff --git a/packages/terraform-modules/forno/modules/backends/outputs.tf b/packages/terraform-modules/forno/modules/backends/outputs.tf deleted file mode 100644 index c26ef7ffbb4..00000000000 --- a/packages/terraform-modules/forno/modules/backends/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "backend_service_id" { - value = google_compute_backend_service.backend_service.id -} diff --git a/packages/terraform-modules/forno/modules/backends/variables.tf b/packages/terraform-modules/forno/modules/backends/variables.tf deleted file mode 100644 index 3435434abf4..00000000000 --- a/packages/terraform-modules/forno/modules/backends/variables.tf +++ /dev/null @@ -1,46 +0,0 @@ -variable "backend_max_requests_per_second" { - type = number - description = "The max number of requests per second that a backend can receive. In this case, a backend refers to all the nodes in a cluster." -} - -variable "celo_env" { - type = string - description = "Name of the Celo environment" -} - -variable "context_info" { - type = map( - object({ - zone = string - service_network_endpoint_group_name = string - }) - ) - description = "Provides basic information on each context. Keys are contexts and values are the corresponding info" -} - -variable "health_check_destination_port" { - type = number - description = "The destination port the health check will test" -} - -variable "health_check_request_path" { - type = string - description = "The requested path the health check will test" - default = "/" -} - -variable "timeout_sec" { - type = number - description = "The timeout for the backend service in seconds" - default = 30 -} - -variable "type" { - type = string - description = "Type of backends, only used for names" -} - -variable "security_policy_id" { - type = string - description = "Cloud Armon security policy ID applied to the backend" -} diff --git a/packages/terraform-modules/forno/outputs.tf b/packages/terraform-modules/forno/outputs.tf deleted file mode 100644 index 88a414bb6c6..00000000000 --- a/packages/terraform-modules/forno/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "forno_ip_address" { - value = google_compute_global_address.global_address.address -} diff --git a/packages/terraform-modules/forno/security_policy.tf b/packages/terraform-modules/forno/security_policy.tf deleted file mode 100644 index 85fd61cc824..00000000000 --- a/packages/terraform-modules/forno/security_policy.tf +++ /dev/null @@ -1,27 +0,0 @@ -resource "google_compute_security_policy" "forno" { - name = "${var.celo_env}-forno-security-policy" - - rule { - action = "deny(403)" - priority = "1000" - match { - versioned_expr = "SRC_IPS_V1" - config { - src_ip_ranges = var.banned_cidr - } - } - description = "Deny access to forno due to unfair usage" - } - - rule { - action = "allow" - priority = "2147483647" - match { - versioned_expr = "SRC_IPS_V1" - config { - src_ip_ranges = ["*"] - } - } - description = "default rule" - } -} diff --git a/packages/terraform-modules/forno/variables.tf b/packages/terraform-modules/forno/variables.tf deleted file mode 100644 index ebd7760f413..00000000000 --- a/packages/terraform-modules/forno/variables.tf +++ /dev/null @@ -1,69 +0,0 @@ -variable "backend_max_requests_per_second" { - type = number - description = "The max number of requests per second that a backend can receive. In this case, a backend refers to each endpoint (pod)" -} - -variable "backend_max_requests_per_second_kong" { - type = number - description = "The max number of requests per second that a backend can receive. In this case, a backend refers to each endpoint (pod)" -} - -variable "celo_env" { - type = string - description = "Name of the Celo environment" -} - -variable "context_info_http" { - type = map( - object({ - zone = string - service_network_endpoint_group_name = string - }) - ) - description = "Provides basic information on each context for HTTP. Keys are contexts and values are the corresponding info" -} - -variable "context_info_ws" { - type = map( - object({ - zone = string - service_network_endpoint_group_name = string - }) - ) - description = "Provides basic information on each context for WS. Keys are contexts and values are the corresponding info" -} - -variable "context_info_kong" { - type = map( - object({ - zone = string - service_network_endpoint_group_name = string - }) - ) - description = "Provides basic information on each context for Kong. Keys are contexts and values are the corresponding info" -} - -variable "gcloud_credentials_path" { - type = string - description = "Path to the file containing the Google Cloud credentials to use" -} - -variable "gcloud_project" { - type = string - description = "Name of the Google Cloud project to use" -} - -variable "ssl_cert_domains" { - type = list(string) - description = "Domains to use for the SSL certificate. Each must end with a period." -} - -variable "banned_cidr" { - type = list(string) - description = "Banned CIDR to make request to forno." -} - -variable "vpc_network_name" { - type = string - description = "The name of the VPC network" -} diff --git a/packages/terraform-modules/forno/versions.tf b/packages/terraform-modules/forno/versions.tf deleted file mode 100644 index 6b6318def82..00000000000 --- a/packages/terraform-modules/forno/versions.tf +++ /dev/null @@ -1,3 +0,0 @@ -terraform { - required_version = ">= 0.13" -} diff --git a/packages/terraform-modules/testnet-network/README.md b/packages/terraform-modules/testnet-network/README.md deleted file mode 100644 index 80a457d255e..00000000000 --- a/packages/terraform-modules/testnet-network/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# testnet-network - -This Terraform module exists as a measure of safely creating and destroying -VPC networks. Because `testnet` may sometimes be on the `default` VPC network -that is used by other resources, we need to make sure that `terraform destroy`ing -the testnet module will not result in the default VPC network being destroyed. -Rather than declaring the network as a `resource` in `testnet`, we instead declare -it as a `data` source. This prevents the network from being deleted upon `terraform destroy`, -but also prevents the network from being created. Terraform lacks basic -conditionals to directly implement this logic in the `testnet` module. - -This module is only intended to be used by `celotool`, which only creates/destroys -a network if it is not the `default` VPC. diff --git a/packages/terraform-modules/testnet-network/main.tf b/packages/terraform-modules/testnet-network/main.tf deleted file mode 100644 index fa7a8daaa68..00000000000 --- a/packages/terraform-modules/testnet-network/main.tf +++ /dev/null @@ -1,25 +0,0 @@ -provider "google" { - credentials = file(var.gcloud_credentials_path) - project = var.gcloud_project - region = "us-west1" - zone = "us-west1-a" -} - -# For managing terraform state remotely -terraform { - backend "gcs" { - bucket = "celo_tf_state" - } -} - -data "terraform_remote_state" "state" { - backend = "gcs" - config = { - bucket = "celo_tf_state" - prefix = "${var.celo_env}/testnet-network" - } -} - -resource "google_compute_network" "testnet-network" { - name = var.network_name -} diff --git a/packages/terraform-modules/testnet-network/variables.tf b/packages/terraform-modules/testnet-network/variables.tf deleted file mode 100644 index 17dc776ca3a..00000000000 --- a/packages/terraform-modules/testnet-network/variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -variable celo_env { - type = string - description = "Name of the testnet Celo environment" -} - -variable gcloud_credentials_path { - type = string - description = "Path to the file containing the Google Cloud credentials to use" -} - -variable gcloud_project { - type = string - description = "Name of the Google Cloud project to use" -} - -variable network_name { - type = string - description = "The name of the network to use" -} diff --git a/packages/terraform-modules/testnet/README.md b/packages/terraform-modules/testnet/README.md deleted file mode 100644 index f7df4fd7114..00000000000 --- a/packages/terraform-modules/testnet/README.md +++ /dev/null @@ -1,41 +0,0 @@ -# Testnet - -This creates a VM-based testnet with a bootnode and multiple validators. - -## Overview - -Each type of node (validator/bootnode/tx-node) is in its own module. -A separate module `tx-node-load-balancer` defines an internal TCP load balancer -for ports 8545 and 8546. This is so Blockscout on the same VPC can reach the tx-nodes. -The GCP provider, network, firewall etc declarations are found in the `main.tf` file. - -The script that is run immediately upon the startup of a VM instance is found in -a module's `startup.sh` file. This is where `geth` or `bootnode` is started, -and any setup work is performed. The variables required by these are typically -pulled from a `.env` file by `celotool` and passed to `terraform`. - -Sometimes, if recreating an address right after deleting one, GCP will say -that the resource already exists and `terraform apply` will fail. In this case, -just wait a little bit and try again. - -## Setup - -A few infrastructure assumptions are made by this module and `celotool`: - -1. Google Cloud Platform is used -1. The environment variable `GOOGLE_APPLICATION_CREDENTIALS` is set to the path - of a JSON key file with the credentials that will be used by Terraform. -1. The GCP project used is the value of `TESTNET_PROJECT_NAME` in the environment's `.env` file -1. A bucket called `celo_tf_state` has been manually created. This is where the Terraform - remote backends are. Nothing very sensitive is stored in here, but it should be private. -1. A bucket called `celo-testnet-secrets` has been manually created. This is used to store - sensitive secrets that are uploaded by celotool and downloaded at startup from inside - `startup.sh`. This is to ensure that secrets are not stored in the state files. - -## Google Cloud Permissions Needed - -A service account must be able to create/list/modify/delete networks, -firewalls, instances, objects, addresses, and disks. - -For cLabs employees, a Google Cloud role `Terraform Testnet Admin` has been -created. diff --git a/packages/terraform-modules/testnet/main.tf b/packages/terraform-modules/testnet/main.tf deleted file mode 100644 index 33c035ab94f..00000000000 --- a/packages/terraform-modules/testnet/main.tf +++ /dev/null @@ -1,242 +0,0 @@ -provider "google" { - credentials = file(var.gcloud_credentials_path) - project = var.gcloud_project - region = "us-west1" - zone = "us-west1-a" -} - -provider "acme" { - server_url = "https://acme-v02.api.letsencrypt.org/directory" -} - -# For managing terraform state remotely -terraform { - backend "gcs" { - bucket = "celo_tf_state" - } - required_providers { - google = "~> 2.16.0" - } -} - -data "terraform_remote_state" "state" { - backend = "gcs" - config = { - bucket = "celo_tf_state" - prefix = "${var.celo_env}/testnet" - } -} - -locals { - target_tag_bootnode = "${var.celo_env}-bootnode" - # any geth node (tx nodes & validators) - target_tag_node = "${var.celo_env}-node" - - target_tag_proxy = "${var.celo_env}-proxy" - target_tag_tx_node = "${var.celo_env}-tx-node" - target_tag_tx_node_private = "${var.celo_env}-tx-node-private" - target_tag_validator = "${var.celo_env}-validator" - - target_tag_ssl = "${var.celo_env}-external-ssl" - - target_tags_all = [ - local.target_tag_bootnode, - local.target_tag_node, - local.target_tag_proxy, - local.target_tag_ssl - ] -} - -data "google_compute_network" "network" { - name = var.network_name -} - -resource "google_compute_firewall" "ssh_firewall" { - name = "${var.celo_env}-ssh-firewall" - network = data.google_compute_network.network.name - - target_tags = local.target_tags_all - - allow { - protocol = "tcp" - ports = ["22"] - } -} - -resource "google_compute_firewall" "geth_firewall" { - name = "${var.celo_env}-geth-firewall" - network = data.google_compute_network.network.name - - target_tags = [local.target_tag_node] - - allow { - protocol = "tcp" - ports = ["30303"] - } - - allow { - protocol = "udp" - ports = ["30303"] - } -} - -resource "google_compute_firewall" "geth_metrics_firewall" { - name = "${var.celo_env}-geth-metrics-firewall" - network = data.google_compute_network.network.name - - target_tags = [local.target_tag_node] - - # allow all IPs internal to the VPC - source_ranges = ["10.0.0.0/8"] - - allow { - protocol = "tcp" - ports = ["6060", "9200"] - } -} - -resource "google_compute_firewall" "rpc_firewall_internal" { - name = "${var.celo_env}-rpc-firewall-internal" - network = data.google_compute_network.network.name - - target_tags = [local.target_tag_tx_node_private] - - # allow all IPs internal to the VPC - source_ranges = ["10.0.0.0/8"] - - allow { - protocol = "tcp" - ports = ["8545", "8546"] - } -} - -resource "google_compute_firewall" "rpc_firewall" { - name = "${var.celo_env}-rpc-firewall" - network = data.google_compute_network.network.name - - target_tags = [local.target_tag_tx_node] - - allow { - protocol = "tcp" - ports = ["8545", "8546"] - } -} - -resource "google_compute_firewall" "bootnode_firewall" { - name = "${var.celo_env}-bootnode-firewall" - network = data.google_compute_network.network.name - - target_tags = [local.target_tag_bootnode] - - allow { - protocol = "udp" - ports = ["30301"] - } -} - -module "bootnode" { - source = "./modules/bootnode" - # variables - celo_env = var.celo_env - gcloud_secrets_base_path = var.gcloud_secrets_base_path - gcloud_secrets_bucket = var.gcloud_secrets_bucket - gcloud_vm_service_account_email = var.gcloud_vm_service_account_email - geth_bootnode_docker_image_repository = var.geth_bootnode_docker_image_repository - geth_bootnode_docker_image_tag = var.geth_bootnode_docker_image_tag - network_id = var.network_id - network_name = data.google_compute_network.network.name -} - -module "tx_node" { - source = "./modules/full-node" - # variables - block_time = var.block_time - bootnode_ip_address = module.bootnode.ip_address - celo_env = var.celo_env - ethstats_host = var.ethstats_host - gcloud_secrets_base_path = var.gcloud_secrets_base_path - gcloud_secrets_bucket = var.gcloud_secrets_bucket - gcloud_vm_service_account_email = var.gcloud_vm_service_account_email - genesis_content_base64 = var.genesis_content_base64 - geth_metrics = var.geth_metrics - geth_node_docker_image_repository = var.geth_node_docker_image_repository - geth_node_docker_image_tag = var.geth_node_docker_image_tag - geth_verbosity = var.geth_verbosity - in_memory_discovery_table = var.in_memory_discovery_table - instance_tags = [local.target_tag_tx_node] - max_peers = 500 - name = "tx-node" - network_id = var.network_id - network_name = data.google_compute_network.network.name - gcmode = "full" - node_count = var.tx_node_count - node_disk_size_gb = var.node_disk_size_gb - rpc_apis = "eth,net,web3" -} - -module "tx_node_private" { - source = "./modules/full-node" - # variables - block_time = var.block_time - bootnode_ip_address = module.bootnode.ip_address - celo_env = var.celo_env - ethstats_host = var.ethstats_host - gcloud_secrets_base_path = var.gcloud_secrets_base_path - gcloud_secrets_bucket = var.gcloud_secrets_bucket - gcloud_vm_service_account_email = var.gcloud_vm_service_account_email - genesis_content_base64 = var.genesis_content_base64 - geth_metrics = var.geth_metrics - geth_node_docker_image_repository = var.geth_node_docker_image_repository - geth_node_docker_image_tag = var.geth_node_docker_image_tag - geth_verbosity = var.geth_verbosity - in_memory_discovery_table = var.in_memory_discovery_table - instance_tags = [local.target_tag_tx_node_private] - max_peers = 500 - name = "tx-node-private" - network_id = var.network_id - network_name = data.google_compute_network.network.name - gcmode = "archive" - node_count = var.private_tx_node_count - rpc_apis = "eth,net,web3,debug,txpool" - node_disk_size_gb = var.private_node_disk_size_gb -} - -# used for access by blockscout -module "tx_node_lb" { - source = "./modules/tx-node-load-balancer" - # variables - celo_env = var.celo_env - dns_gcloud_project = var.dns_gcloud_project - dns_zone_name = var.dns_zone_name - forno_host = var.forno_host - gcloud_project = var.gcloud_project - gcloud_vm_service_account_email = var.gcloud_vm_service_account_email - letsencrypt_email = var.letsencrypt_email - network_name = data.google_compute_network.network.name - private_tx_node_self_links = module.tx_node_private.self_links - tx_node_self_links = module.tx_node.self_links -} - -module "validator" { - source = "./modules/validator" - # variables - block_time = var.block_time - bootnode_ip_address = module.bootnode.ip_address - celo_env = var.celo_env - ethstats_host = var.ethstats_host - gcloud_secrets_base_path = var.gcloud_secrets_base_path - gcloud_secrets_bucket = var.gcloud_secrets_bucket - gcloud_vm_service_account_email = var.gcloud_vm_service_account_email - genesis_content_base64 = var.genesis_content_base64 - geth_metrics = var.geth_metrics - geth_node_docker_image_repository = var.geth_node_docker_image_repository - geth_node_docker_image_tag = var.geth_node_docker_image_tag - geth_verbosity = var.geth_verbosity - in_memory_discovery_table = var.in_memory_discovery_table - istanbul_request_timeout_ms = var.istanbul_request_timeout_ms - network_id = var.network_id - network_name = data.google_compute_network.network.name - node_disk_size_gb = var.node_disk_size_gb - proxies_per_validator = var.proxies_per_validator - validator_count = var.validator_count -} diff --git a/packages/terraform-modules/testnet/modules/bootnode/main.tf b/packages/terraform-modules/testnet/modules/bootnode/main.tf deleted file mode 100644 index 777615df7dd..00000000000 --- a/packages/terraform-modules/testnet/modules/bootnode/main.tf +++ /dev/null @@ -1,54 +0,0 @@ -locals { - name_prefix = "${var.celo_env}-bootnode" -} - -resource "google_compute_address" "bootnode" { - name = "${local.name_prefix}-address" - address_type = "EXTERNAL" -} - -resource "google_compute_instance" "bootnode" { - name = local.name_prefix - machine_type = "n1-standard-1" - - tags = [local.name_prefix] - - allow_stopping_for_update = true - - boot_disk { - initialize_params { - image = "debian-cloud/debian-9" - } - } - - scratch_disk { - - } - - network_interface { - network = var.network_name - access_config { - nat_ip = google_compute_address.bootnode.address - } - } - - metadata_startup_script = templatefile( - format("%s/startup.sh", path.module), { - gcloud_secrets_base_path : var.gcloud_secrets_base_path, - gcloud_secrets_bucket : var.gcloud_secrets_bucket, - geth_bootnode_docker_image_repository : var.geth_bootnode_docker_image_repository, - geth_bootnode_docker_image_tag : var.geth_bootnode_docker_image_tag, - ip_address : google_compute_address.bootnode.address, - network_id : var.network_id - } - ) - - service_account { - email = var.gcloud_vm_service_account_email - scopes = [ - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/logging.write", - "https://www.googleapis.com/auth/monitoring.write" - ] - } -} diff --git a/packages/terraform-modules/testnet/modules/bootnode/outputs.tf b/packages/terraform-modules/testnet/modules/bootnode/outputs.tf deleted file mode 100644 index edc627de1c3..00000000000 --- a/packages/terraform-modules/testnet/modules/bootnode/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output ip_address { - value = google_compute_address.bootnode.address -} diff --git a/packages/terraform-modules/testnet/modules/bootnode/startup.sh b/packages/terraform-modules/testnet/modules/bootnode/startup.sh deleted file mode 100644 index 2a3a08aa0c5..00000000000 --- a/packages/terraform-modules/testnet/modules/bootnode/startup.sh +++ /dev/null @@ -1,149 +0,0 @@ -#! /bin/bash - -# ---- Set Up Logging ---- - -curl -sSO https://dl.google.com/cloudagents/install-logging-agent.sh -bash install-logging-agent.sh - -echo " -@include config.d/*.conf -# Prometheus monitoring. - - @type prometheus - port 24231 - - - @type prometheus_monitor - - -# Do not collect fluentd's own logs to avoid infinite loops. - - @type null - - -# Add a unique insertId to each log entry that doesn't already have it. -# This helps guarantee the order and prevent log duplication. - -@type add_insert_ids - - -# Configure all sources to output to Google Cloud Logging - - @type google_cloud - buffer_type file - buffer_path /var/log/google-fluentd/buffers - # Set the chunk limit conservatively to avoid exceeding the recommended - # chunk size of 5MB per write request. - buffer_chunk_limit 512KB - # Flush logs every 5 seconds, even if the buffer is not full. - flush_interval 5s - # Enforce some limit on the number of retries. - disable_retry_limit false - # After 3 retries, a given chunk will be discarded. - retry_limit 3 - # Wait 10 seconds before the first retry. The wait interval will be doubled on - # each following retry (20s, 40s...) until it hits the retry limit. - retry_wait 10 - # Never wait longer than 5 minutes between retries. If the wait interval - # reaches this limit, the exponentiation stops. - # Given the default config, this limit should never be reached, but if - # retry_limit and retry_wait are customized, this limit might take effect. - max_retry_wait 300 - # Use multiple threads for processing. - num_threads 8 - # Use the gRPC transport. - use_grpc true - # If a request is a mix of valid log entries and invalid ones, ingest the - # valid ones and drop the invalid ones instead of dropping everything. - partial_success true - # Enable monitoring via Prometheus integration. - enable_monitoring true - monitoring_type opencensus - detect_json true -" > /etc/google-fluentd/google-fluentd.conf - -echo " - - @type rewrite_tag_filter - - key log - pattern ^{ - tag docker_logs_json - - - key log - pattern ^[^{] - tag docker_logs_plain - - - - - @type parser - key_name log - reserve_data false - - @type json - - - - - @type record_transformer - - message $${record["log"]} - - -" > /etc/google-fluentd/config.d/docker.conf -systemctl restart google-fluentd - -# ---- Set Up Monitoring Agent ---- - -curl -sSO https://dl.google.com/cloudagents/install-monitoring-agent.sh -bash install-monitoring-agent.sh - -# ---- Install Docker ---- - -echo "Installing Docker..." - -# TODO(trevor): investigate how to pull this into a separate file so -# other startup scripts can use it -apt update && apt upgrade -apt install -y apt-transport-https ca-certificates curl software-properties-common gnupg2 -curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - -add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" -apt update && apt upgrade -apt install -y docker-ce -systemctl start docker - -echo "Configuring Docker..." -gcloud auth configure-docker - -# use GCP logging for Docker containers -echo '{"log-driver":"gcplogs"}' > /etc/docker/daemon.json -systemctl restart docker - -# ---- Set Up and Run Geth ---- - -BOOTNODE_VERBOSITY=1 - -GETH_BOOTNODE_DOCKER_IMAGE=${geth_bootnode_docker_image_repository}:${geth_bootnode_docker_image_tag} - -# download & apply secrets pulled from Cloud Storage as environment vars -echo "Downloading secrets from Google Cloud Storage..." -SECRETS_ENV_PATH=/var/.env.celo.secrets -gsutil cp gs://${gcloud_secrets_bucket}/${gcloud_secrets_base_path}/.env.bootnode $SECRETS_ENV_PATH -# Apply the .env file -. $SECRETS_ENV_PATH - -echo "Pulling bootnode..." -docker pull $GETH_BOOTNODE_DOCKER_IMAGE - -echo "Starting bootnode..." -docker run -p 30301:30301/udp --name bootnode --net=host --restart=always -d $GETH_BOOTNODE_DOCKER_IMAGE /bin/sh -c "\ - set -euo pipefail && \ - mkdir /etc/bootnode && \ - echo $NODE_KEY > /etc/bootnode/node.key && \ - /usr/local/bin/bootnode \ - --nat=extip:${ip_address} \ - --networkid=${network_id} \ - --nodekey=/etc/bootnode/node.key \ - --verbosity=$BOOTNODE_VERBOSITY" diff --git a/packages/terraform-modules/testnet/modules/bootnode/variables.tf b/packages/terraform-modules/testnet/modules/bootnode/variables.tf deleted file mode 100644 index 6493eca4dc2..00000000000 --- a/packages/terraform-modules/testnet/modules/bootnode/variables.tf +++ /dev/null @@ -1,39 +0,0 @@ -variable celo_env { - type = string - description = "Name of the testnet Celo environment" -} - -variable gcloud_secrets_base_path { - type = string - description = "Base path in the secrets bucket of a Google Cloud Storage file containing validator secrets" -} - -variable gcloud_secrets_bucket { - type = string - description = "Name of the Google Cloud Storage bucket where secrets are kept" -} - -variable gcloud_vm_service_account_email { - type = string - description = "The email of the service account to associate virtual machines with" -} - -variable geth_bootnode_docker_image_repository { - type = string - description = "Repository of the geth bootnode docker image" -} - -variable geth_bootnode_docker_image_tag { - type = string - description = "Tag of the geth bootnode docker image" -} - -variable network_id { - type = number - description = "The network ID number" -} - -variable network_name { - type = string - description = "Name of the GCP network" -} diff --git a/packages/terraform-modules/testnet/modules/full-node/main.tf b/packages/terraform-modules/testnet/modules/full-node/main.tf deleted file mode 100644 index 3414589ac8c..00000000000 --- a/packages/terraform-modules/testnet/modules/full-node/main.tf +++ /dev/null @@ -1,116 +0,0 @@ -locals { - attached_disk_name = "celo-data" - name_prefix = "${var.celo_env}-${var.name}" - # generate names using `var.name` if `var.names` isn't set - names = length(var.names) > 0 ? var.names : [for node_index in range(var.node_count) : "${var.name}-${node_index}"] -} - -resource "google_compute_address" "full_node" { - name = "${var.celo_env}-${each.key}-address-${random_id.full_node[each.key].hex}" - address_type = "EXTERNAL" - - for_each = local.names - - lifecycle { - create_before_destroy = true - } -} - -resource "google_compute_instance" "full_node" { - name = "${var.celo_env}-${each.key}-${random_id.full_node[each.key].hex}" - machine_type = "n1-standard-2" - - for_each = local.names - - tags = concat(["${var.celo_env}-node"], var.instance_tags) - - allow_stopping_for_update = true - - boot_disk { - initialize_params { - image = "debian-cloud/debian-9" - } - } - - attached_disk { - source = google_compute_disk.full_node[each.key].self_link - device_name = local.attached_disk_name - } - - network_interface { - network = var.network_name - access_config { - nat_ip = google_compute_address.full_node[each.key].address - } - } - - metadata_startup_script = templatefile( - format("%s/startup.sh", path.module), { - additional_geth_flags : var.additional_geth_flags, - attached_disk_name : local.attached_disk_name, - block_time : var.block_time, - bootnode_ip_address : var.bootnode_ip_address, - ethstats_host : var.ethstats_host, - gcloud_secrets_base_path : var.gcloud_secrets_base_path, - gcloud_secrets_bucket : var.gcloud_secrets_bucket, - genesis_content_base64 : var.genesis_content_base64, - geth_metrics : var.geth_metrics, - geth_node_docker_image_repository : var.geth_node_docker_image_repository, - geth_node_docker_image_tag : var.geth_node_docker_image_tag, - geth_verbosity : var.geth_verbosity, - in_memory_discovery_table : var.in_memory_discovery_table, - ip_address : google_compute_address.full_node[each.key].address, - max_light_peers : var.max_light_peers, - max_peers : var.max_peers, - name : each.key, - network_id : var.network_id, - network_name : var.celo_env, - gcmode: var.gcmode, - node_name : "${var.celo_env}-${each.key}", - proxy : var.proxy, - rid : each.key, - rpc_apis : var.rpc_apis, - } - ) - - service_account { - email = var.gcloud_vm_service_account_email - scopes = [ - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/logging.write", - "https://www.googleapis.com/auth/monitoring.write" - ] - } - - lifecycle { - create_before_destroy = true - } -} - -resource "google_compute_disk" "full_node" { - name = "${var.celo_env}-${each.key}-disk-${random_id.full_node_disk[each.key].hex}" - - for_each = local.names - - type = "pd-ssd" - # in GB - size = var.node_disk_size_gb - physical_block_size_bytes = 4096 - - lifecycle { - create_before_destroy = true - } -} - -resource "random_id" "full_node" { - for_each = local.names - - byte_length = 8 -} - -# Separate random id so that updating the ID of the instance doesn't force a new disk -resource "random_id" "full_node_disk" { - for_each = local.names - - byte_length = 8 -} diff --git a/packages/terraform-modules/testnet/modules/full-node/outputs.tf b/packages/terraform-modules/testnet/modules/full-node/outputs.tf deleted file mode 100644 index 7f8141af2de..00000000000 --- a/packages/terraform-modules/testnet/modules/full-node/outputs.tf +++ /dev/null @@ -1,19 +0,0 @@ -output ip_addresses { - value = [for v in google_compute_address.full_node : v.address] -} - -output internal_ip_addresses { - value = [for v in google_compute_instance.full_node : v.network_interface.0.network_ip] -} - -output self_links { - value = [for v in google_compute_instance.full_node : v.self_link] -} - -output ip_addresses_map { - value = { for k, v in google_compute_address.full_node : k => v.address } -} - -output internal_ip_addresses_map { - value = { for k, v in google_compute_instance.full_node : k => v.network_interface.0.network_ip } -} diff --git a/packages/terraform-modules/testnet/modules/full-node/startup.sh b/packages/terraform-modules/testnet/modules/full-node/startup.sh deleted file mode 100644 index 6c661bb4b94..00000000000 --- a/packages/terraform-modules/testnet/modules/full-node/startup.sh +++ /dev/null @@ -1,241 +0,0 @@ -#! /bin/bash - -# ---- Set Up Logging ---- - -curl -sSO https://dl.google.com/cloudagents/install-logging-agent.sh -bash install-logging-agent.sh - -echo " -@include config.d/*.conf -# Prometheus monitoring. - - @type prometheus - port 24231 - - - @type prometheus_monitor - - -# Do not collect fluentd's own logs to avoid infinite loops. - - @type null - - -# Add a unique insertId to each log entry that doesn't already have it. -# This helps guarantee the order and prevent log duplication. - -@type add_insert_ids - - -# Configure all sources to output to Google Cloud Logging - - @type google_cloud - buffer_type file - buffer_path /var/log/google-fluentd/buffers - # Set the chunk limit conservatively to avoid exceeding the recommended - # chunk size of 5MB per write request. - buffer_chunk_limit 512KB - # Flush logs every 5 seconds, even if the buffer is not full. - flush_interval 5s - # Enforce some limit on the number of retries. - disable_retry_limit false - # After 3 retries, a given chunk will be discarded. - retry_limit 3 - # Wait 10 seconds before the first retry. The wait interval will be doubled on - # each following retry (20s, 40s...) until it hits the retry limit. - retry_wait 10 - # Never wait longer than 5 minutes between retries. If the wait interval - # reaches this limit, the exponentiation stops. - # Given the default config, this limit should never be reached, but if - # retry_limit and retry_wait are customized, this limit might take effect. - max_retry_wait 300 - # Use multiple threads for processing. - num_threads 8 - # Use the gRPC transport. - use_grpc true - # If a request is a mix of valid log entries and invalid ones, ingest the - # valid ones and drop the invalid ones instead of dropping everything. - partial_success true - # Enable monitoring via Prometheus integration. - enable_monitoring true - monitoring_type opencensus - detect_json true -" > /etc/google-fluentd/google-fluentd.conf - -echo " - - @type rewrite_tag_filter - - key log - pattern ^{ - tag docker_logs_json - - - key log - pattern ^[^{] - tag docker_logs_plain - - - - - @type parser - key_name log - reserve_data false - - @type json - - - - - @type record_transformer - - message $${record["log"]} - - -" > /etc/google-fluentd/config.d/docker.conf -systemctl restart google-fluentd - -# ---- Set Up Monitoring Agent ---- - -curl -sSO https://dl.google.com/cloudagents/install-monitoring-agent.sh -bash install-monitoring-agent.sh - -# ---- Set Up Persistent Disk ---- - -# gives a path similar to `/dev/sdb` -DISK_PATH=`readlink -f /dev/disk/by-id/google-${attached_disk_name}` -DATA_DIR=/root/.celo - -echo "Setting up persistent disk ${attached_disk_name} at $DISK_PATH..." - -DISK_FORMAT=ext4 -CURRENT_DISK_FORMAT=`lsblk -i -n -o fstype $DISK_PATH` - -echo "Checking if disk $DISK_PATH format $CURRENT_DISK_FORMAT matches desired $DISK_FORMAT..." - -# If the disk has already been formatted previously (this will happen -# if this instance has been recreated with the same disk), we skip formatting -if [[ $CURRENT_DISK_FORMAT == $DISK_FORMAT ]]; then - echo "Disk $DISK_PATH is correctly formatted as $DISK_FORMAT" -else - echo "Disk $DISK_PATH is not formatted correctly, formatting as $DISK_FORMAT..." - mkfs.ext4 -m 0 -F -E lazy_itable_init=0,lazy_journal_init=0,discard $DISK_PATH -fi - -mkdir -p $DATA_DIR -echo "Mounting $DISK_PATH onto $DATA_DIR" -mount -o discard,defaults $DISK_PATH $DATA_DIR - -# ---- Install Docker ---- - -echo "Installing Docker..." -apt update && apt upgrade -apt install -y apt-transport-https ca-certificates curl software-properties-common gnupg2 -curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - -add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" -apt update && apt upgrade -apt install -y docker-ce -systemctl start docker - -echo "Configuring Docker..." -gcloud auth configure-docker - -# use GCP logging for Docker containers -echo '{"log-driver":"fluentd","log-opts":{"fluentd-address":"0.0.0.0:24224","tag":"docker_logs"}}' > /etc/docker/daemon.json -systemctl restart docker - -# ---- Set Up and Run Geth ---- - -GETH_NODE_DOCKER_IMAGE=${geth_node_docker_image_repository}:${geth_node_docker_image_tag} - -# download & apply secrets pulled from Cloud Storage as environment vars -echo "Downloading secrets from Google Cloud Storage..." -SECRETS_ENV_PATH=/var/.env.celo.secrets -gsutil cp gs://${gcloud_secrets_bucket}/${gcloud_secrets_base_path}/.env.${name} $SECRETS_ENV_PATH -# Apply the .env file -. $SECRETS_ENV_PATH - -echo "Address: $ACCOUNT_ADDRESS" -echo "Bootnode enode address: $BOOTNODE_ENODE_ADDRESS" - -BOOTNODE_ENODE=$BOOTNODE_ENODE_ADDRESS@${bootnode_ip_address}:30301 -echo "Bootnode enode: $BOOTNODE_ENODE" - -echo "Pulling geth..." -docker pull $GETH_NODE_DOCKER_IMAGE - -IN_MEMORY_DISCOVERY_TABLE_FLAG="" -[[ ${in_memory_discovery_table} == "true" ]] && IN_MEMORY_DISCOVERY_TABLE_FLAG="--use-in-memory-discovery-table" - -RPC_APIS=${rpc_apis} - -if [[ ${proxy} == "true" ]]; then - ADDITIONAL_GETH_FLAGS="--proxy.proxy --proxy.internalendpoint :30503 --proxy.proxiedvalidatoraddress $PROXIED_VALIDATOR_ADDRESS" -fi - -METRICS_FLAGS="" -if [[ ${geth_metrics} == "true" ]]; then - # Valid from celo-blockchain >=1.5.x - METRICS_FLAGS="$METRICS_FLAGS --metrics --pprof --pprof.port 6060 --pprof.addr 127.0.0.1" -fi - -# Using bootnode so their enode url will be published to the discv5 DHT (and light clients can discover them) -BOOTNODE_FLAG="--bootnodes=enode://$BOOTNODE_ENODE" - -DATA_DIR=/root/.celo - -mkdir -p $DATA_DIR/account -echo -n "${genesis_content_base64}" | base64 -d > $DATA_DIR/genesis.json -echo -n "${rid}" > $DATA_DIR/replica_id -echo -n "${ip_address}" > $DATA_DIR/ipAddress -echo -n "$PRIVATE_KEY" > $DATA_DIR/pkey -echo -n "$ACCOUNT_ADDRESS" > $DATA_DIR/address -echo -n "$BOOTNODE_ENODE_ADDRESS" > $DATA_DIR/bootnodeEnodeAddress -echo -n "$BOOTNODE_ENODE" > $DATA_DIR/bootnodeEnode -echo -n "$GETH_ACCOUNT_SECRET" > $DATA_DIR/account/accountSecret - -echo "Starting geth..." -# We need to override the entrypoint in the geth image (which is originally `geth`) -docker run \ - -v $DATA_DIR:$DATA_DIR \ - --name geth \ - --net=host \ - --restart always \ - --entrypoint /bin/sh \ - -d \ - $GETH_NODE_DOCKER_IMAGE -c "\ - ( - set -euo pipefail ; \ - geth init $DATA_DIR/genesis.json \ - ) ; \ - geth account import --password $DATA_DIR/account/accountSecret $DATA_DIR/pkey ; \ - geth \ - --$BOOTNODE_FLAG \ - --datadir $DATA_DIR \ - --light.serve 90 \ - --light.maxpeers ${max_light_peers} \ - --maxpeers=${max_peers} \ - --nousb \ - --rpc \ - --rpcaddr 0.0.0.0 \ - --rpcapi=$RPC_APIS \ - --rpccorsdomain='*' \ - --rpcvhosts=* \ - --ws \ - --wsaddr 0.0.0.0 \ - --wsorigins=* \ - --wsapi=$RPC_APIS \ - --nodekey=$DATA_DIR/pkey \ - --etherbase=$ACCOUNT_ADDRESS \ - --networkid=${network_id} \ - --syncmode=full \ - --gcmode=${gcmode} \ - --consoleformat=json \ - --consoleoutput=stdout \ - --verbosity=${geth_verbosity} \ - --ethstats=${node_name}@${ethstats_host} \ - --metrics \ - --pprof \ - $IN_MEMORY_DISCOVERY_TABLE_FLAG \ - $ADDITIONAL_GETH_FLAGS" - diff --git a/packages/terraform-modules/testnet/modules/full-node/variables.tf b/packages/terraform-modules/testnet/modules/full-node/variables.tf deleted file mode 100644 index 0dda2aca227..00000000000 --- a/packages/terraform-modules/testnet/modules/full-node/variables.tf +++ /dev/null @@ -1,139 +0,0 @@ -variable additional_geth_flags { - type = string - description = "Additional flags to be passed when running geth" - default = "" -} - -variable block_time { - type = number - description = "Number of seconds between each block" -} - -variable bootnode_ip_address { - type = string - description = "The external IP address of the bootnode" -} - -variable celo_env { - type = string - description = "Name of the testnet Celo environment" -} - -variable ethstats_host { - type = string - description = "Ethstats url or IP address" -} - -variable gcloud_secrets_base_path { - type = string - description = "Base path in the secrets bucket of a Google Cloud Storage file containing tx-node secrets" -} - -variable gcloud_secrets_bucket { - type = string - description = "Name of the Google Cloud Storage bucket where secrets are kept" -} - -variable gcloud_vm_service_account_email { - type = string - description = "The email of the service account to associate virtual machines with" -} - -variable genesis_content_base64 { - type = string - description = "Content of the genesis file encoded in base64" -} - -variable geth_metrics { - type = string - description = "Enable Geth metrics (prometheus format) on port 6060" -} - -variable geth_node_docker_image_repository { - type = string - description = "Repository of the geth docker image" -} - -variable geth_node_docker_image_tag { - type = string - description = "Tag of the geth docker image" -} - -variable geth_verbosity { - type = number - description = "Verbosity of the nodes" -} - -variable in_memory_discovery_table { - type = bool - description = "Specifies whether to use an in memory discovery table" -} - -variable instance_tags { - type = list(string) - description = "Tags to set for the instance" - default = [] -} - -variable max_light_peers { - type = number - description = "The maximum number of light client peers" - default = 50 -} - -variable max_peers { - type = number - description = "The maximum number of peers for the node" - default = 100 -} - -variable name { - type = string - description = "Name of the nodes. Should be specified if names is not." - default = "" -} - -variable names { - type = set(string) - description = "Name of each node to create. If not specified, the names will be generated using the name variable and an index." - default = [] -} - -variable network_id { - type = number - description = "The network ID number" -} - -variable network_name { - type = string - description = "Name of the GCP network the node VM is in" -} - -variable node_count { - type = number - description = "Number of nodes to create if names is not specified" - default = 0 -} - -variable node_disk_size_gb { - type = number - description = "The size in GB for each node's disk" -} - -variable gcmode { - type = string - description = "Celo-blockchain --gcmode option" - default = "full" -} - -variable proxy { - type = bool - description = "Whether the node is a proxy for a validator" - default = false -} - -variable rpc_apis { - type = string - description = "Comma separated string including which RPC APIs to expose" - default = "eth,net,web3" -} diff --git a/packages/terraform-modules/testnet/modules/tx-node-load-balancer/main.tf b/packages/terraform-modules/testnet/modules/tx-node-load-balancer/main.tf deleted file mode 100644 index db760f315b7..00000000000 --- a/packages/terraform-modules/testnet/modules/tx-node-load-balancer/main.tf +++ /dev/null @@ -1,244 +0,0 @@ -locals { - name_prefix = "${var.celo_env}-tx-node-lb" - target_https_proxy_name = "${var.celo_env}-tx-node-lb-external-http-proxy" -} - -# We want to maintain websockets (which are not supposed by the HTTPS external -# load balancer) & avoid unnecessary egress costs. -# An internal & external load balancer cannot use the same instance group. To -# get around this, we allocate 1 of the tx-nodes to be for internal load balancing. -# It's still included in `static_nodes.json`, but not included in the forno -# setup. In the future, consider moving this node to live in Kubernetes to be -# along with the services that use it. - -# internal load balancer for cLabs-run infra: - -resource "google_compute_instance_group" "internal" { - name = "${local.name_prefix}-internal-group-${random_id.internal.hex}" - - instances = var.private_tx_node_self_links - - lifecycle { - create_before_destroy = true - } -} - -resource "random_id" "internal" { - byte_length = 8 -} - -data "google_compute_subnetwork" "subnet" { - name = var.network_name -} - -resource "google_compute_address" "internal" { - name = "${local.name_prefix}-internal-address" - address_type = "INTERNAL" - subnetwork = data.google_compute_subnetwork.subnet.self_link -} - -resource "google_compute_forwarding_rule" "internal" { - name = "${local.name_prefix}-internal-fwd-rule" - - backend_service = google_compute_region_backend_service.internal.self_link - ip_address = google_compute_address.internal.address - load_balancing_scheme = "INTERNAL" - network = var.network_name - ports = ["8545", "8546"] -} - -resource "google_compute_region_backend_service" "internal" { - name = "${local.name_prefix}-internal-service" - - # internal HTTP load balancing does not support WebSockets - protocol = "TCP" - - backend { - group = google_compute_instance_group.internal.self_link - } - - health_checks = [ - google_compute_health_check.internal.self_link - ] -} - -resource "google_compute_health_check" "internal" { - name = "${local.name_prefix}-internal-health" - - tcp_health_check { - port = 8545 - } -} - -# external load balancer for forno setup - - -resource "google_compute_instance_group" "external" { - name = "${local.name_prefix}-group-${random_id.external.hex}" - - instances = var.tx_node_self_links - - lifecycle { - create_before_destroy = true - } - - named_port { - name = "http" - port = "8545" - } -} - -resource "random_id" "external" { - byte_length = 8 -} - -resource "google_compute_global_address" "external" { - name = "${local.name_prefix}-external-address" - address_type = "EXTERNAL" -} - -resource "google_compute_global_forwarding_rule" "external" { - name = "${local.name_prefix}-external-fwd-rule" - - ip_address = google_compute_global_address.external.address - load_balancing_scheme = "EXTERNAL" - port_range = "443" - target = google_compute_target_https_proxy.external.self_link -} - -resource "google_compute_target_https_proxy" "external" { - name = "${local.name_prefix}-external-http-proxy" - url_map = google_compute_url_map.external.self_link - ssl_certificates = [google_compute_ssl_certificate.external.self_link] - quic_override = "NONE" -} - -resource "google_compute_url_map" "external" { - name = "${local.name_prefix}-external-url-map" - default_service = google_compute_backend_service.external.self_link - - host_rule { - hosts = [var.forno_host] - path_matcher = "allpaths" - } - - path_matcher { - name = "allpaths" - default_service = google_compute_backend_service.external.self_link - } -} - -resource "google_compute_backend_service" "external" { - name = "${local.name_prefix}-external-service" - port_name = "http" - protocol = "HTTP" - - backend { - group = google_compute_instance_group.external.self_link - } - - health_checks = [ - google_compute_health_check.external.self_link - ] -} - -resource "google_compute_health_check" "external" { - name = "${local.name_prefix}-external-health" - - http_health_check { - port = 8545 - } -} - -resource "google_dns_record_set" "external" { - # google cloud requires the name to end with a "." - name = "${var.forno_host}." - managed_zone = data.google_dns_managed_zone.external.name - type = "A" - ttl = 3600 - - rrdatas = [google_compute_global_address.external.address] - - project = var.dns_gcloud_project -} - -data "google_dns_managed_zone" "external" { - name = var.dns_zone_name - project = var.dns_gcloud_project -} - -# SSL certificate from Let's Encrypt: - -resource "google_compute_instance" "external_ssl" { - name = "${local.name_prefix}-external-ssl" - machine_type = "f1-micro" - - tags = ["${var.celo_env}-external-ssl"] - - allow_stopping_for_update = true - - boot_disk { - initialize_params { - image = "debian-cloud/debian-9" - } - } - - network_interface { - network = var.network_name - access_config { - } - } - - metadata_startup_script = templatefile( - format("%s/ssl-startup.sh", path.module), { - cert_prefix : "${local.name_prefix}-forno-", - forno_host : var.forno_host, - gcloud_project : var.dns_gcloud_project, - letsencrypt_email : var.letsencrypt_email, - target_https_proxy_name : local.target_https_proxy_name - } - ) - - service_account { - email = var.gcloud_vm_service_account_email - scopes = [ - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/logging.write", - "https://www.googleapis.com/auth/ndev.clouddns.readwrite" - ] - } -} - -# temporary self-signed certificate that will be overwritten by -# google_compute_instance.external_ssl - -resource "google_compute_ssl_certificate" "external" { - name_prefix = "${local.name_prefix}-ssl-cert" - private_key = tls_private_key.tmp.private_key_pem - certificate = tls_self_signed_cert.tmp.cert_pem - - lifecycle { - create_before_destroy = true - } -} - -resource "tls_self_signed_cert" "tmp" { - key_algorithm = "RSA" - private_key_pem = tls_private_key.tmp.private_key_pem - - subject { - common_name = var.forno_host - organization = "Temporary self signed cert" - } - - validity_period_hours = 12 - - allowed_uses = [ - "server_auth", - ] -} - -resource "tls_private_key" "tmp" { - algorithm = "RSA" -} diff --git a/packages/terraform-modules/testnet/modules/tx-node-load-balancer/output.tf b/packages/terraform-modules/testnet/modules/tx-node-load-balancer/output.tf deleted file mode 100644 index aba2eac8be9..00000000000 --- a/packages/terraform-modules/testnet/modules/tx-node-load-balancer/output.tf +++ /dev/null @@ -1,3 +0,0 @@ -output internal_ip_address { - value = google_compute_address.internal.address -} diff --git a/packages/terraform-modules/testnet/modules/tx-node-load-balancer/ssl-startup.sh b/packages/terraform-modules/testnet/modules/tx-node-load-balancer/ssl-startup.sh deleted file mode 100644 index e4e674aa3e3..00000000000 --- a/packages/terraform-modules/testnet/modules/tx-node-load-balancer/ssl-startup.sh +++ /dev/null @@ -1,129 +0,0 @@ -#! /bin/bash - -# ---- Set Up Logging ---- - -curl -sSO https://dl.google.com/cloudagents/install-logging-agent.sh -bash install-logging-agent.sh - -echo " -@include config.d/*.conf -# Prometheus monitoring. - - @type prometheus - port 24231 - - - @type prometheus_monitor - - -# Do not collect fluentd's own logs to avoid infinite loops. - - @type null - - -# Add a unique insertId to each log entry that doesn't already have it. -# This helps guarantee the order and prevent log duplication. - -@type add_insert_ids - - -# Configure all sources to output to Google Cloud Logging - - @type google_cloud - buffer_type file - buffer_path /var/log/google-fluentd/buffers - # Set the chunk limit conservatively to avoid exceeding the recommended - # chunk size of 5MB per write request. - buffer_chunk_limit 512KB - # Flush logs every 5 seconds, even if the buffer is not full. - flush_interval 5s - # Enforce some limit on the number of retries. - disable_retry_limit false - # After 3 retries, a given chunk will be discarded. - retry_limit 3 - # Wait 10 seconds before the first retry. The wait interval will be doubled on - # each following retry (20s, 40s...) until it hits the retry limit. - retry_wait 10 - # Never wait longer than 5 minutes between retries. If the wait interval - # reaches this limit, the exponentiation stops. - # Given the default config, this limit should never be reached, but if - # retry_limit and retry_wait are customized, this limit might take effect. - max_retry_wait 300 - # Use multiple threads for processing. - num_threads 8 - # Use the gRPC transport. - use_grpc true - # If a request is a mix of valid log entries and invalid ones, ingest the - # valid ones and drop the invalid ones instead of dropping everything. - partial_success true - # Enable monitoring via Prometheus integration. - enable_monitoring true - monitoring_type opencensus - detect_json true -" > /etc/google-fluentd/google-fluentd.conf - -echo " - - @type rewrite_tag_filter - - key log - pattern ^{ - tag docker_logs_json - - - key log - pattern ^[^{] - tag docker_logs_plain - - - - - @type parser - key_name log - reserve_data false - - @type json - - - - - @type record_transformer - - message $${record["log"]} - - -" > /etc/google-fluentd/config.d/docker.conf -systemctl restart google-fluentd - -# ---- Install Docker ---- - -echo "Installing Docker..." -apt update && apt upgrade -apt install -y apt-transport-https ca-certificates curl software-properties-common gnupg2 -curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - -add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" -apt update && apt upgrade -apt install -y docker-ce -systemctl start docker - -echo "Configuring Docker..." -gcloud auth configure-docker - -# use GCP logging for Docker containers -echo '{"log-driver":"gcplogs"}' > /etc/docker/daemon.json -systemctl restart docker - -mkdir -p /home/lego - -# use --env USE_STAGING_SERVER=true to test staging - -/usr/bin/docker run -d \ - -v /home/lego:/root/.lego \ - --restart always \ - --env GCE_PROJECT=${gcloud_project} \ - --env LETSENCRYPT_EMAIL=${letsencrypt_email} \ - --env TARGET_PROXY=${target_https_proxy_name} \ - --env DOMAINS_LIST="-d ${forno_host}" \ - --env CERT_ID_PREFIX=${cert_prefix} \ - --name=ssl-letsencrypt \ - bloomapi/letsencrypt-gcloud-balancer:v1.0.2 diff --git a/packages/terraform-modules/testnet/modules/tx-node-load-balancer/variables.tf b/packages/terraform-modules/testnet/modules/tx-node-load-balancer/variables.tf deleted file mode 100644 index bfe2bb19dbe..00000000000 --- a/packages/terraform-modules/testnet/modules/tx-node-load-balancer/variables.tf +++ /dev/null @@ -1,49 +0,0 @@ -variable celo_env { - type = string - description = "Name of the testnet Celo environment" -} - -variable dns_gcloud_project { - type = string - description = "Name of the Google Cloud project where Cloud DNS is" -} - -variable dns_zone_name { - type = string - description = "Name of the DNS zone for the domain used for the forno setup" -} - -variable forno_host { - type = string - description = "The host name to use for the tx node forno setup" -} - -variable gcloud_project { - type = string - description = "Name of the Google Cloud project to use" -} - -variable gcloud_vm_service_account_email { - type = string - description = "The email of the service account to associate virtual machines with" -} - -variable letsencrypt_email { - type = string - description = "The email to create letsencrypt certificates with" -} - -variable network_name { - type = string - description = "Name of the GCP network the tx-node load balancer is in" -} - -variable private_tx_node_self_links { - type = list(string) - description = "A list including the self_links of each private/internal tx-node" -} - -variable tx_node_self_links { - type = list(string) - description = "A list including the self_links of each public/external tx-node" -} diff --git a/packages/terraform-modules/testnet/modules/validator/main.tf b/packages/terraform-modules/testnet/modules/validator/main.tf deleted file mode 100644 index 36ed6958b35..00000000000 --- a/packages/terraform-modules/testnet/modules/validator/main.tf +++ /dev/null @@ -1,191 +0,0 @@ -# This module creates var.validator_count validators. The first -# local.proxied_validator_count validators are hidden behind externally facing -# proxies, and the rest are exposed to the external internet. - -locals { - attached_disk_name = "celo-data" - name_prefix = "${var.celo_env}-validator" - proxied_validator_count = length(var.proxies_per_validator) -} - -resource "google_compute_address" "validator" { - name = "${local.name_prefix}-address-${count.index}" - address_type = "EXTERNAL" - - # only create external addresses for validators that are not proxied - count = var.validator_count - local.proxied_validator_count -} - -resource "google_compute_address" "validator_internal" { - name = "${local.name_prefix}-internal-address-${count.index}" - subnetwork = google_compute_subnetwork.validator.self_link - address_type = "INTERNAL" - purpose = "GCE_ENDPOINT" - - count = var.validator_count -} - -resource "google_compute_instance" "validator" { - name = "${local.name_prefix}-${count.index}" - machine_type = "n1-standard-2" - - count = var.validator_count - - tags = ["${var.celo_env}-node", "${var.celo_env}-validator"] - - allow_stopping_for_update = true - - boot_disk { - initialize_params { - image = "debian-cloud/debian-9" - } - } - - attached_disk { - source = google_compute_disk.validator[count.index].self_link - device_name = local.attached_disk_name - } - - network_interface { - network = var.network_name - network_ip = google_compute_address.validator_internal[count.index].address - subnetwork = google_compute_subnetwork.validator.name - # We only want an access config for validators that will not be proxied - dynamic "access_config" { - for_each = count.index < local.proxied_validator_count ? [] : [0] - content { - nat_ip = google_compute_address.validator[count.index - local.proxied_validator_count].address - } - } - } - - metadata_startup_script = templatefile( - format("%s/startup.sh", path.module), { - attached_disk_name : local.attached_disk_name, - block_time : var.block_time, - bootnode_ip_address : var.bootnode_ip_address, - ethstats_host : var.ethstats_host, - gcloud_secrets_base_path : var.gcloud_secrets_base_path, - gcloud_secrets_bucket : var.gcloud_secrets_bucket, - genesis_content_base64 : var.genesis_content_base64, - geth_metrics : var.geth_metrics, - geth_node_docker_image_repository : var.geth_node_docker_image_repository, - geth_node_docker_image_tag : var.geth_node_docker_image_tag, - geth_verbosity : var.geth_verbosity, - in_memory_discovery_table : var.in_memory_discovery_table, - ip_address : count.index < local.proxied_validator_count ? "" : google_compute_address.validator[count.index - local.proxied_validator_count].address, - istanbul_request_timeout_ms : var.istanbul_request_timeout_ms, - max_light_peers : 20, - max_peers : 125, - network_id : var.network_id, - network_name : var.celo_env, - proxied : count.index < length(var.proxies_per_validator), - # proxied : var.proxies_per_validator[count.index] > 0 ? true : false, - rid : count.index, - # Searches for all proxies whose map key corresponds to this specific validator - # by finding keys starting with "validator-${this validator index}" - proxy_internal_ip_addresses : compact([for key in keys(module.proxy.internal_ip_addresses_map) : substr(key, 0, length(format("validator-%d", count.index))) == format("validator-%d", count.index) ? module.proxy.internal_ip_addresses_map[key] : ""]), - proxy_external_ip_addresses : compact([for key in keys(module.proxy.ip_addresses_map) : substr(key, 0, length(format("validator-%d", count.index))) == format("validator-%d", count.index) ? module.proxy.ip_addresses_map[key] : ""]), - validator_name : "${local.name_prefix}-${count.index}", - } - ) - - service_account { - email = var.gcloud_vm_service_account_email - scopes = [ - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/logging.write", - "https://www.googleapis.com/auth/monitoring.write" - ] - } -} - -resource "google_compute_disk" "validator" { - name = "${local.name_prefix}-disk-${count.index}" - count = var.validator_count - - type = "pd-ssd" - # in GB - size = var.node_disk_size_gb - physical_block_size_bytes = 4096 -} - -resource "google_compute_subnetwork" "validator" { - name = "${local.name_prefix}-subnet" - network = var.network_name - # Arbitrary IP range. This cannot overlap with existing subnetwork IP ranges - # in the same network, so there can only be at most 1 VM testnet on a VPC network - ip_cidr_range = "10.25.0.0/24" - # to allow an internal instance to reach google API servers (metrics reporting, logs, etc) - private_ip_google_access = true -} - -# proxies - -module "proxy" { - source = "../full-node" - # variables - block_time = var.block_time - bootnode_ip_address = var.bootnode_ip_address - celo_env = var.celo_env - ethstats_host = var.ethstats_host - gcloud_secrets_base_path = var.gcloud_secrets_base_path - gcloud_secrets_bucket = var.gcloud_secrets_bucket - gcloud_vm_service_account_email = var.gcloud_vm_service_account_email - genesis_content_base64 = var.genesis_content_base64 - geth_metrics = var.geth_metrics - geth_node_docker_image_repository = var.geth_node_docker_image_repository - geth_node_docker_image_tag = var.geth_node_docker_image_tag - geth_verbosity = var.geth_verbosity - in_memory_discovery_table = var.in_memory_discovery_table - instance_tags = ["${var.celo_env}-proxy"] - max_peers = 200 - names = flatten([for val_index in range(length(var.proxies_per_validator)) : [for proxy_index in range(var.proxies_per_validator[val_index]) : format("validator-%d-proxy-%d", val_index, proxy_index)]]) - network_id = var.network_id - network_name = var.network_name - node_disk_size_gb = var.node_disk_size_gb - proxy = true -} - -# if there are no proxied validators, we don't have to worry about - -resource "google_compute_firewall" "proxy_internal_ingress" { - count = local.proxied_validator_count > 0 ? 1 : 0 - - name = "${local.name_prefix}-proxy-internal-ingress" - network = var.network_name - - direction = "INGRESS" - source_ranges = ["10.0.0.0/8"] - - allow { - protocol = "tcp" - ports = ["30503"] - } - - allow { - protocol = "udp" - ports = ["30503"] - } -} - -resource "google_compute_firewall" "proxy_internal_egress" { - count = local.proxied_validator_count > 0 ? 1 : 0 - - name = "${local.name_prefix}-proxy-internal-egress" - network = var.network_name - - direction = "EGRESS" - destination_ranges = ["10.0.0.0/8"] - - allow { - protocol = "tcp" - ports = ["30503"] - } - - allow { - protocol = "udp" - ports = ["30503"] - } -} diff --git a/packages/terraform-modules/testnet/modules/validator/outputs.tf b/packages/terraform-modules/testnet/modules/validator/outputs.tf deleted file mode 100644 index 53c502e9e04..00000000000 --- a/packages/terraform-modules/testnet/modules/validator/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -output internal_ip_addresses { - value = google_compute_address.validator_internal.*.address -} - -output proxy_internal_ip_addresses { - value = module.proxy.internal_ip_addresses -} diff --git a/packages/terraform-modules/testnet/modules/validator/startup.sh b/packages/terraform-modules/testnet/modules/validator/startup.sh deleted file mode 100644 index b368f759531..00000000000 --- a/packages/terraform-modules/testnet/modules/validator/startup.sh +++ /dev/null @@ -1,300 +0,0 @@ -#! /bin/bash - -GCLOUD_ZONE=`gcloud compute instances list --filter="name=('${validator_name}')" --format 'value(zone)'` - -# If this validator is proxied, it won't have an access config. We need to -# create one for the initial 1 time setup so we can reach the external internet -if [[ ${proxied} == "true" ]]; then - gcloud compute instances add-access-config ${validator_name} --zone=$GCLOUD_ZONE -fi - -# ---- Set Up Logging ---- - -curl -sSO https://dl.google.com/cloudagents/install-logging-agent.sh -bash install-logging-agent.sh - -echo " -@include config.d/*.conf -# Prometheus monitoring. - - @type prometheus - port 24231 - - - @type prometheus_monitor - - -# Do not collect fluentd's own logs to avoid infinite loops. - - @type null - - -# Add a unique insertId to each log entry that doesn't already have it. -# This helps guarantee the order and prevent log duplication. - -@type add_insert_ids - - -# Configure all sources to output to Google Cloud Logging - - @type google_cloud - buffer_type file - buffer_path /var/log/google-fluentd/buffers - # Set the chunk limit conservatively to avoid exceeding the recommended - # chunk size of 5MB per write request. - buffer_chunk_limit 512KB - # Flush logs every 5 seconds, even if the buffer is not full. - flush_interval 5s - # Enforce some limit on the number of retries. - disable_retry_limit false - # After 3 retries, a given chunk will be discarded. - retry_limit 3 - # Wait 10 seconds before the first retry. The wait interval will be doubled on - # each following retry (20s, 40s...) until it hits the retry limit. - retry_wait 10 - # Never wait longer than 5 minutes between retries. If the wait interval - # reaches this limit, the exponentiation stops. - # Given the default config, this limit should never be reached, but if - # retry_limit and retry_wait are customized, this limit might take effect. - max_retry_wait 300 - # Use multiple threads for processing. - num_threads 8 - # Use the gRPC transport. - use_grpc true - # If a request is a mix of valid log entries and invalid ones, ingest the - # valid ones and drop the invalid ones instead of dropping everything. - partial_success true - # Enable monitoring via Prometheus integration. - enable_monitoring true - monitoring_type opencensus - detect_json true -" > /etc/google-fluentd/google-fluentd.conf - -echo " - - @type rewrite_tag_filter - - key log - pattern ^{ - tag docker_logs_json - - - key log - pattern ^[^{] - tag docker_logs_plain - - - - - @type parser - key_name log - reserve_data false - - @type json - - - - - @type record_transformer - - message $${record["log"]} - - -" > /etc/google-fluentd/config.d/docker.conf -systemctl restart google-fluentd - -# ---- Set Up Monitoring Agent ---- - -curl -sSO https://dl.google.com/cloudagents/install-monitoring-agent.sh -bash install-monitoring-agent.sh - -# ---- Set Up Persistent Disk ---- - -# gives a path similar to `/dev/sdb` -DISK_PATH=`readlink -f /dev/disk/by-id/google-${attached_disk_name}` -DATA_DIR=/root/.celo - -echo "Setting up persistent disk ${attached_disk_name} at $DISK_PATH..." - -DISK_FORMAT=ext4 -CURRENT_DISK_FORMAT=`lsblk -i -n -o fstype $DISK_PATH` - -echo "Checking if disk $DISK_PATH format $CURRENT_DISK_FORMAT matches desired $DISK_FORMAT..." - -# If the disk has already been formatted previously (this will happen -# if this instance has been recreated with the same disk), we skip formatting -if [[ $CURRENT_DISK_FORMAT == $DISK_FORMAT ]]; then - echo "Disk $DISK_PATH is correctly formatted as $DISK_FORMAT" -else - echo "Disk $DISK_PATH is not formatted correctly, formatting as $DISK_FORMAT..." - mkfs.ext4 -m 0 -F -E lazy_itable_init=0,lazy_journal_init=0,discard $DISK_PATH -fi - -mkdir -p $DATA_DIR -echo "Mounting $DISK_PATH onto $DATA_DIR" -mount -o discard,defaults $DISK_PATH $DATA_DIR - -# ---- Install Docker ---- - -echo "Installing Docker..." -apt update && apt upgrade -apt install -y apt-transport-https ca-certificates curl software-properties-common gnupg2 -curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - -add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" -apt update && apt upgrade -apt install -y docker-ce -systemctl start docker - -echo "Configuring Docker..." -gcloud auth configure-docker - -# use GCP logging for Docker containers -echo '{"log-driver":"fluentd","log-opts":{"fluentd-address":"0.0.0.0:24224","tag":"docker_logs"}}' > /etc/docker/daemon.json -systemctl restart docker - -# ---- Set Up and Run Geth ---- - -GETH_NODE_DOCKER_IMAGE=${geth_node_docker_image_repository}:${geth_node_docker_image_tag} - -# download & apply secrets pulled from Cloud Storage as environment vars -echo "Downloading secrets from Google Cloud Storage..." -SECRETS_ENV_PATH=/var/.env.celo.secrets -gsutil cp gs://${gcloud_secrets_bucket}/${gcloud_secrets_base_path}/.env.validator-${rid} $SECRETS_ENV_PATH -# Apply the .env file -. $SECRETS_ENV_PATH - -echo "Address: $ACCOUNT_ADDRESS" -echo "Bootnode enode address: $BOOTNODE_ENODE_ADDRESS" - -BOOTNODE_ENODE=$BOOTNODE_ENODE_ADDRESS@${bootnode_ip_address}:30301 -echo "Bootnode enode: $BOOTNODE_ENODE" - -echo "Pulling geth..." -docker pull $GETH_NODE_DOCKER_IMAGE - -PROXIED_FLAGS="" -PROXY_ENODE="" -if [[ ${proxied} == "true" ]]; then - - PROXY_COUNT=${length(proxy_internal_ip_addresses)} - PROXY_INTERNAL_IP_ADDRESSES=${join(",", proxy_internal_ip_addresses)} - PROXY_EXTERNAL_IP_ADDRESSES=${join(",", proxy_external_ip_addresses)} - - PROXY_ENODE_URL_PAIRS="" - - PROXY_INDEX=0 - while [ $PROXY_INDEX -lt $PROXY_COUNT ]; do - PROXY_INTERNAL_IP_ADDRESS=`echo -n $PROXY_INTERNAL_IP_ADDRESSES | cut -d ',' -f $(($PROXY_INDEX + 1))` - PROXY_EXTERNAL_IP_ADDRESS=`echo -n $PROXY_EXTERNAL_IP_ADDRESSES | cut -d ',' -f $(($PROXY_INDEX + 1))` - # $PROXY_ENODE_ADDRESSES is from the secrets pulled from google cloud - PROXY_ENODE_ADDRESS=`echo -n $PROXY_ENODE_ADDRESSES | cut -d ',' -f $(($PROXY_INDEX + 1))` - - PROXY_INTERNAL_ENODE="enode://$PROXY_ENODE_ADDRESS@$PROXY_INTERNAL_IP_ADDRESS:30503" - PROXY_EXTERNAL_ENODE="enode://$PROXY_ENODE_ADDRESS@$PROXY_EXTERNAL_IP_ADDRESS:30303" - - echo "Proxy $PROXY_INDEX internal enode: $PROXY_INTERNAL_ENODE" - echo "Proxy $PROXY_INDEX external enode: $PROXY_EXTERNAL_ENODE" - - if [ $PROXY_INDEX -gt 0 ]; then - PROXY_ENODE_URL_PAIRS="$PROXY_ENODE_URL_PAIRS," - fi - PROXY_ENODE_URL_PAIRS="$PROXY_ENODE_URL_PAIRS$PROXY_INTERNAL_ENODE;$PROXY_EXTERNAL_ENODE" - - PROXY_INDEX=$(($PROXY_INDEX + 1)) - done - if docker run --rm --entrypoint=geth $GETH_NODE_DOCKER_IMAGE --help | grep 'proxy.proxyenodeurlpairs' >/dev/null; then - PROXY_FLAG_NAME="--proxy.proxyenodeurlpairs" - else - PROXY_FLAG_NAME="--proxy.proxyenodeurlpair" - fi - PROXIED_FLAGS="--proxy.proxied --nodiscover $PROXY_FLAG_NAME=\"$PROXY_ENODE_URL_PAIRS\"" - - # if this validator is proxied, cut it off from the external internet after - # we've downloaded everything - echo "Deleting access config" - # The command hangs but still succeeds, give it some time - # This is likely because when the access config is actually deleted, this - # instance cannot reach the external internet so the success ack from the server - # is never received - timeout 20 gcloud compute instances delete-access-config ${validator_name} --zone=$GCLOUD_ZONE -fi - -METRICS_FLAGS="" -if [[ ${geth_metrics} == "true" ]]; then - # Valid from celo-blockchain >=1.5.x - METRICS_FLAGS="$METRICS_FLAGS --metrics --pprof --pprof.port 6060 --pprof.addr 127.0.0.1" -fi - -IN_MEMORY_DISCOVERY_TABLE_FLAG="" -[[ ${in_memory_discovery_table} == "true" ]] && IN_MEMORY_DISCOVERY_TABLE_FLAG="--use-in-memory-discovery-table" - -mkdir -p $DATA_DIR/account -echo -n "${genesis_content_base64}" | base64 -d > $DATA_DIR/genesis.json -echo -n "${rid}" > $DATA_DIR/replica_id -echo -n "$ACCOUNT_ADDRESS" > $DATA_DIR/address -echo -n "$BOOTNODE_ENODE_ADDRESS" > $DATA_DIR/bootnodeEnodeAddress -echo -n "$BOOTNODE_ENODE" > $DATA_DIR/bootnodeEnode -echo -n "$GETH_ACCOUNT_SECRET" > $DATA_DIR/account/accountSecret - -NAT_FLAG="" -if [ "${ip_address}" ]; then - echo -n "${ip_address}" > $DATA_DIR/ipAddress - NAT_FLAG="--nat=extip:${ip_address}" -fi - -if [[ "${network_name}" == "alfajores" || "${network_name}" == "baklava" ]]; then - BOOTNODE_FLAG="--${network_name}" -else - BOOTNODE_FLAG="--bootnodes=enode://$BOOTNODE_ENODE" -fi - -echo "Starting geth..." -# We need to override the entrypoint in the geth image (which is originally `geth`). -# `geth account import` fails when the account has already been imported. In -# this case, we do not want to pipefail -docker run \ - -v $DATA_DIR:$DATA_DIR \ - --name geth \ - --net=host \ - --restart always \ - --entrypoint /bin/sh \ - -d \ - $GETH_NODE_DOCKER_IMAGE -c "\ - ( - set -euo pipefail ; \ - geth init $DATA_DIR/genesis.json \ - ) ; \ - TMP_PRIVATE_KEY_FILE=$(mktemp) ; \ - echo -n $PRIVATE_KEY > \$TMP_PRIVATE_KEY_FILE ; \ - geth account import --password $DATA_DIR/account/accountSecret \$TMP_PRIVATE_KEY_FILE ; \ - rm \$TMP_PRIVATE_KEY_FILE ; \ - geth \ - --$BOOTNODE_FLAG \ - --datadir $DATA_DIR \ - --nousb \ - --password=$DATA_DIR/account/accountSecret \ - --unlock=$ACCOUNT_ADDRESS \ - --mine \ - --rpc \ - --rpcaddr 0.0.0.0 \ - --rpcapi=eth,net,web3 \ - --rpccorsdomain='*' \ - --rpcvhosts=* \ - --ws \ - --wsaddr 0.0.0.0 \ - --wsorigins=* \ - --wsapi=eth,net,web3 \ - --etherbase=$ACCOUNT_ADDRESS \ - --networkid=${network_id} \ - --syncmode=full \ - --consoleformat=json \ - --consoleoutput=stdout \ - --verbosity=${geth_verbosity} \ - --ethstats=${validator_name}@${ethstats_host} \ - --maxpeers=${max_peers} \ - --allow-insecure-unlock \ - $METRICS_FLAGS \ - $NAT_FLAG \ - $IN_MEMORY_DISCOVERY_TABLE_FLAG \ - $PROXIED_FLAGS" - diff --git a/packages/terraform-modules/testnet/modules/validator/variables.tf b/packages/terraform-modules/testnet/modules/validator/variables.tf deleted file mode 100644 index 02251abb4c3..00000000000 --- a/packages/terraform-modules/testnet/modules/validator/variables.tf +++ /dev/null @@ -1,94 +0,0 @@ -variable block_time { - type = number - description = "Number of seconds between each block" -} - -variable bootnode_ip_address { - type = string - description = "The external IP address of the bootnode" -} - -variable celo_env { - type = string - description = "Name of the testnet Celo environment" -} - -variable ethstats_host { - type = string - description = "Ethstats url or IP address" -} - -variable gcloud_secrets_base_path { - type = string - description = "Base path in the secrets bucket of a Google Cloud Storage file containing validator secrets" -} - -variable gcloud_secrets_bucket { - type = string - description = "Name of the Google Cloud Storage bucket where secrets are kept" -} - -variable gcloud_vm_service_account_email { - type = string - description = "The email of the service account to associate virtual machines with" -} - -variable genesis_content_base64 { - type = string - description = "Content of the genesis file encoded in base64" -} - -variable geth_metrics { - type = string - description = "Enable Geth metrics (prometheus format) on port 6060" -} - -variable geth_node_docker_image_repository { - type = string - description = "Repository of the geth docker image" -} - -variable geth_node_docker_image_tag { - type = string - description = "Tag of the geth docker image" -} - -variable geth_verbosity { - type = number - description = "Verbosity of the validator nodes" -} - -variable in_memory_discovery_table { - type = bool - description = "Specifies whether to use an in memory discovery table" -} - -variable istanbul_request_timeout_ms { - type = number - description = "The number of ms for the istanbul request timeout" -} - -variable network_id { - type = number - description = "The network ID number" -} - -variable network_name { - type = string - description = "Name of the GCP network the validator VM is in" -} - -variable node_disk_size_gb { - type = number - description = "The size in GB for each node's disk" -} - -variable proxies_per_validator { - type = list(number) - description = "Number of proxies for each validator that is proxied. Does not include validators that aren't proxied. indices correspond to validator indices." -} - -variable validator_count { - type = number - description = "Number of validators to create" -} diff --git a/packages/terraform-modules/testnet/outputs.tf b/packages/terraform-modules/testnet/outputs.tf deleted file mode 100644 index d2d163423c6..00000000000 --- a/packages/terraform-modules/testnet/outputs.tf +++ /dev/null @@ -1,23 +0,0 @@ -output bootnode_ip_address { - value = module.bootnode.ip_address -} - -output tx_node_internal_ip_addresses { - value = module.tx_node.internal_ip_addresses -} - -output tx_node_ip_addresses { - value = module.tx_node.ip_addresses -} - -output tx_node_lb_internal_ip_address { - value = module.tx_node_lb.internal_ip_address -} - -output validator_internal_ip_addresses { - value = module.validator.internal_ip_addresses -} - -output proxy_internal_ip_addresses { - value = module.validator.proxy_internal_ip_addresses -} diff --git a/packages/terraform-modules/testnet/variables.tf b/packages/terraform-modules/testnet/variables.tf deleted file mode 100644 index b4954b0727b..00000000000 --- a/packages/terraform-modules/testnet/variables.tf +++ /dev/null @@ -1,144 +0,0 @@ -variable block_time { - type = number - description = "Number of seconds between each block" -} - -variable celo_env { - type = string - description = "Name of the testnet Celo environment" -} - -variable dns_gcloud_project { - type = string - description = "Name of the Google Cloud project where Cloud DNS is" -} - -variable dns_zone_name { - type = string - description = "Name of the DNS zone for the domain used for the forno setup" -} - -variable ethstats_host { - type = string - description = "Ethstats url or IP address" -} - -variable forno_host { - type = string - description = "The host name to use for the tx node forno setup" -} - -variable gcloud_credentials_path { - type = string - description = "Path to the file containing the Google Cloud credentials to use" -} - -variable gcloud_project { - type = string - description = "Name of the Google Cloud project to use" -} - -variable gcloud_secrets_base_path { - type = string - description = "Base path in the secrets bucket of a Google Cloud Storage file containing node secrets" -} - -variable gcloud_secrets_bucket { - type = string - description = "Name of the Google Cloud Storage bucket where secrets are kept" -} - -variable gcloud_vm_service_account_email { - type = string - description = "The email of the service account to associate virtual machines with" -} - -variable genesis_content_base64 { - type = string - description = "Content of the genesis file encoded in base64" -} - -variable geth_bootnode_docker_image_repository { - type = string - description = "Repository of the bootnode docker image" -} - -variable geth_bootnode_docker_image_tag { - type = string - description = "Tag of the bootnode docker image" -} - -variable geth_metrics { - type = string - description = "Enable Geth metrics (prometheus format) on port 6060" -} - -variable geth_node_docker_image_repository { - type = string - description = "Repository of the geth docker image" -} - -variable geth_node_docker_image_tag { - type = string - description = "Tag of the geth docker image" -} - -variable geth_verbosity { - type = number - description = "Verbosity of all geth nodes" -} - -variable in_memory_discovery_table { - type = bool - description = "Specifies whether to use an in memory discovery table" -} - -variable istanbul_request_timeout_ms { - type = number - description = "The number of ms for the istanbul request timeout" -} - -variable letsencrypt_email { - type = string - description = "The email to create letsencrypt certificates with" -} - -variable network_id { - type = number - description = "The network ID number" -} - -variable network_name { - type = string - description = "The name of the network to use" -} -variable node_disk_size_gb { - type = number - description = "The size in GB of disks for validators, proxies, and txnodes" -} - -variable private_node_disk_size_gb { - type = number - description = "The size in GB of disks for all private txnodes" -} - -variable private_tx_node_count { - type = number - description = "Number of private tx-nodes that are created with RPC ports only internally exposed" - default = 0 -} - -variable proxies_per_validator { - type = list(number) - description = "Number of proxies for each validator that is proxied. Does not include validators that aren't proxied. indices correspond to validator indices." -} - -variable tx_node_count { - type = number - description = "Number of public tx-nodes to create" -} - -variable validator_count { - type = number - description = "Number of validators to create" -} diff --git a/yarn.lock b/yarn.lock index 1a22761c3bc..b4f5c21ef57 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1985,11 +1985,11 @@ xdg-basedir "^4.0.0" "@grpc/grpc-js@^0.3.0", "@grpc/grpc-js@^1.1.8", "@grpc/grpc-js@~1.0.0", "@grpc/grpc-js@~1.4.0": - version "1.5.4" - resolved "https://registry.yarnpkg.com/@grpc/grpc-js/-/grpc-js-1.5.4.tgz#dd0237ad7df80a7a24766fe516d7e4a22cb4855e" - integrity sha512-+nJTOsqpFAXnfFrMZ7Too4XXZ/J9O+8jYvSoaunupoC7I7b9H4iex1BRsbTdOmiowfPGJrWit7jUPmbENSUSpw== + version "1.8.13" + resolved "https://registry.yarnpkg.com/@grpc/grpc-js/-/grpc-js-1.8.13.tgz#e775685962909b76f8d4b813833c3d123867165b" + integrity sha512-iY3jsdfbc0ARoCLFvbvUB8optgyb0r1XLPb142u+QtgBcKJYkCIFt3Fd/881KqjLYWjsBJF57N3b8Eop9NDfUA== dependencies: - "@grpc/proto-loader" "^0.6.4" + "@grpc/proto-loader" "^0.7.0" "@types/node" ">=12.12.47" "@grpc/proto-loader@^0.4.0": @@ -2019,15 +2019,15 @@ protobufjs "^6.10.0" yargs "^16.1.1" -"@grpc/proto-loader@^0.6.4": - version "0.6.9" - resolved "https://registry.yarnpkg.com/@grpc/proto-loader/-/proto-loader-0.6.9.tgz#4014eef366da733f8e04a9ddd7376fe8a58547b7" - integrity sha512-UlcCS8VbsU9d3XTXGiEVFonN7hXk+oMXZtoHHG2oSA1/GcDP1q6OUgs20PzHDGizzyi8ufGSUDlk3O2NyY7leg== +"@grpc/proto-loader@^0.7.0": + version "0.7.6" + resolved "https://registry.yarnpkg.com/@grpc/proto-loader/-/proto-loader-0.7.6.tgz#b71fdf92b184af184b668c4e9395a5ddc23d61de" + integrity sha512-QyAXR8Hyh7uMDmveWxDSUcJr9NAWaZ2I6IXgAYvQmfflwouTM+rArE2eEaCtLlRqO81j7pRLCt81IefUei6Zbw== dependencies: "@types/long" "^4.0.1" lodash.camelcase "^4.3.0" long "^4.0.0" - protobufjs "^6.10.0" + protobufjs "^7.0.0" yargs "^16.2.0" "@gulp-sourcemaps/map-sources@1.X": @@ -2038,14 +2038,13 @@ normalize-path "^2.0.1" through2 "^2.0.3" -"@iarna/cli@^1.2.0": - version "1.2.0" - resolved "https://registry.yarnpkg.com/@iarna/cli/-/cli-1.2.0.tgz#0f7af5e851afe895104583c4ca07377a8094d641" - integrity sha512-ukITQAqVs2n9HGmn3car/Ir7d3ta650iXhrG7pjr3EWdFmJuuOVWgYsu7ftsSe5VifEFFhjxVuX9+8F7L8hwcA== +"@iarna/cli@^2.1.0": + version "2.1.0" + resolved "https://registry.yarnpkg.com/@iarna/cli/-/cli-2.1.0.tgz#f830356d54c72c804bd7afc43999de31e40fc3d6" + integrity sha512-rvVVqDa2g860niRbqs3D5RhL4la3dc1vwk+NlpKPZxKaMSHtE2se6C2x8NeveN+rcjp3/686X+u+09CZ+7lmAQ== dependencies: + glob "^7.1.2" signal-exit "^3.0.2" - update-notifier "^2.2.0" - yargs "^8.0.2" "@istanbuljs/load-nyc-config@^1.0.0": version "1.0.0" @@ -4462,9 +4461,9 @@ "@types/pg-types" "*" "@types/prettier@^1.13.2", "@types/prettier@^2.0.0", "@types/prettier@^2.2.1": - version "2.4.3" - resolved "https://registry.yarnpkg.com/@types/prettier/-/prettier-2.4.3.tgz#a3c65525b91fca7da00ab1a3ac2b5a2a4afbffbf" - integrity sha512-QzSuZMBuG5u8HqYz01qtMdg/Jfctlnvj1z/lYnIDXs/golxw0fxtRAHd9KrzjR7Yxz1qVeI00o0kiO3PmVdJ9w== + version "2.7.2" + resolved "https://registry.yarnpkg.com/@types/prettier/-/prettier-2.7.2.tgz#6c2324641cc4ba050a8c710b2b251b377581fbf0" + integrity sha512-KufADq8uQqo1pYKVIYzfKbJfBAc0sOeXqGbFaSpv8MRmC/zXgowNZmFcbngndGk922QDmOASEXUZCaY48gs4cg== "@types/promise.allsettled@^1.0.3": version "1.0.3" @@ -4978,7 +4977,7 @@ amdefine@>=0.0.4: ansi-align@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/ansi-align/-/ansi-align-2.0.0.tgz#c36aeccba563b89ceb556f3690f0b1d9e3547f7f" - integrity sha1-w2rsy6VjuJzrVW82kPCx2eNUf38= + integrity sha512-TdlOggdA/zURfMYa7ABC66j+oqfMew58KpJMbUlH3bcZP1b+cBHIHDDn5uH9INsxrHBPjsqM0tDB4jPTF/vgJA== dependencies: string-width "^2.0.0" @@ -5034,7 +5033,7 @@ ansi-regex@^2.0.0, ansi-regex@^2.1.1: resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-2.1.1.tgz#c3b33ab5ee360d86e0e628f0468ae7ef27d654df" integrity sha1-w7M6te42DYbg5ijwRorn7yfWVN8= -ansi-regex@^3.0.0, ansi-regex@~3.0.0: +ansi-regex@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-3.0.0.tgz#ed0317c322064f79466c02966bddb605ab37d998" integrity sha1-7QMXwyIGT3lGbAKWa922Bas32Zg= @@ -5054,6 +5053,11 @@ ansi-regex@^5.0.1: resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304" integrity sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ== +ansi-regex@~3.0.0: + version "3.0.1" + resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-3.0.1.tgz#123d6479e92ad45ad897d4054e3c7ca7db4944e1" + integrity sha512-+O9Jct8wf++lXxxFc4hc8LsjaSq0HFzzL7cVsw8pRDIPdjKD2mT4ytDZlLuSBZ4cLKZFXIrMGO7DbQCtMJJMKw== + ansi-styles@^2.2.1: version "2.2.1" resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-2.2.1.tgz#b432dd3358b634cf75e1e4664368240533c1ddbe" @@ -5094,7 +5098,7 @@ ansicolors@~0.3.2: ansistyles@~0.1.3: version "0.1.3" resolved "https://registry.yarnpkg.com/ansistyles/-/ansistyles-0.1.3.tgz#5de60415bda071bb37127854c864f41b23254539" - integrity sha1-XeYEFb2gcbs3EnhUyGT0GyMlRTk= + integrity sha512-6QWEyvMgIXX0eO972y7YPBLSBsq7UWKFAoNNTLGaOJ9bstcEL9sCbcjf96dVfNDdUsRoGOK82vWFJlKApXds7g== antlr4@4.7.1: version "4.7.1" @@ -6249,7 +6253,7 @@ balanced-match@^1.0.0: base-64@^0.1.0: version "0.1.0" resolved "https://registry.yarnpkg.com/base-64/-/base-64-0.1.0.tgz#780a99c84e7d600260361511c4877613bf24f6bb" - integrity sha1-eAqZyE59YAJgNhURxId2E78k9rs= + integrity sha512-Y5gU45svrR5tI2Vt/X9GPd3L0HNIKzGu202EjxrXMpuc2V2CiKgemAbUUsqYmZJvPtCXoUKjNZwBJzsNScUbXA== base-x@^3.0.2, base-x@^3.0.8: version "3.0.8" @@ -6870,12 +6874,12 @@ bufferutil@^4.0.1: builtin-modules@^1.0.0, builtin-modules@^1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/builtin-modules/-/builtin-modules-1.1.1.tgz#270f076c5a72c02f5b65a47df94c5fe3a278892f" - integrity sha1-Jw8HbFpywC9bZaR9+Uxf46J4iS8= + integrity sha512-wxXCdllwGhI2kCC0MnvTGYTMvnVZTvqgypkiTI8Pa5tcz2i6VqsqwYGgqwXji+4RgCzms6EajE4IxiUH6HH8nQ== builtin-status-codes@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/builtin-status-codes/-/builtin-status-codes-3.0.0.tgz#85982878e21b98e1c66425e03d0174788f569ee8" - integrity sha1-hZgoeOIbmOHGZCXgPQF0eI9Wnug= + integrity sha512-HpGFw18DgFWlncDfjTa2rcQ4W88O1mC8e8yZ2AvQY5KDaktSTwo+KRf6nHK6FRI5FyRyb/5T6+TSxfP7QyGsmQ== builtins@^1.0.3: version "1.0.3" @@ -7136,7 +7140,7 @@ camelcase@^3.0.0: camelcase@^4.0.0, camelcase@^4.1.0: version "4.1.0" resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-4.1.0.tgz#d545635be1e33c542649c69173e5de6acfae34dd" - integrity sha1-1UVjW+HjPFQmScaRc+Xeas+uNN0= + integrity sha512-FxAv7HpHrXbh3aPo4o2qxHay2lkLY3x5Mw3KeE4KQE8ysVfziWeRZDwcjauvwBSGEC/nXUPzZy8zeh4HokqOnw== camelcase@^5.0.0, camelcase@^5.3.1: version "5.3.1" @@ -7171,9 +7175,9 @@ capture-exit@^1.2.0: rsvp "^3.3.3" capture-stack-trace@^1.0.0: - version "1.0.1" - resolved "https://registry.yarnpkg.com/capture-stack-trace/-/capture-stack-trace-1.0.1.tgz#a6c0bbe1f38f3aa0b92238ecb6ff42c344d4135d" - integrity sha512-mYQLZnx5Qt1JgB1WEiMCf2647plpGeQ2NMR/5L0HNZzGQo4fuSPnK+wjfPnKZV0aiJDgzmWqqkV/g7JD+DW0qw== + version "1.0.2" + resolved "https://registry.yarnpkg.com/capture-stack-trace/-/capture-stack-trace-1.0.2.tgz#1c43f6b059d4249e7f3f8724f15f048b927d3a8a" + integrity sha512-X/WM2UQs6VMHUtjUDnZTRI+i1crWteJySFzr9UpGoQa4WQffXVTTXuekjl7TjZRlcF2XfjgITT0HxZ9RnxeT0w== cardinal@^2.1.1: version "2.1.1" @@ -7375,7 +7379,7 @@ chownr@^1.0.1, chownr@^1.1.1, chownr@^1.1.2: chownr@~1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/chownr/-/chownr-1.0.1.tgz#e2a75042a9551908bebd25b8523d5f9769d79181" - integrity sha1-4qdQQqlVGQi+vSW4Uj1fl2nXkYE= + integrity sha512-cKnqUJAC8G6cuN1DiRRTifu+s1BlAQNtalzGphFEV0pl0p46dsxJD4l1AOlyKJeLZOFzo3c34R7F3djxaCu8Kw== ci-info@^1.5.0: version "1.6.0" @@ -7390,7 +7394,7 @@ ci-info@^2.0.0: cidr-regex@1.0.6: version "1.0.6" resolved "https://registry.yarnpkg.com/cidr-regex/-/cidr-regex-1.0.6.tgz#74abfd619df370b9d54ab14475568e97dd64c0c1" - integrity sha1-dKv9YZ3zcLnVSrFEdVaOl91kwME= + integrity sha512-vIIQZtDT0y3GmcVqi4Uhd43s7HKn5DtH8/CcmHe/XG1Vb4JpUgOfTynZzYSo1zeB+j4GbA38Eu2P9UTbIzDw5g== cids@^0.7.1: version "0.7.5" @@ -7453,7 +7457,7 @@ clean-stack@^3.0.0: cli-boxes@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/cli-boxes/-/cli-boxes-1.0.0.tgz#4fa917c3e59c94a004cd61f8ee509da651687143" - integrity sha1-T6kXw+WclKAEzWH47lCdplFocUM= + integrity sha512-3Fo5wu8Ytle8q9iCzS4D2MWVL2X7JVWRiS1BnXbTFDhS9c/REkM9vd1AmabsoZoY5/dGi5TT9iKL8Kb6DeBRQg== cli-boxes@^2.2.0, cli-boxes@^2.2.1: version "2.2.1" @@ -7475,7 +7479,7 @@ cli-color@^1.2.0: cli-columns@^3.1.2: version "3.1.2" resolved "https://registry.yarnpkg.com/cli-columns/-/cli-columns-3.1.2.tgz#6732d972979efc2ae444a1f08e08fa139c96a18e" - integrity sha1-ZzLZcpee/CrkRKHwjgj6E5yWoY4= + integrity sha512-iQYpDgpPPmCjn534ikQOhi+ydP6uMar+DtJ6a0In4aGL/PKqWfao75s6eF81quQQaz7isGz+goNECLARRZswdg== dependencies: string-width "^2.0.0" strip-ansi "^3.0.1" @@ -7510,7 +7514,7 @@ cli-spinners@^2.0.0: cli-table2@~0.2.0: version "0.2.0" resolved "https://registry.yarnpkg.com/cli-table2/-/cli-table2-0.2.0.tgz#2d1ef7f218a0e786e214540562d4bd177fe32d97" - integrity sha1-LR738hig54biFFQFYtS9F3/jLZc= + integrity sha512-rNig1Ons+B0eTcophmN0nlbsROa7B3+Yfo1J3leU56awc8IuKDW3MLMv9gayl4zUnYaLGg8CrecKso+hSmUvUw== dependencies: lodash "^3.10.1" string-width "^1.0.1" @@ -7692,7 +7696,7 @@ cloneable-readable@^1.0.0: cmd-shim@^2.0.2, cmd-shim@~2.0.2: version "2.0.2" resolved "https://registry.yarnpkg.com/cmd-shim/-/cmd-shim-2.0.2.tgz#6fcbda99483a8fd15d7d30a196ca69d688a2efdb" - integrity sha1-b8vamUg6j9FdfTChlspp1oii79s= + integrity sha512-NLt0ntM0kvuSNrToO0RTFiNRHdioWsLW+OgDAEVDvIivsYwR+AjlzvLaMJ2Z+SNRpV3vdsDrHp1WI00eetDYzw== dependencies: graceful-fs "^4.1.2" mkdirp "~0.5.0" @@ -7801,15 +7805,15 @@ color@3.0.x: color-convert "^1.9.1" color-string "^1.5.2" -colorette@2.0.16: - version "2.0.16" - resolved "https://registry.yarnpkg.com/colorette/-/colorette-2.0.16.tgz#713b9af84fdb000139f04546bd4a93f62a5085da" - integrity sha512-hUewv7oMjCp+wkBv5Rm0v87eJhq4woh5rSR+42YSQJKecCqgIqNkZ6lAlQms/BwHPJA5NKMRlpxPRv0n8HQW6g== +colorette@2.0.19: + version "2.0.19" + resolved "https://registry.yarnpkg.com/colorette/-/colorette-2.0.19.tgz#cdf044f47ad41a0f4b56b3a0d5b4e6e1a2d5a798" + integrity sha512-3tlv/dIP7FWvj3BsbHrGLJ6l/oKh1O3TcgBqMn+yyCagOxc23fyzDS6HypQbgxWbkpDnf52p1LuR4eWDQ/K9WQ== colorette@^1.0.7: - version "1.1.0" - resolved "https://registry.yarnpkg.com/colorette/-/colorette-1.1.0.tgz#1f943e5a357fac10b4e0f5aaef3b14cdc1af6ec7" - integrity sha512-6S062WDQUXi6hOfkO/sBPVwE5ASXY4G2+b4atvhJfSsuUUhIaUKlkjLe9692Ipyt5/a+IPF5aVTu3V5gvXq5cg== + version "1.4.0" + resolved "https://registry.yarnpkg.com/colorette/-/colorette-1.4.0.tgz#5190fbb87276259a86ad700bff2c6d6faa3fca40" + integrity sha512-Y2oEozpomLn7Q3HFP7dpww7AtMJplbM9lGZP6RDfHqmbeRjiwRg4n6VM6j4KLmRke85uWEI7JqF17f3pqdRA0g== colorette@^1.2.1: version "1.2.2" @@ -7847,7 +7851,7 @@ colour@~0.7.1: columnify@^1.5.4, columnify@~1.5.4: version "1.5.4" resolved "https://registry.yarnpkg.com/columnify/-/columnify-1.5.4.tgz#4737ddf1c7b69a8a7c340570782e947eec8e78bb" - integrity sha1-Rzfd8ce2mop8NAVweC6UfuyOeLs= + integrity sha512-rFl+iXVT1nhLQPfGDw+3WcS8rmm7XsLKUmhsGE3ihzzpIikeGrTaZPIRKYWeLsLBypsHzjXIvYEltVUZS84XxQ== dependencies: strip-ansi "^3.0.0" wcwidth "^1.0.0" @@ -7941,9 +7945,9 @@ compare-versions@^3.5.1: integrity sha512-W6Af2Iw1z4CB7q4uU4hv646dW9GQuBM+YpC0UvUCWSD8w90SJjp+ujJuXaEMtAXBtSqGfMPuFOVn4/+FlaqfBA== complex.js@^2.0.11: - version "2.0.15" - resolved "https://registry.yarnpkg.com/complex.js/-/complex.js-2.0.15.tgz#7add6848b4c1d12aa9262f7df925ebe7a51a7406" - integrity sha512-gDBvQU8IG139ZBQTSo2qvDFP+lANMGluM779csXOr6ny1NUtA3wkUnCFjlDNH/moAVfXtvClYt6G0zarFbtz5w== + version "2.1.1" + resolved "https://registry.yarnpkg.com/complex.js/-/complex.js-2.1.1.tgz#0675dac8e464ec431fb2ab7d30f41d889fb25c31" + integrity sha512-8njCHOTtFFLtegk6zQo0kkVX1rngygb/KQI6z1qZxlFI3scluC+LVTCFbrkWjBv4vvLlbQ9t88IPMC6k95VTTg== component-emitter@^1.2.0, component-emitter@^1.2.1: version "1.2.1" @@ -8036,11 +8040,11 @@ config-chain@~1.1.11: proto-list "~1.2.1" configstore@^3.0.0: - version "3.1.2" - resolved "https://registry.yarnpkg.com/configstore/-/configstore-3.1.2.tgz#c6f25defaeef26df12dd33414b001fe81a543f8f" - integrity sha512-vtv5HtGjcYUgFrXc6Kx747B83MRRVS5R1VTEQoXvuP+kMI+if6uywV0nDGoiydJRy4yk7h9od5Og0kxx4zUXmw== + version "3.1.5" + resolved "https://registry.yarnpkg.com/configstore/-/configstore-3.1.5.tgz#e9af331fadc14dabd544d3e7e76dc446a09a530f" + integrity sha512-nlOhI4+fdzoK5xmJ+NY+1gZK56bwEaWZr8fYuXohZ9Vkc1o3a4T/R3M+yE/w7x/ZVJ1zF8c+oaOvF0dztdUgmA== dependencies: - dot-prop "^4.1.0" + dot-prop "^4.2.1" graceful-fs "^4.1.2" make-dir "^1.0.0" unique-string "^1.0.0" @@ -8082,11 +8086,9 @@ connect@^3.6.2: utils-merge "1.0.1" console-browserify@^1.1.0: - version "1.1.0" - resolved "https://registry.yarnpkg.com/console-browserify/-/console-browserify-1.1.0.tgz#f0241c45730a9fc6323b206dbf38edc741d0bb10" - integrity sha1-8CQcRXMKn8YyOyBtvzjtx0HQuxA= - dependencies: - date-now "^0.1.4" + version "1.2.0" + resolved "https://registry.yarnpkg.com/console-browserify/-/console-browserify-1.2.0.tgz#67063cef57ceb6cf4993a2ab3a55840ae8c49336" + integrity sha512-ZMkYO/LkF17QvCPqM0gxw8yUzigAOZOSWSHg91FH6orS7vcEj5dVZTidN2fQ14yBSdg97RqhSNwLUXInd52OTA== console-control-strings@^1.0.0, console-control-strings@^1.1.0, console-control-strings@~1.1.0: version "1.1.0" @@ -8096,7 +8098,7 @@ console-control-strings@^1.0.0, console-control-strings@^1.1.0, console-control- constants-browserify@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/constants-browserify/-/constants-browserify-1.0.0.tgz#c20b96d8c617748aaf1c16021760cd27fcb8cb75" - integrity sha1-wguW2MYXdIqvHBYCF2DNJ/y4y3U= + integrity sha512-xFxOwqIzR/e1k1gLiWEophSCMqXcwVHIH7akf7b/vxcUeGunlj3hvZaaqxwHsTgn+IndtkQJgSztIDWeumWJDQ== content-disposition@0.5.3: version "0.5.3" @@ -8327,7 +8329,7 @@ create-ecdh@^4.0.0: create-error-class@^3.0.0: version "3.0.2" resolved "https://registry.yarnpkg.com/create-error-class/-/create-error-class-3.0.2.tgz#06be7abef947a3f14a30fd610671d401bca8b7b6" - integrity sha1-Br56vvlHo/FKMP1hBnHUAbyot7Y= + integrity sha512-gYTKKexFO3kh200H1Nit76sRwRtOY32vQd3jpAQKpLtZqyNsSQNfI4N7o3eP2wUjV35pTWKRYqFUDBvUha/Pkw== dependencies: capture-stack-trace "^1.0.0" @@ -8576,11 +8578,6 @@ date-and-time@^2.0.0: resolved "https://registry.yarnpkg.com/date-and-time/-/date-and-time-2.0.1.tgz#bc8b72704980e8a0979bb186118d30d02059ef04" integrity sha512-O7Xe5dLaqvY/aF/MFWArsAM1J4j7w1CSZlPCX9uHgmb+6SbkPd8Q4YOvfvH/cZGvFlJFfHOZKxQtmMUOoZhc/w== -date-now@^0.1.4: - version "0.1.4" - resolved "https://registry.yarnpkg.com/date-now/-/date-now-0.1.4.tgz#eaf439fd4d4848ad74e5cc7dbef200672b9e345b" - integrity sha1-6vQ5/U1ISK105cx9vvIAZyueNFs= - date-utils@*: version "1.2.21" resolved "https://registry.yarnpkg.com/date-utils/-/date-utils-1.2.21.tgz#61fb16cdc1274b3c9acaaffe9fc69df8720a2b64" @@ -8592,9 +8589,9 @@ dateformat@^3.0.0: integrity sha512-jyCETtSl3VMZMWeRo7iY1FL19ges1t55hMo5yaam4Jrsm5EPL89UQkoQRyiI+Yf4k8r2ZpdngkV8hr1lIdjb3Q== dayjs@^1.8.15: - version "1.8.20" - resolved "https://registry.yarnpkg.com/dayjs/-/dayjs-1.8.20.tgz#724a5cb6ad1f6fc066b0bd9a800dedcc7886f19e" - integrity sha512-mH0MCDxw6UCGJYxVN78h8ugWycZAO8thkj3bW6vApL5tS0hQplIDdAQcmbvl7n35H0AKdCJQaArTrIQw2xt4Qg== + version "1.11.7" + resolved "https://registry.yarnpkg.com/dayjs/-/dayjs-1.11.7.tgz#4b296922642f70999544d1144a2c25730fce63e2" + integrity sha512-+Yw9U6YO5TQohxLcIkrXBeY73WP3ejHWVvx8XCk3gxvQDCTEmS48ZrSZCKciI7Bhl/uCMyxYtE9UqRILmFphkQ== debug-fabulous@0.0.X: version "0.0.4" @@ -8626,7 +8623,7 @@ debug@3.2.6, debug@^3.0.1, debug@^3.1.0: dependencies: ms "^2.1.1" -debug@4, debug@4.3.4, debug@^4.3.4: +debug@4, debug@4.3.4, debug@^4.0.1, debug@^4.1.0, debug@^4.1.1, debug@^4.3.1, debug@^4.3.2, debug@^4.3.4: version "4.3.4" resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.4.tgz#1319f6579357f2338d3337d2cdd4914bb5dcc865" integrity sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ== @@ -8640,27 +8637,6 @@ debug@4.1.0: dependencies: ms "^2.1.1" -debug@^4.0.1, debug@^4.1.0, debug@^4.1.1: - version "4.1.1" - resolved "https://registry.yarnpkg.com/debug/-/debug-4.1.1.tgz#3b72260255109c6b589cee050f1d516139664791" - integrity sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw== - dependencies: - ms "^2.1.1" - -debug@^4.3.1: - version "4.3.1" - resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.1.tgz#f0d229c505e0c6d8c49ac553d1b13dc183f6b2ee" - integrity sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ== - dependencies: - ms "2.1.2" - -debug@^4.3.2: - version "4.3.2" - resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.2.tgz#f0a49c18ac8779e31d4a0c6029dfb76873c7428b" - integrity sha512-mOp8wKcvj7XxC78zLgw/ZA+6TSgkoE2C/ienthhRD298T7UNwAg9diBpLRxC0mOezLl4B0xV7M0cCO6P/O0Xhw== - dependencies: - ms "2.1.2" - debuglog@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/debuglog/-/debuglog-1.0.1.tgz#aa24ffb9ac3df9a2351837cfb2d279360cd78492" @@ -8969,7 +8945,7 @@ detect-indent@^4.0.0: detect-indent@^5.0.0, detect-indent@~5.0.0: version "5.0.0" resolved "https://registry.yarnpkg.com/detect-indent/-/detect-indent-5.0.0.tgz#3871cc0a6a002e8c3e5b3cf7f336264675f06b9d" - integrity sha1-OHHMCmoALow+Wzz38zYmRnXwa50= + integrity sha512-rlpvsxUtM0PQvy9iZe640/IWwWYyBsTApREbA1pHOpmOUIl9MkP/U4z7vTtg4Oaojvqhxt7sdufnT0EzGaR31g== detect-installed@^2.0.4: version "2.0.4" @@ -8991,7 +8967,7 @@ detect-libc@^2.0.0: detect-newline@2.X, detect-newline@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/detect-newline/-/detect-newline-2.1.0.tgz#f41f1c10be4b00e87b5f13da680759f2c5bfd3e2" - integrity sha1-9B8cEL5LAOh7XxPaaAdZ8sW/0+I= + integrity sha512-CwffZFvlJffUg9zZA0uqrjQayUTC8ob94pnr5sFwaVv3IOmkfUHcWH+jXaQK3askE51Cqe8/9Ql/0uXNwqZ8Zg== detect-newline@^3.0.0: version "3.1.0" @@ -9032,7 +9008,7 @@ detox@^17.13.2: yargs "^16.0.3" yargs-unparser "^2.0.0" -dezalgo@1.0.3, dezalgo@^1.0.0, dezalgo@~1.0.3: +dezalgo@1.0.3, dezalgo@^1.0.0: version "1.0.3" resolved "https://registry.yarnpkg.com/dezalgo/-/dezalgo-1.0.3.tgz#7f742de066fc748bc8db820569dddce49bf0d456" integrity sha1-f3Qt4Gb8dIvI24IFad3c5Jvw1FY= @@ -9040,6 +9016,14 @@ dezalgo@1.0.3, dezalgo@^1.0.0, dezalgo@~1.0.3: asap "^2.0.0" wrappy "1" +dezalgo@~1.0.3: + version "1.0.4" + resolved "https://registry.yarnpkg.com/dezalgo/-/dezalgo-1.0.4.tgz#751235260469084c132157dfa857f386d4c33d81" + integrity sha512-rXSP0bf+5n0Qonsb+SVVfNfIsimO4HEtmnIpPHY8Q1UCzKlQrDMfdobr8nJOOsRgWCyMRqeSBQzmWUMq7zvVig== + dependencies: + asap "^2.0.0" + wrappy "1" + diagnostics@^1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/diagnostics/-/diagnostics-1.1.1.tgz#cab6ac33df70c9d9a727490ae43ac995a769b22a" @@ -9144,7 +9128,7 @@ domexception@^2.0.1: dependencies: webidl-conversions "^5.0.0" -dot-prop@^3.0.0, dot-prop@^4.1.0, dot-prop@^4.2.0, dot-prop@^5.2.0: +dot-prop@^3.0.0, dot-prop@^4.1.0, dot-prop@^4.2.0, dot-prop@^4.2.1, dot-prop@^5.2.0: version "5.2.0" resolved "https://registry.yarnpkg.com/dot-prop/-/dot-prop-5.2.0.tgz#c34ecc29556dc45f1f4c22697b6f4904e0cc4fcb" integrity sha512-uEUyaDKoSQ1M4Oq8l45hSE26SnTxL6snNnqvK/VWx5wJhmff5z0FUVJDKDanor/6w3kzE3i7XZOk+7wC0EXr1A== @@ -9268,7 +9252,7 @@ ecurve@^1.0.6: editor@~1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/editor/-/editor-1.0.0.tgz#60c7f87bd62bcc6a894fa8ccd6afb7823a24f742" - integrity sha1-YMf4e9YrzGqJT6jM1q+3gjok90I= + integrity sha512-SoRmbGStwNYHgKfjOrX2L0mUvp9bUVv0uPppZSOMAntEbcFtoC3MKF5b3T6HQPXKIV+QGY3xPO3JK5it5lVkuw== ee-first@1.1.1: version "1.1.1" @@ -9380,10 +9364,10 @@ ent@^2.2.0: resolved "https://registry.yarnpkg.com/ent/-/ent-2.2.0.tgz#e964219325a21d05f44466a2f686ed6ce5f5dd1d" integrity sha1-6WQhkyWiHQX0RGai9obtbOX13R0= -env-paths@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/env-paths/-/env-paths-1.0.0.tgz#4168133b42bb05c38a35b1ae4397c8298ab369e0" - integrity sha512-+6r/UAzikJWJPcQZpBQS+bVmjAMz2BkDP/N4n2Uz1zz8lyw1IHWUeVdh/85gs0dp5A+z76LOQhCZkR6F88mlUw== +env-paths@^2.2.0: + version "2.2.1" + resolved "https://registry.yarnpkg.com/env-paths/-/env-paths-2.2.1.tgz#420399d416ce1fbe9bc0a07c62fa68d67fd0f8f2" + integrity sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A== env-variable@0.0.x: version "0.0.6" @@ -9395,13 +9379,20 @@ err-code@^1.0.0: resolved "https://registry.yarnpkg.com/err-code/-/err-code-1.1.2.tgz#06e0116d3028f6aef4806849eb0ea6a748ae6960" integrity sha1-BuARbTAo9q70gGhJ6w6mp0iuaWA= -errno@~0.1.1, errno@~0.1.7: +errno@~0.1.1: version "0.1.7" resolved "https://registry.yarnpkg.com/errno/-/errno-0.1.7.tgz#4684d71779ad39af177e3f007996f7c67c852618" integrity sha512-MfrRBDWzIWifgq6tJj60gkAwtLNb6sQPlcFrSOflcP1aFmmruKQ2wRnze/8V6kgyz7H3FF8Npzv78mZ7XLLflg== dependencies: prr "~1.0.1" +errno@~0.1.7: + version "0.1.8" + resolved "https://registry.yarnpkg.com/errno/-/errno-0.1.8.tgz#8bb3e9c7d463be4976ff888f76b4809ebc2e811f" + integrity sha512-dJ6oBr5SQ1VSd9qkk7ByRgb/1SH4JZjCHSW/mr63/QcXO9zLVxvJ6Oy13nio03rxpSnVDDjFor75SjVeZWPW/A== + dependencies: + prr "~1.0.1" + error-ex@^1.2.0, error-ex@^1.3.1: version "1.3.1" resolved "https://registry.yarnpkg.com/error-ex/-/error-ex-1.3.1.tgz#f855a86ce61adc4e8621c3cda21e7a7612c3a8dc" @@ -10421,7 +10412,7 @@ events-listener@^1.1.0: events@1.1.1, events@^1.0.0: version "1.1.1" resolved "https://registry.yarnpkg.com/events/-/events-1.1.1.tgz#9ebdb7635ad099c70dcc4c2a1f5004288e8bd924" - integrity sha1-nr23Y1rQmccNzEwqH1AEKI6L2SQ= + integrity sha512-kEcvvCBByWXGnZy6JUlgAp2gBIUjfCAV6P6TgT1/aaQKcmuAEC4OZTV1I4EWQLz2gxZw76atuVyvHhTxvi0Flw== events@^3.0.0, events@^3.1.0: version "3.1.0" @@ -11032,7 +11023,7 @@ fill-range@^7.0.1: filter-obj@^1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/filter-obj/-/filter-obj-1.1.0.tgz#9b311112bc6c6127a16e016c6c5d7f19e0805c5b" - integrity sha1-mzERErxsYSehbgFsbF1/GeCAXFs= + integrity sha512-8rXg1ZnX7xzy2NGDVkBVaAy+lSlPNwad13BtgSlLuxfIslyt5Vg64U7tFcCt4WS1R0hvtnQybT/IyCkGZ3DpXQ== finalhandler@1.1.0: version "1.1.0" @@ -11429,9 +11420,9 @@ fp-ts@2.1.1: integrity sha512-YcWhMdDCFCja0MmaDroTgNu+NWWrrnUEn92nvDgrtVy9Z71YFnhNVIghoHPt8gs82ijoMzFGeWKvArbyICiJgw== fraction.js@^4.0.12: - version "4.1.0" - resolved "https://registry.yarnpkg.com/fraction.js/-/fraction.js-4.1.0.tgz#229ec1cedc8c3c7e5d2d20688ba64f0a43af5830" - integrity sha512-o9lSKpK0TDqDwTL24Hxqi6I99s942l6TYkfl6WvGWgLOIFz/YonSGKfiSeMadoiNvTfqnfOa9mjb5SGVbBK9/w== + version "4.2.0" + resolved "https://registry.yarnpkg.com/fraction.js/-/fraction.js-4.2.0.tgz#448e5109a313a3527f5a3ab2119ec4cf0e0e2950" + integrity sha512-MhLuK+2gUcnZe8ZHlaaINnQLl0xRIGRfcGk2yl8xoQAfHrSsL3rYu6FCmBdkdbhc9EPlwyGHewaRsvwRMJtAlA== fragment-cache@^0.2.1: version "0.2.1" @@ -11448,7 +11439,7 @@ fresh@0.5.2: from2@^1.3.0: version "1.3.0" resolved "https://registry.yarnpkg.com/from2/-/from2-1.3.0.tgz#88413baaa5f9a597cfde9221d86986cd3c061dfd" - integrity sha1-iEE7qqX5pZfP3pIh2GmGzTwGHf0= + integrity sha512-1eKYoECvhpM4IT70THQV8XNfmZoIlnROymbwOSazfmQO3kK+zCV+LSqUDzl7gDo3MZddCFeVa9Zg3Hi6FXqcgg== dependencies: inherits "~2.0.1" readable-stream "~1.1.10" @@ -11560,7 +11551,7 @@ fs-readdir-recursive@^1.1.0: fs-vacuum@^1.2.10, fs-vacuum@~1.2.10: version "1.2.10" resolved "https://registry.yarnpkg.com/fs-vacuum/-/fs-vacuum-1.2.10.tgz#b7629bec07a4031a2548fdf99f5ecf1cc8b31e36" - integrity sha1-t2Kb7AekAxolSP35n17PHMizHjY= + integrity sha512-bwbv1FcWYwxN1F08I1THN8nS4Qe/pGq0gM8dy1J34vpxxp3qgZKJPPaqex36RyZO0sD2J+2ocnbwC2d/OjYICQ== dependencies: graceful-fs "^4.1.2" path-is-inside "^1.0.1" @@ -12229,18 +12220,6 @@ glob@^7.0.0, glob@^7.0.5, glob@^7.1.1, glob@^7.1.2, glob@^7.1.3, glob@^7.1.4, gl once "^1.3.0" path-is-absolute "^1.0.0" -glob@^7.0.3: - version "7.2.3" - resolved "https://registry.yarnpkg.com/glob/-/glob-7.2.3.tgz#b8df0fb802bbfa8e89bd1d938b4e16578ed44f2b" - integrity sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q== - dependencies: - fs.realpath "^1.0.0" - inflight "^1.0.4" - inherits "2" - minimatch "^3.1.1" - once "^1.3.0" - path-is-absolute "^1.0.0" - glob@~7.1.2: version "7.1.7" resolved "https://registry.yarnpkg.com/glob/-/glob-7.1.7.tgz#3b193e9233f01d42d0b3f78294bbeeb418f94a90" @@ -12256,7 +12235,7 @@ glob@~7.1.2: global-dirs@^0.1.0: version "0.1.1" resolved "https://registry.yarnpkg.com/global-dirs/-/global-dirs-0.1.1.tgz#b319c0dd4607f353f3be9cca4c72fc148c49f445" - integrity sha1-sxnA3UYH81PzvpzKTHL8FIxJ9EU= + integrity sha512-NknMLn7F2J7aflwFOlGdNIuCDpN3VGoSoB+aap3KABFWbHVn1TCgFC+np23J8W2BiZbjfEw3BFBycSMv1AFblg== dependencies: ini "^1.3.4" @@ -12294,7 +12273,7 @@ global-modules@^0.2.3: global-npm@^0.3.0: version "0.3.0" resolved "https://registry.yarnpkg.com/global-npm/-/global-npm-0.3.0.tgz#7c5115394a677d1245c4e3ba0b78bb6752797ee0" - integrity sha1-fFEVOUpnfRJFxOO6C3i7Z1J5fuA= + integrity sha512-ByIj/lacWcBZRwskEMNHzqfyGk3dQaJ0Eh0NuD02nqn+t9ehpx9QYKc4K4QjbIBn3MPvTWd39IHsYmXoMT/tdw== dependencies: which "^1.2.1" @@ -12584,7 +12563,7 @@ got@9.6.0, got@^9.6.0: got@^6.7.1: version "6.7.1" resolved "https://registry.yarnpkg.com/got/-/got-6.7.1.tgz#240cd05785a9a18e561dc1b44b41c763ef1e8db0" - integrity sha1-JAzQV4WpoY5WHcG0S0HHY+8ejbA= + integrity sha512-Y/K3EDuiQN9rTZhBvPRWMLXIKdeD1Rj0nzunfoi0Yyn5WBEbzxXKU9Ub2X41oZBagVWOBU3MuDonFMgPWQFnwg== dependencies: create-error-class "^3.0.0" duplexer3 "^0.1.4" @@ -13128,7 +13107,7 @@ http-signature@~1.2.0: https-browserify@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/https-browserify/-/https-browserify-1.0.0.tgz#ec06c10e0a34c0f2faf199f7fd7fc78fffd03c73" - integrity sha1-7AbBDgo0wPL68Zn3/X/Hj//QPHM= + integrity sha512-J+FkSdyD+0mA0N+81tMotaRMfSL9SGi+xpD3T6YApKsc3bGSXJlfXri3VyFOeYkfLRQisDk1W+jIFFKBeUBbBg== https-proxy-agent@5, https-proxy-agent@^2.1.0, https-proxy-agent@^2.2.0, https-proxy-agent@^2.2.1, https-proxy-agent@^4.0.0, https-proxy-agent@^5.0.0: version "5.0.1" @@ -13337,11 +13316,16 @@ ini@2.0.0: resolved "https://registry.yarnpkg.com/ini/-/ini-2.0.0.tgz#e5fd556ecdd5726be978fa1001862eacb0a94bc5" integrity sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA== -ini@^1.3.2, ini@^1.3.4, ini@^1.3.5, ini@~1.3.0: +ini@^1.3.2, ini@^1.3.4, ini@~1.3.0: version "1.3.5" resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.5.tgz#eee25f56db1c9ec6085e0c22778083f596abf927" integrity sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw== +ini@^1.3.5: + version "1.3.8" + resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.8.tgz#a29da425b48806f34767a4efce397269af28432c" + integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew== + init-package-json@^1.10.3: version "1.10.3" resolved "https://registry.yarnpkg.com/init-package-json/-/init-package-json-1.10.3.tgz#45ffe2f610a8ca134f2bd1db5637b235070f6cbe" @@ -13455,7 +13439,12 @@ ip-regex@^2.1.0: resolved "https://registry.yarnpkg.com/ip-regex/-/ip-regex-2.1.0.tgz#fa78bf5d2e6913c911ce9f819ee5146bb6d844e9" integrity sha1-+ni/XS5pE8kRzp+BnuUUa7bYROk= -ip@^1.1.4, ip@^1.1.5: +ip@^1.1.4: + version "1.1.8" + resolved "https://registry.yarnpkg.com/ip/-/ip-1.1.8.tgz#ae05948f6b075435ed3307acce04629da8cdbf48" + integrity sha512-PuExPYUiu6qMBQb4l06ecm6T6ujzhmh+MeJcW9wa89PoAz5pvd4zPgN5WJV104mb6S2T1AwNIAaB70JNrLQWhg== + +ip@^1.1.5: version "1.1.5" resolved "https://registry.yarnpkg.com/ip/-/ip-1.1.5.tgz#bdded70114290828c0a039e72ef25f5aaec4354a" integrity sha1-vd7XARQpCCjAoDnnLvJfWq7ENUo= @@ -13552,7 +13541,7 @@ is-buffer@~2.0.3: is-builtin-module@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/is-builtin-module/-/is-builtin-module-1.0.0.tgz#540572d34f7ac3119f8f76c30cbc1b1e037affbe" - integrity sha1-VAVy0096wxGfj3bDDLwbHgN6/74= + integrity sha512-C2wz7Juo5pUZTFQVer9c+9b4qw3I5T/CHQxQyhVu7BJel6C22FmsLIWsdseYyOw6xz9Pqy9eJWSkQ7+3iN1HVw== dependencies: builtin-modules "^1.0.0" @@ -13583,7 +13572,7 @@ is-ci@^2.0.0: is-cidr@~1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/is-cidr/-/is-cidr-1.0.0.tgz#fb5aacf659255310359da32cae03e40c6a1c2afc" - integrity sha1-+1qs9lklUxA1naMsrgPkDGocKvw= + integrity sha512-IaCvhzobhmspClNQF750EuOF4PZu0BXfS8P/sQcOOoGaffcZhJZ0C523mlWrKmK0BFY30Nz2FF7Cik0i+C0CBA== dependencies: cidr-regex "1.0.6" @@ -13767,7 +13756,7 @@ is-hex-prefixed@1.0.0: is-installed-globally@^0.1.0: version "0.1.0" resolved "https://registry.yarnpkg.com/is-installed-globally/-/is-installed-globally-0.1.0.tgz#0dfd98f5a9111716dd535dda6492f67bf3d25a80" - integrity sha1-Df2Y9akRFxbdU13aZJL2e/PSWoA= + integrity sha512-ERNhMg+i/XgDwPIPF3u24qpajVreaiSuvpb1Uu0jugw7KKcxGyCX8cgp8P5fwTmAuXku6beDHHECdKArjlg7tw== dependencies: global-dirs "^0.1.0" is-path-inside "^1.0.0" @@ -13816,7 +13805,7 @@ is-negative-zero@^2.0.1: is-npm@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/is-npm/-/is-npm-1.0.0.tgz#f2fb63a65e4905b406c86072765a1a4dc793b9f4" - integrity sha1-8vtjpl5JBbQGyGBydloaTceTufQ= + integrity sha512-9r39FIr3d+KD9SbX0sfMsHzb5PP3uimOiwr3YupUaUFG4W0l1U57Rx3utpttV7qz5U3jmrO5auUa04LU9pyHsg== is-npm@^4.0.0: version "4.0.0" @@ -13882,7 +13871,7 @@ is-odd@^2.0.0: is-path-inside@^1.0.0: version "1.0.1" resolved "https://registry.yarnpkg.com/is-path-inside/-/is-path-inside-1.0.1.tgz#8ef5b7de50437a3fdca6b4e865ef7aa55cb48036" - integrity sha1-jvW33lBDej/cprToZe96pVy0gDY= + integrity sha512-qhsCR/Esx4U4hg/9I19OVUAJkGWtjRYHMRgUMZE2TDdj+Ag+kttZanLupfddNyglzz50cUlmWzUaI37GDfNx/g== dependencies: path-is-inside "^1.0.1" @@ -13943,7 +13932,7 @@ is-property@^1.0.0, is-property@^1.0.2: is-redirect@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/is-redirect/-/is-redirect-1.0.0.tgz#1d03dded53bd8db0f30c26e4f95d36fc7c87dc24" - integrity sha1-HQPd7VO9jbDzDCbk+V02/HyH3CQ= + integrity sha512-cr/SlUEe5zOGmzvj9bUyC4LVvkNVAXu4GytXLNMr1pny+a65MpQ9IJzFHD5vi7FyJgb4qt27+eS3TuQnqB+RQw== is-regex@^1.0.5, is-regex@^1.1.1: version "1.1.1" @@ -14289,7 +14278,7 @@ java-parser@^0.6.0: javascript-natural-sort@^0.7.1: version "0.7.1" resolved "https://registry.yarnpkg.com/javascript-natural-sort/-/javascript-natural-sort-0.7.1.tgz#f9e2303d4507f6d74355a73664d1440fb5a0ef59" - integrity sha1-+eIwPUUH9tdDVac2ZNFED7Wg71k= + integrity sha512-nO6jcEfZWQXDhOiBtG2KvKyEptz7RVbpGP4vTD2hLBdmNQSsCiicO2Ioinv6UI4y9ukqnBpy+XZ9H6uLNgJTlw== jest-changed-files@^26.6.2: version "26.6.2" @@ -15198,11 +15187,11 @@ kleur@^3.0.0: integrity sha512-P3kRv+B+Ra070ng2VKQqW4qW7gd/v3iD8sy/zOdcYRsfiD+QBokQNOps/AfP6Hr48cBhIIBFWckB9aO+IZhrWg== knex@^2.1.0: - version "2.1.0" - resolved "https://registry.yarnpkg.com/knex/-/knex-2.1.0.tgz#9348aace3a08ff5be26eb1c8e838416ddf1aa216" - integrity sha512-vVsnD6UJdSJy55TvCXfFF9syfwyXNxfE9mvr2hJL/4Obciy2EPGoqjDpgRSlMruHuPWDOeYAG25nyrGvU+jJog== + version "2.4.0" + resolved "https://registry.yarnpkg.com/knex/-/knex-2.4.0.tgz#7d33cc36f320cdac98741010544b4c6a98b8b19e" + integrity sha512-i0GWwqYp1Hs2yvc2rlDO6nzzkLhwdyOZKRdsMTB8ZxOs2IXQyL5rBjSbS1krowCh6V65T4X9CJaKtuIfkaPGSA== dependencies: - colorette "2.0.16" + colorette "2.0.19" commander "^9.1.0" debug "4.3.4" escalade "^3.1.1" @@ -15235,7 +15224,7 @@ last-run@^1.1.0: latest-version@^3.0.0: version "3.1.0" resolved "https://registry.yarnpkg.com/latest-version/-/latest-version-3.1.0.tgz#a205383fea322b33b5ae3b18abee0dc2f356ee15" - integrity sha1-ogU4P+oyKzO1rjsYq+4NwvNW7hU= + integrity sha512-Be1YRHWWlZaSsrz2U+VInk+tO0EwLIyV+23RhWLINJYwg/UIikxjlj3MhH37/6/EDCAusjajvMkMMUXRaMWl/w== dependencies: package-json "^4.0.0" @@ -15271,7 +15260,7 @@ lazy-debug-legacy@0.0.X: lazy-property@~1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/lazy-property/-/lazy-property-1.0.0.tgz#84ddc4b370679ba8bd4cdcfa4c06b43d57111147" - integrity sha1-hN3Es3Bnm6i9TNz6TAa0PVcREUc= + integrity sha512-O52TK7FHpBPzdtvc5GoF0EPLQIBMqrAupANPGBidPkrDpl9IXlzuma3T+m0o0OpkRVPmTu3SDoT7985lw4KbNQ== lazystream@^1.0.0: version "1.0.0" @@ -15596,16 +15585,6 @@ load-json-file@^1.0.0, load-json-file@^1.1.0: pinkie-promise "^2.0.0" strip-bom "^2.0.0" -load-json-file@^2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/load-json-file/-/load-json-file-2.0.0.tgz#7947e42149af80d696cbf797bcaabcfe1fe29ca8" - integrity sha1-eUfkIUmvgNaWy/eXvKq8/h/inKg= - dependencies: - graceful-fs "^4.1.2" - parse-json "^2.2.0" - pify "^2.0.0" - strip-bom "^3.0.0" - load-json-file@^4.0.0: version "4.0.0" resolved "https://registry.yarnpkg.com/load-json-file/-/load-json-file-4.0.0.tgz#2f5f45ab91e33216234fd53adab668eb4ec0993b" @@ -15651,11 +15630,11 @@ locate-path@^5.0.0: p-locate "^4.1.0" lock-verify@^2.0.2: - version "2.2.1" - resolved "https://registry.yarnpkg.com/lock-verify/-/lock-verify-2.2.1.tgz#81107948c51ed16f97b96ff8b60675affb243fc1" - integrity sha512-n0Zw2DVupKfZMazy/HIFVNohJ1z8fIoZ77WBnyyBGG6ixw83uJNyrbiJvvHWe1QKkGiBCjj8RCPlymltliqEww== + version "2.2.2" + resolved "https://registry.yarnpkg.com/lock-verify/-/lock-verify-2.2.2.tgz#9e93c0999dc3cbbede4f16f9cfdaa93ead8c76ef" + integrity sha512-2CUNtr1ZSVKJHcYP8uEzafmmuyauCB5zZimj8TvQd/Lflt9kXVZs+8S+EbAzZLaVUDn8CYGmeC3DFGdYfnCzeQ== dependencies: - "@iarna/cli" "^1.2.0" + "@iarna/cli" "^2.1.0" npm-package-arg "^6.1.0" semver "^5.4.1" @@ -15669,7 +15648,7 @@ lockfile@^1.0.4: lodash._baseuniq@~4.6.0: version "4.6.0" resolved "https://registry.yarnpkg.com/lodash._baseuniq/-/lodash._baseuniq-4.6.0.tgz#0ebb44e456814af7905c6212fa2c9b2d51b841e8" - integrity sha1-DrtE5FaBSveQXGIS+iybLVG4Qeg= + integrity sha512-Ja1YevpHZctlI5beLA7oc5KNDhGcPixFhcqSiORHNsp/1QTv7amAXzw+gu4YOvErqVlMVyIJGgtzeepCnnur0A== dependencies: lodash._createset "~4.0.0" lodash._root "~3.0.0" @@ -15677,7 +15656,7 @@ lodash._baseuniq@~4.6.0: lodash._createset@~4.0.0: version "4.0.3" resolved "https://registry.yarnpkg.com/lodash._createset/-/lodash._createset-4.0.3.tgz#0f4659fbb09d75194fa9e2b88a6644d363c9fe26" - integrity sha1-D0ZZ+7CddRlPqeK4imZE02PJ/iY= + integrity sha512-GTkC6YMprrJZCYU3zcqZj+jkXkrXzq3IPBcF/fIPpNEAB4hZEtXU8zp/RwKOvZl43NUmwDbyRk3+ZTbeRdEBXA== lodash._isnative@~2.4.1: version "2.4.1" @@ -15697,7 +15676,7 @@ lodash._reinterpolate@^3.0.0, lodash._reinterpolate@~3.0.0: lodash._root@~3.0.0: version "3.0.1" resolved "https://registry.yarnpkg.com/lodash._root/-/lodash._root-3.0.1.tgz#fba1c4524c19ee9a5f8136b4609f017cf4ded692" - integrity sha1-+6HEUkwZ7ppfgTa0YJ8BfPTe1pI= + integrity sha512-O0pWuFSK6x4EXhM1dhZ8gchNtG7JMqBtrHdoUFUWXD7dJnNSUze1GuyQr5sOs0aCvgGeI3o/OJW8f4ca7FDxmQ== lodash._shimkeys@~2.4.1: version "2.4.1" @@ -15739,7 +15718,7 @@ lodash.clone@^4.5.0: lodash.clonedeep@^4.5.0, lodash.clonedeep@~4.5.0: version "4.5.0" resolved "https://registry.yarnpkg.com/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz#e23f3f9c4f8fbdde872529c1071857a086e5ccef" - integrity sha1-4j8/nE+Pvd6HJSnBBxhXoIblzO8= + integrity sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ== lodash.defaults@^4.2.0: version "4.2.0" @@ -15917,12 +15896,12 @@ lodash.tostring@^4.0.0: lodash.union@^4.6.0, lodash.union@~4.6.0: version "4.6.0" resolved "https://registry.yarnpkg.com/lodash.union/-/lodash.union-4.6.0.tgz#48bb5088409f16f1821666641c44dd1aaae3cd88" - integrity sha1-SLtQiECfFvGCFmZkHETdGqrjzYg= + integrity sha512-c4pB2CdGrGdjMKYLA+XiRDO7Y0PRQbm/Gzg8qMj+QH+pFVAoTp5sBpO0odL3FjoPCGjK96p6qsP+yQoiLoOBcw== lodash.uniq@^4.5.0, lodash.uniq@~4.5.0: version "4.5.0" resolved "https://registry.yarnpkg.com/lodash.uniq/-/lodash.uniq-4.5.0.tgz#d0225373aeb652adc1bc82e4945339a842754773" - integrity sha1-0CJTc662Uq3BvILklFM5qEJ1R3M= + integrity sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ== lodash.values@^2.4.1: version "2.4.1" @@ -15939,7 +15918,7 @@ lodash.values@^4.3.0: lodash.without@~4.4.0: version "4.4.0" resolved "https://registry.yarnpkg.com/lodash.without/-/lodash.without-4.4.0.tgz#3cd4574a00b67bae373a94b748772640507b7aac" - integrity sha1-PNRXSgC2e643OpS3SHcmQFB7eqw= + integrity sha512-M3MefBwfDhgKgINVuBJCO1YR3+gf6s9HNJsIiZ/Ru77Ws6uTb9eBuvrkpzO+9iLoAaRodGuq7tyrPCx+74QYGQ== lodash@4.17.14, lodash@4.17.15, lodash@4.x, lodash@^2.4.1, lodash@^3.10.1, lodash@^4.16.4, lodash@^4.17.10, lodash@^4.17.11, lodash@^4.17.12, lodash@^4.17.13, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.19, lodash@^4.17.20, lodash@^4.17.21, lodash@^4.17.4, lodash@^4.17.5, lodash@^4.2.1, lodash@^4.7.0, lodash@~4.17.19: version "4.17.21" @@ -15990,6 +15969,11 @@ long@^4.0.0: resolved "https://registry.yarnpkg.com/long/-/long-4.0.0.tgz#9a7b71cfb7d361a194ea555241c92f7468d5bf28" integrity sha512-XsP+KhQif4bjX1kbuSiySJFNAehNxgLb6hPRGJ9QsUr8ajHkuXGdrHmFUTUUXhDwVX2R5bY4JNZEwbUiMhV+MA== +long@^5.0.0: + version "5.2.1" + resolved "https://registry.yarnpkg.com/long/-/long-5.2.1.tgz#e27595d0083d103d2fa2c20c7699f8e0c92b897f" + integrity sha512-GKSNGeNAtw8IryjjkhZxuKB3JzlcLTwjtiQCHKvqQet81I93kXslhDQruGI/QsddO83mcDToBVy7GqGS/zYf/A== + long@~3: version "3.2.0" resolved "https://registry.yarnpkg.com/long/-/long-3.2.0.tgz#d821b7138ca1cb581c172990ef14db200b5c474b" @@ -16641,13 +16625,6 @@ minimalistic-crypto-utils@^1.0.1: dependencies: brace-expansion "^1.1.7" -minimatch@^3.1.1: - version "3.1.2" - resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b" - integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw== - dependencies: - brace-expansion "^1.1.7" - minimist-options@^3.0.1: version "3.0.2" resolved "https://registry.yarnpkg.com/minimist-options/-/minimist-options-3.0.2.tgz#fba4c8191339e13ecf4d61beb03f070103f3d954" @@ -17309,22 +17286,22 @@ node-gyp-build@~3.7.0: resolved "https://registry.yarnpkg.com/node-gyp-build/-/node-gyp-build-3.7.0.tgz#daa77a4f547b9aed3e2aac779eaf151afd60ec8d" integrity sha512-L/Eg02Epx6Si2NXmedx+Okg+4UHqmaf3TNcxd50SF9NQGcJaON3AtU++kax69XV7YWz4tUspqZSAsVofhFKG2w== -node-gyp@5.0.1, node-gyp@8.x, node-gyp@^3.6.2, node-gyp@^4.0.0, node-gyp@^5.0.2, node-gyp@^8.0.0: - version "5.0.1" - resolved "https://registry.yarnpkg.com/node-gyp/-/node-gyp-5.0.1.tgz#db211e9c5d7f611e79d1dcbdc53bca646b99ae4c" - integrity sha512-D68549U6EDVJLrAkSOZCWX/nmlYo0eCX2dYZoTOOZJ7bEIFrSE/MQgsgMFBKjByJ323hNzkifw2OuT3A5bR5mA== +node-gyp@8.x, node-gyp@^3.6.2, node-gyp@^4.0.0, node-gyp@^5.0.2, node-gyp@^6.0.0, node-gyp@^8.0.0: + version "6.1.0" + resolved "https://registry.yarnpkg.com/node-gyp/-/node-gyp-6.1.0.tgz#64e31c61a4695ad304c1d5b82cf6b7c79cc79f3f" + integrity sha512-h4A2zDlOujeeaaTx06r4Vy+8MZ1679lU+wbCKDS4ZtvY2A37DESo37oejIw0mtmR3+rvNwts5B6Kpt1KrNYdNw== dependencies: - env-paths "^1.0.0" - glob "^7.0.3" - graceful-fs "^4.1.2" - mkdirp "^0.5.0" - nopt "2 || 3" - npmlog "0 || 1 || 2 || 3 || 4" - request "^2.87.0" - rimraf "2" - semver "~5.3.0" - tar "^4.4.8" - which "1" + env-paths "^2.2.0" + glob "^7.1.4" + graceful-fs "^4.2.2" + mkdirp "^0.5.1" + nopt "^4.0.1" + npmlog "^4.1.2" + request "^2.88.0" + rimraf "^2.6.3" + semver "^5.7.1" + tar "^4.4.12" + which "^1.3.1" node-hid@2.1.1: version "2.1.1" @@ -17482,7 +17459,7 @@ noop-logger@^0.1.1: resolved "https://registry.yarnpkg.com/noop-logger/-/noop-logger-0.1.1.tgz#94a2b1633c4f1317553007d8966fd0e841b6a4c2" integrity sha1-lKKxYzxPExdVMAfYlm/Q6EG2pMI= -"nopt@2 || 3", nopt@3.x: +nopt@3.x: version "3.0.6" resolved "https://registry.yarnpkg.com/nopt/-/nopt-3.0.6.tgz#c6465dbf08abcd4db359317f79ac68a646b28ff9" integrity sha512-4GUt3kSEYmk4ITxzB/b9vaIDfUVWN/Ml1Fwl11IlnIG2iaJ9O6WXZ9SrYM9NLI8OCBieN2Y8SWC2oJV0RQ7qYg== @@ -17574,7 +17551,7 @@ npm-bundled@^1.0.1: npm-cache-filename@~1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/npm-cache-filename/-/npm-cache-filename-1.0.2.tgz#ded306c5b0bfc870a9e9faf823bc5f283e05ae11" - integrity sha1-3tMGxbC/yHCp6fr4I7xfKD4FrhE= + integrity sha512-5v2y1KG06izpGvZJDSBR5q1Ej+NaPDO05yAAWBJE6+3eiId0R176Gz3Qc2vEmJnE+VGul84g6Qpq8fXzD82/JA== npm-install-checks@~3.0.0: version "3.0.2" @@ -17843,7 +17820,7 @@ npmi@^4.0.0: global-npm "^0.3.0" semver "^5.4.1" -"npmlog@0 || 1 || 2 || 3 || 4", "npmlog@2 || ^3.1.0 || ^4.0.0", npmlog@^4.0.1, npmlog@^4.0.2, npmlog@^4.1.2, npmlog@~4.1.2: +"npmlog@2 || ^3.1.0 || ^4.0.0", npmlog@^4.0.1, npmlog@^4.0.2, npmlog@^4.1.2, npmlog@~4.1.2: version "4.1.2" resolved "https://registry.yarnpkg.com/npmlog/-/npmlog-4.1.2.tgz#08a7f2a8bf734604779a9efa4ad5cc717abb954b" integrity sha512-2uUqazuKlTaSI/dC8AzicUck7+IrEaOnN/e0jd3Xtt1KcGpwx30v50mL7oPyr/h9bL3E4aZccVwpwP+5W9Vjkg== @@ -18152,7 +18129,7 @@ opencollective-postinstall@^2.0.2: opener@~1.4.3: version "1.4.3" resolved "https://registry.yarnpkg.com/opener/-/opener-1.4.3.tgz#5c6da2c5d7e5831e8ffa3964950f8d6674ac90b8" - integrity sha1-XG2ixdflgx6P+jlklQ+NZnSskLg= + integrity sha512-4Im9TrPJcjAYyGR5gBe3yZnBzw5n3Bfh1ceHHGNOpMurINKc6RdSIPXMyon4BZacJbJc36lLkhipioGbWh5pwg== openzeppelin-solidity@^2.5.0: version "2.5.0" @@ -18211,7 +18188,7 @@ original-require@1.0.1, original-require@^1.0.1: os-browserify@^0.3.0: version "0.3.0" resolved "https://registry.yarnpkg.com/os-browserify/-/os-browserify-0.3.0.tgz#854373c7f5c2315914fc9bfc6bd8238fdda1ec27" - integrity sha1-hUNzx/XCMVkU/Jv8a9gjj92h7Cc= + integrity sha512-gjcpUc3clBf9+210TRaDWbf+rZZZEshZ+DlXMRCeAjp0xhTrnQsKHypIy1J3d5hKdUzj69t708EHtU8P6bUn0A== os-homedir@^1.0.0, os-homedir@^1.0.1: version "1.0.2" @@ -18426,7 +18403,7 @@ pac-resolver@^5.0.0: package-json@^4.0.0: version "4.0.1" resolved "https://registry.yarnpkg.com/package-json/-/package-json-4.0.1.tgz#8869a0401253661c4c4ca3da6c2121ed555f5eed" - integrity sha1-iGmgQBJTZhxMTKPabCEh7VVfXu0= + integrity sha512-q/R5GrMek0vzgoomq6rm9OX+3PQve8sLwTirmK30YB3Cu0Bbt9OX9M/SIUnroN5BGJkzwGsFwDaRGD9EwBOlCA== dependencies: got "^6.7.1" registry-auth-token "^3.0.1" @@ -18689,7 +18666,7 @@ patch-package@^6.2.2: path-browserify@0.0.0: version "0.0.0" resolved "https://registry.yarnpkg.com/path-browserify/-/path-browserify-0.0.0.tgz#a0b870729aae214005b7d5032ec2cbbb0fb4451a" - integrity sha1-oLhwcpquIUAFt9UDLsLLuw+0RRo= + integrity sha512-WA3pxi1olUQcsl82W576vkqhUSGp0uBtr/381pxx5WXLp3NC+AB99hUG3aGW7H0Kg9PFr1D8wv1iJeICe+9Mhw== path-dirname@^1.0.0: version "1.0.2" @@ -18781,13 +18758,6 @@ path-type@^1.0.0: pify "^2.0.0" pinkie-promise "^2.0.0" -path-type@^2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/path-type/-/path-type-2.0.0.tgz#f012ccb8415b7096fc2daa1054c3d72389594c73" - integrity sha1-8BLMuEFbcJb8LaoQVMPXI4lZTHM= - dependencies: - pify "^2.0.0" - path-type@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/path-type/-/path-type-3.0.0.tgz#cef31dc8e0a1a3bb0d105c0cd97cf3bf47f4e36f" @@ -18816,7 +18786,7 @@ pathval@^1.1.0: pbkdf2@3.0.8: version "3.0.8" resolved "https://registry.yarnpkg.com/pbkdf2/-/pbkdf2-3.0.8.tgz#2f8abf16ebecc82277945d748aba1d78761f61e2" - integrity sha1-L4q/FuvsyCJ3lF10irodeHYfYeI= + integrity sha512-Bf7yBd61ChnMqPqf+PxHm34Iiq9M9Bkd/+JqzosPOqwG6FiTixtkpCs4PNd38+6/VYRvAxGe/GgPb4Q4GktFzg== dependencies: create-hmac "^1.1.2" @@ -18846,16 +18816,11 @@ pg-connection-string@0.1.3: resolved "https://registry.yarnpkg.com/pg-connection-string/-/pg-connection-string-0.1.3.tgz#da1847b20940e42ee1492beaf65d49d91b245df7" integrity sha1-2hhHsglA5C7hSSvq9l1J2RskXfc= -pg-connection-string@2.5.0: +pg-connection-string@2.5.0, pg-connection-string@^2.2.3: version "2.5.0" resolved "https://registry.yarnpkg.com/pg-connection-string/-/pg-connection-string-2.5.0.tgz#538cadd0f7e603fc09a12590f3b8a452c2c0cf34" integrity sha512-r5o/V/ORTA6TmUnyWZR9nCj1klXCO2CEKNRlVuJptZe85QuhFayC7WeMic7ndayT5IRIR0S0xFxFi2ousartlQ== -pg-connection-string@^2.2.3: - version "2.2.3" - resolved "https://registry.yarnpkg.com/pg-connection-string/-/pg-connection-string-2.2.3.tgz#48e1158ec37eaa82e98dbcb7307103ec303fe0e7" - integrity sha512-I/KCSQGmOrZx6sMHXkOs2MjddrYcqpza3Dtsy0AjIgBr/bZiPJRK9WhABXN1Uy1UDazRbi9gZEzO2sAhL5EqiQ== - pg-int8@1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/pg-int8/-/pg-int8-1.0.1.tgz#943bd463bf5b71b4170115f80f8efc9a0c0eb78c" @@ -19208,7 +19173,7 @@ process-nextick-args@~1.0.6: process@^0.11.0, process@^0.11.1, process@^0.11.10: version "0.11.10" resolved "https://registry.yarnpkg.com/process/-/process-0.11.10.tgz#7332300e840161bda3e69a1d1d91a7d4bc16f182" - integrity sha1-czIwDoQBYb2j5podHZGn1LwW8YI= + integrity sha512-cdGef/drWFoydD1JsMzuFf8100nZl+GT+yacc2bEced5f9Rjk4z+WtFUTBu9PhOi9j/jfmBPu0mMEY4wIdAF8A== process@~0.5.1: version "0.5.2" @@ -19382,6 +19347,24 @@ protobufjs@^6.8.0, protobufjs@^6.8.1, protobufjs@^6.8.6, protobufjs@^6.8.8, prot "@types/node" "^13.7.0" long "^4.0.0" +protobufjs@^7.0.0: + version "7.2.3" + resolved "https://registry.yarnpkg.com/protobufjs/-/protobufjs-7.2.3.tgz#01af019e40d9c6133c49acbb3ff9e30f4f0f70b2" + integrity sha512-TtpvOqwB5Gdz/PQmOjgsrGH1nHjAQVCN7JG4A6r1sXRWESL5rNMAiRcBQlCAdKxZcAbstExQePYG8xof/JVRgg== + dependencies: + "@protobufjs/aspromise" "^1.1.2" + "@protobufjs/base64" "^1.1.2" + "@protobufjs/codegen" "^2.0.4" + "@protobufjs/eventemitter" "^1.1.0" + "@protobufjs/fetch" "^1.1.0" + "@protobufjs/float" "^1.0.2" + "@protobufjs/inquire" "^1.1.0" + "@protobufjs/path" "^1.1.2" + "@protobufjs/pool" "^1.1.0" + "@protobufjs/utf8" "^1.1.0" + "@types/node" ">=13.7.0" + long "^5.0.0" + protocols@^1.1.0, protocols@^1.4.0: version "1.4.7" resolved "https://registry.yarnpkg.com/protocols/-/protocols-1.4.7.tgz#95f788a4f0e979b291ffefcf5636ad113d037d32" @@ -19682,7 +19665,7 @@ query-string@^6.1.0: querystring-es3@^0.2.0: version "0.2.1" resolved "https://registry.yarnpkg.com/querystring-es3/-/querystring-es3-0.2.1.tgz#9ec61f79049875707d69414596fd907a4d711e73" - integrity sha1-nsYfeQSYdXB9aUFFlv2Qek1xHnM= + integrity sha512-773xhDQnZBMFobEiztv8LIl70ch5MSF/jUQVlhwFyBILqq96anmoctVIYz+ZRp0qbCKATTn6ev02M3r7Ga5vqA== querystring@0.2.0, querystring@^0.2.0: version "0.2.0" @@ -19833,7 +19816,7 @@ read-cmd-shim@^1.0.1, read-cmd-shim@~1.0.1: read-installed@~4.0.3: version "4.0.3" resolved "https://registry.yarnpkg.com/read-installed/-/read-installed-4.0.3.tgz#ff9b8b67f187d1e4c29b9feb31f6b223acd19067" - integrity sha1-/5uLZ/GH0eTCm5/rMfayI6zRkGc= + integrity sha512-O03wg/IYuV/VtnK2h/KXEt9VIbMUFbk3ERG0Iu4FhLZw0EP0T9znqrYDGn6ncbEsXUFaUjiVAWXHzxwt3lhRPQ== dependencies: debuglog "^1.0.1" read-package-json "^2.0.0" @@ -19880,14 +19863,6 @@ read-pkg-up@^1.0.1: find-up "^1.0.0" read-pkg "^1.0.0" -read-pkg-up@^2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/read-pkg-up/-/read-pkg-up-2.0.0.tgz#6b72a8048984e0c41e79510fd5e9fa99b3b549be" - integrity sha1-a3KoBImE4MQeeVEP1en6mbO1Sb4= - dependencies: - find-up "^2.0.0" - read-pkg "^2.0.0" - read-pkg-up@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/read-pkg-up/-/read-pkg-up-3.0.0.tgz#3ed496685dba0f8fe118d0691dc51f4a1ff96f07" @@ -19914,15 +19889,6 @@ read-pkg@^1.0.0: normalize-package-data "^2.3.2" path-type "^1.0.0" -read-pkg@^2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/read-pkg/-/read-pkg-2.0.0.tgz#8ef1c0623c6a6db0dc6713c4bfac46332b2368f8" - integrity sha1-jvHAYjxqbbDcZxPEv6xGMysjaPg= - dependencies: - load-json-file "^2.0.0" - normalize-package-data "^2.3.2" - path-type "^2.0.0" - read-pkg@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/read-pkg/-/read-pkg-3.0.0.tgz#9cbc686978fee65d16c00e2b19c237fcf6e38389" @@ -20152,9 +20118,9 @@ regexpu-core@^2.0.0: regjsparser "^0.1.4" registry-auth-token@^3.0.1: - version "3.3.2" - resolved "https://registry.yarnpkg.com/registry-auth-token/-/registry-auth-token-3.3.2.tgz#851fd49038eecb586911115af845260eec983f20" - integrity sha512-JL39c60XlzCVgNrO+qq68FoNb56w/m7JYvGR2jT5iR1xBrUA3Mfx5Twk5rqTThPmQKMWydGmq8oFtDlxfrmxnQ== + version "3.4.0" + resolved "https://registry.yarnpkg.com/registry-auth-token/-/registry-auth-token-3.4.0.tgz#d7446815433f5d5ed6431cd5dca21048f66b397e" + integrity sha512-4LM6Fw8eBQdwMYcES4yTnn2TqIasbXuwDx3um+QRs7S55aMKCBKBxvPXl2RiUjHwuJLTyYfxSpmfSAjQpcuP+A== dependencies: rc "^1.1.6" safe-buffer "^5.0.1" @@ -20169,7 +20135,7 @@ registry-auth-token@^4.0.0: registry-url@^3.0.3: version "3.1.0" resolved "https://registry.yarnpkg.com/registry-url/-/registry-url-3.1.0.tgz#3d4ef870f73dde1d77f0cf9a381432444e174942" - integrity sha1-PU74cPc93h138M+aOBQyRE4XSUI= + integrity sha512-ZbgR5aZEdf4UKZVBPYIgaglBmSF2Hi94s2PcIHhRGFjKYu+chjJdYfHn4rt3hB6eCKLJ8giVIIfgMa1ehDfZKA== dependencies: rc "^1.0.1" @@ -20783,7 +20749,7 @@ secp256k1@^4.0.0, secp256k1@^4.0.1: seed-random@^2.2.0: version "2.2.0" resolved "https://registry.yarnpkg.com/seed-random/-/seed-random-2.2.0.tgz#2a9b19e250a817099231a5b99a4daf80b7fbed54" - integrity sha1-KpsZ4lCoFwmSMaW5mk2vgLf77VQ= + integrity sha512-34EQV6AAHQGhoc0tn/96a9Fsi6v2xdqe/dMUwljGRaFOzR3EgRmECvD0O8vi8X+/uQ50LGHfkNu/Eue5TPKZkQ== seedrandom@3.0.1: version "3.0.1" @@ -20815,7 +20781,7 @@ semver-compare@^1.0.0: semver-diff@^2.0.0: version "2.1.0" resolved "https://registry.yarnpkg.com/semver-diff/-/semver-diff-2.1.0.tgz#4bbb8437c8d37e4b0cf1a68fd726ec6d645d6d36" - integrity sha1-S7uEN8jTfksM8aaP1ybsbWRdbTY= + integrity sha512-gL8F8L4ORwsS0+iQ34yCYv///jsOq0ZL7WP55d1HnJ32o7tyFYEFQZQA22mrLIacZdU6xecaBBZ+uEiffGNyXw== dependencies: semver "^5.0.3" @@ -20877,11 +20843,6 @@ semver@^7.3.7: dependencies: lru-cache "^6.0.0" -semver@~5.3.0: - version "5.3.0" - resolved "https://registry.yarnpkg.com/semver/-/semver-5.3.0.tgz#9b2ce5d3de02d17c6012ad326aa6b4d0cf54f94f" - integrity sha512-mfmm3/H9+67MCVix1h+IXTpDwL6710LyHuk7+cWC9T1mE0qz4iHhh6r4hU2wrIT9iTsAAC2XQRvfblL028cpLw== - semver@~5.4.1: version "5.4.1" resolved "https://registry.yarnpkg.com/semver/-/semver-5.4.1.tgz#e059c09d8571f0540823733433505d3a2f00b18e" @@ -20943,9 +20904,9 @@ set-immediate-shim@^1.0.1: integrity sha1-SysbJ+uAip+NzEgaWOXlb1mfP2E= set-value@^0.2.0, set-value@^0.4.3, set-value@^2.0.0, set-value@^3.0.2: - version "3.0.2" - resolved "https://registry.yarnpkg.com/set-value/-/set-value-3.0.2.tgz#74e8ecd023c33d0f77199d415409a40f21e61b90" - integrity sha512-npjkVoz+ank0zjlV9F47Fdbjfj/PfXyVhZvGALWsyIYU/qrMzpi6avjKW3/7KeSU2Df3I46BrN1xOI1+6vW0hA== + version "3.0.3" + resolved "https://registry.yarnpkg.com/set-value/-/set-value-3.0.3.tgz#178e190d29cec6c086167222177b2fcb92f7ad56" + integrity sha512-Xsn/XSatoVOGBbp5hs3UylFDs5Bi9i+ArpVJKdHPniZHoEgRniXTqHWrWrGQ0PbEClVT6WtfnBwR8CAHC9sveg== dependencies: is-plain-object "^2.0.4" @@ -20995,7 +20956,7 @@ sha3@1.2.6, sha3@^1.2.2: sha@~2.0.1: version "2.0.1" resolved "https://registry.yarnpkg.com/sha/-/sha-2.0.1.tgz#6030822fbd2c9823949f8f72ed6411ee5cf25aae" - integrity sha1-YDCCL70smCOUn49y7WQR7lzyWq4= + integrity sha512-Lj/GiNro+/4IIvhDvTo2HDqTmQkbqgg/O3lbkM5lMgagriGPpWamxtq1KJPx7mCvyF1/HG6Hs7zaYaj4xpfXbA== dependencies: graceful-fs "^4.1.2" readable-stream "^2.0.2" @@ -21146,7 +21107,7 @@ smart-buffer@4.0.2: smart-buffer@^1.0.13: version "1.1.15" resolved "https://registry.yarnpkg.com/smart-buffer/-/smart-buffer-1.1.15.tgz#7f114b5b65fab3e2a35aa775bb12f0d1c649bf16" - integrity sha1-fxFLW2X6s+KjWqd1uxLw0cZJvxY= + integrity sha512-1+8bxygjTsNfvQe0/0pNBesTOlSHtOeG6b6LYbvsZCCHDKYZ40zcQo6YTnZBWrBSLWOCbrHljLdEmGMYebu7aQ== smart-buffer@^4.1.0: version "4.2.0" @@ -21216,7 +21177,7 @@ socks-proxy-agent@^4.0.0: socks@^1.1.10: version "1.1.10" resolved "https://registry.yarnpkg.com/socks/-/socks-1.1.10.tgz#5b8b7fc7c8f341c53ed056e929b7bf4de8ba7b5a" - integrity sha1-W4t/x8jzQcU+0FbpKbe/Tei6e1o= + integrity sha512-ArX4vGPULWjKDKgUnW8YzfI2uXW7kzgkJuB0GnFBA/PfT3exrrOk+7Wk2oeb894Qf20u1PWv9LEgrO0Z82qAzA== dependencies: ip "^1.1.4" smart-buffer "^1.0.13" @@ -21337,12 +21298,12 @@ sort-keys@^2.0.0: sorted-object@~2.0.1: version "2.0.1" resolved "https://registry.yarnpkg.com/sorted-object/-/sorted-object-2.0.1.tgz#7d631f4bd3a798a24af1dffcfbfe83337a5df5fc" - integrity sha1-fWMfS9OnmKJK8d/8+/6DM3pd9fw= + integrity sha512-oKAAs26HeTu3qbawzUGCkTOBv/5MRrcuJyRWwbfEnWdpXnXsj+WEM3HTvarV73tMcf9uBEZNZoNDVRL62VLxzA== sorted-union-stream@~2.1.3: version "2.1.3" resolved "https://registry.yarnpkg.com/sorted-union-stream/-/sorted-union-stream-2.1.3.tgz#c7794c7e077880052ff71a8d4a2dbb4a9a638ac7" - integrity sha1-x3lMfgd4gAUv9xqNSi27Sppjisc= + integrity sha512-RaKskQJZkmVREIwyAFho1RRU+sKjDdg51Crvxg2VxmIyiIrNhPNoJD/by5/pklWBXAZoO6LfAAGv8xd47p9TnQ== dependencies: from2 "^1.3.0" stream-iterate "^1.1.0" @@ -21610,7 +21571,7 @@ stream-http@^2.3.1: stream-iterate@^1.1.0: version "1.2.0" resolved "https://registry.yarnpkg.com/stream-iterate/-/stream-iterate-1.2.0.tgz#2bd7c77296c1702a46488b8ad41f79865eecd4e1" - integrity sha1-K9fHcpbBcCpGSIuK1B95hl7s1OE= + integrity sha512-QVfGkdBQ8NzsSIiL3rV6AoFFWwMvlg1qpTwVQaMGY5XYThDUuNM4hYSzi8pbKlimTsWyQdaWRZE+jwlPsMiiZw== dependencies: readable-stream "^2.1.5" stream-shift "^1.0.0" @@ -21641,7 +21602,7 @@ strict-uri-encode@^1.0.0: strict-uri-encode@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/strict-uri-encode/-/strict-uri-encode-2.0.0.tgz#b9c7330c7042862f6b142dc274bbcc5866ce3546" - integrity sha1-ucczDHBChi9rFC3CdLvMWGbONUY= + integrity sha512-QwiXZgpRcKkhTj2Scnn++4PKtWsH0kpzZ62L2R6c/LUVYv7hVnZqcg2+sMuT6R7Jusu1vviK/MFsu6kNJfWlEQ== string-hash@^1.1.3: version "1.1.3" @@ -22174,7 +22135,7 @@ tar-stream@^2.2.0: inherits "^2.0.3" readable-stream "^3.1.1" -tar@4.4.15, tar@^4, tar@^4.0.2, tar@^4.3.0, tar@^4.4.0, tar@^4.4.10, tar@^4.4.2, tar@^4.4.3, tar@^4.4.8, tar@^6.1.11: +tar@4.4.15, tar@^4, tar@^4.0.2, tar@^4.3.0, tar@^4.4.0, tar@^4.4.10, tar@^4.4.12, tar@^4.4.2, tar@^4.4.3, tar@^4.4.8, tar@^6.1.11: version "4.4.15" resolved "https://registry.yarnpkg.com/tar/-/tar-4.4.15.tgz#3caced4f39ebd46ddda4d6203d48493a919697f8" integrity sha512-ItbufpujXkry7bHH9NpQyTXPbJ72iTlXgkBAYsAjDXk3Ds8t/3NfO5P4xZGy7u+sYuQUbimgzswX4uQIEeNVOA== @@ -22302,7 +22263,7 @@ tempfile@^2.0.0: term-size@^1.2.0: version "1.2.0" resolved "https://registry.yarnpkg.com/term-size/-/term-size-1.2.0.tgz#458b83887f288fc56d6fffbfad262e26638efa69" - integrity sha1-RYuDiH8oj8Vtb/+/rSYuJmOO+mk= + integrity sha512-7dPUZQGy/+m3/wjVz3ZW5dobSoD/02NxJpoXUX0WIyjfVS3l0c+b/+9phIDFA7FHzkYtwtMFgeGZ/Y8jVTeqQQ== dependencies: execa "^0.7.0" @@ -22349,7 +22310,7 @@ text-hex@1.0.x: text-table@^0.2.0, text-table@~0.2.0: version "0.2.0" resolved "https://registry.yarnpkg.com/text-table/-/text-table-0.2.0.tgz#7f5ee823ae805207c00af2df4a84ec3fcfa570b4" - integrity sha1-f17oI66AUgfACvLfSoTsP8+lcLQ= + integrity sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw== then-request@^6.0.0: version "6.0.0" @@ -22555,7 +22516,7 @@ to-absolute-glob@^2.0.0: to-arraybuffer@^1.0.0: version "1.0.1" resolved "https://registry.yarnpkg.com/to-arraybuffer/-/to-arraybuffer-1.0.1.tgz#7d229b1fcc637e466ca081180836a7aabff83f43" - integrity sha1-fSKbH8xjfkZsoIEYCDanqr/4P0M= + integrity sha512-okFlQcoGTi4LQBG/PgSYblw9VOyptsz2KJZqc6qtgGdes8VktzUQkj4BI2blit072iS8VODNcMA+tvnS9dnuMA== to-buffer@^1.1.1: version "1.1.1" @@ -23011,7 +22972,7 @@ tsutils@^3.0.0, tsutils@^3.9.1: tty-browserify@0.0.0: version "0.0.0" resolved "https://registry.yarnpkg.com/tty-browserify/-/tty-browserify-0.0.0.tgz#a157ba402da24e9bf957f9aa69d524eed42901a6" - integrity sha1-oVe6QC2iTpv5V/mqadUk7tQpAaY= + integrity sha512-JVa5ijo+j/sOoHGjw0sxw734b1LhBkQ3bvUGNdxnVXDCX81Yx7TFgnZygxrIIWn23hbfTaMYLwRmAxFyDuFmIw== tunnel-agent@^0.4.0: version "0.4.3" @@ -23146,9 +23107,9 @@ typechain@2.0.0: ts-generator "^0.0.8" typed-function@^2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/typed-function/-/typed-function-2.0.0.tgz#15ab3825845138a8b1113bd89e60cd6a435739e8" - integrity sha512-Hhy1Iwo/e4AtLZNK10ewVVcP2UEs408DS35ubP825w/YgSBK1KVLwALvvIG4yX75QJrxjCpcWkzkVRB0BwwYlA== + version "2.1.0" + resolved "https://registry.yarnpkg.com/typed-function/-/typed-function-2.1.0.tgz#ded6f8a442ba8749ff3fe75bc41419c8d46ccc3f" + integrity sha512-bctQIOqx2iVbWGDGPWwIm18QScpu2XRmkC19D8rQGFsjKSgteq/o1hTZvIG/wuDq8fanpBDrLkLq+aEN/6y5XQ== typedarray-to-buffer@^3.1.5: version "3.1.5" @@ -23300,9 +23261,9 @@ unc-path-regex@^0.1.0, unc-path-regex@^0.1.2: integrity sha1-5z3T17DXxe2G+6xrCufYxqadUPo= underscore@1.12.1, underscore@1.9.1, underscore@>1.4.4, "underscore@>= 1.3.1", underscore@^1.12.1, underscore@^1.8.3: - version "1.13.2" - resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.13.2.tgz#276cea1e8b9722a8dbed0100a407dda572125881" - integrity sha512-ekY1NhRzq0B08g4bGuX4wd2jZx5GnKz6mKSqFL4nqBlfyMGiG10gDFhDTMEfYmDL6Jy0FUIZp7wiRB+0BP7J2g== + version "1.13.6" + resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.13.6.tgz#04786a1f589dc6c09f761fc5f45b89e935136441" + integrity sha512-+A5Sja4HP1M08MaXya7p5LvjuM7K6q/2EaC0+iovj/wOcMsTzMvDFbasi/oSapiwOlt252IqsKqPjCl7huKS0A== undertaker-registry@^1.0.0: version "1.0.1" @@ -23433,7 +23394,7 @@ unset-value@^1.0.0: unzip-response@^2.0.1: version "2.0.1" resolved "https://registry.yarnpkg.com/unzip-response/-/unzip-response-2.0.1.tgz#d2f0f737d16b0615e72a6935ed04214572d56f97" - integrity sha1-0vD3N9FrBhXnKmk17QQhRXLVb5c= + integrity sha512-N0XH6lqDtFH84JxptQoZYmloF4nzrQqqrAymNj+/gW60AO2AZgOcf4O/nUXJcYfyQkqvMo9lSupBZmmgvuVXlw== unzipper@^0.10.10: version "0.10.10" @@ -23456,7 +23417,7 @@ upath@^1.1.1: resolved "https://registry.yarnpkg.com/upath/-/upath-1.2.0.tgz#8f66dbcd55a883acdae4408af8b035a5044c1894" integrity sha512-aZwGpamFO61g3OlfT7OQCHqhGnW43ieH9WZeP7QxN/G/jS4jfqUkZxoryvJgVPEcrl5NL/ggHsSmLMHuH64Lhg== -update-notifier@^2.2.0, update-notifier@^2.3.0, update-notifier@^2.5.0: +update-notifier@^2.3.0, update-notifier@^2.5.0: version "2.5.0" resolved "https://registry.yarnpkg.com/update-notifier/-/update-notifier-2.5.0.tgz#d0744593e13f161e406acb1d9408b72cad08aff6" integrity sha512-gwMdhgJHGuj/+wHJJs9e6PcCszpxR1b236igrOkUofGhqJuG+amlIKwApH1IW1WWl7ovZxsX49lMBWLxSdm5Dw== @@ -23543,9 +23504,9 @@ url-parse-lax@^3.0.0: prepend-http "^2.0.0" url-parse@1.4.4, url-parse@^1.5.0, url-parse@^1.5.3: - version "1.5.4" - resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.4.tgz#e4f645a7e2a0852cc8a66b14b292a3e9a11a97fd" - integrity sha512-ITeAByWWoqutFClc/lRZnFplgXgEZr3WJ6XngMM/N9DMIm4K8zXPCZ1Jdu0rERwO84w1WC5wkle2ubwTA4NTBg== + version "1.5.10" + resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.10.tgz#9d3c2f736c1d75dd3bd2be507dcc111f1e2ea9c1" + integrity sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ== dependencies: querystringify "^2.1.1" requires-port "^1.0.0" @@ -23576,7 +23537,7 @@ url@0.10.3: url@^0.11.0: version "0.11.0" resolved "https://registry.yarnpkg.com/url/-/url-0.11.0.tgz#3838e97cfc60521eb73c525a8e55bfdd9e2e28f1" - integrity sha1-ODjpfPxgUh63PFJajlW/3Z4uKPE= + integrity sha512-kbailJa29QrtXnxgq+DdCEGlbTeYM2eJUxsz6vjZavrCYPMIFHMKQmSKYAIuUK2i7hgPm28a8piX5NTUtM/LKQ== dependencies: punycode "1.3.2" querystring "0.2.0" @@ -23637,7 +23598,7 @@ util-deprecate@^1.0.1, util-deprecate@~1.0.1: util-extend@^1.0.1: version "1.0.3" resolved "https://registry.yarnpkg.com/util-extend/-/util-extend-1.0.3.tgz#a7c216d267545169637b3b6edc6ca9119e2ff93f" - integrity sha1-p8IW0mdUUWljeztu3GypEZ4v+T8= + integrity sha512-mLs5zAK+ctllYBj+iAQvlDCwoxU/WDOUaJkcFudeiAX6OajC6BKXJUa9a+tbtkC11dz2Ufb7h0lyvIOVn4LADA== util-promisify@^2.1.0: version "2.1.0" @@ -25464,7 +25425,7 @@ which-typed-array@^1.1.2: has-symbols "^1.0.1" is-typed-array "^1.1.3" -which@1, which@1.3.1, which@^1.1.1, which@^1.2.1, which@^1.2.12, which@^1.2.14, which@^1.2.9, which@^1.3.0, which@^1.3.1, which@~1.3.0: +which@1.3.1, which@^1.1.1, which@^1.2.1, which@^1.2.12, which@^1.2.14, which@^1.2.9, which@^1.3.0, which@^1.3.1, which@~1.3.0: version "1.3.1" resolved "https://registry.yarnpkg.com/which/-/which-1.3.1.tgz#a45043d54f5805316da8d62f9f50918d3da70b0a" integrity sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ== @@ -25943,13 +25904,6 @@ yargs-parser@^5.0.0: dependencies: camelcase "^3.0.0" -yargs-parser@^7.0.0: - version "7.0.0" - resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-7.0.0.tgz#8d0ac42f16ea55debd332caf4c4038b3e3f5dfd9" - integrity sha1-jQrELxbqVd69MyyvTEA4s+P139k= - dependencies: - camelcase "^4.1.0" - yargs-parser@^8.1.0: version "8.1.0" resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-8.1.0.tgz#f1376a33b6629a5d063782944da732631e966950" @@ -26217,25 +26171,6 @@ yargs@^7.1.0: y18n "^3.2.1" yargs-parser "^5.0.0" -yargs@^8.0.2: - version "8.0.2" - resolved "https://registry.yarnpkg.com/yargs/-/yargs-8.0.2.tgz#6299a9055b1cefc969ff7e79c1d918dceb22c360" - integrity sha1-YpmpBVsc78lp/355wdkY3Osiw2A= - dependencies: - camelcase "^4.1.0" - cliui "^3.2.0" - decamelize "^1.1.1" - get-caller-file "^1.0.1" - os-locale "^2.0.0" - read-pkg-up "^2.0.0" - require-directory "^2.1.1" - require-main-filename "^1.0.1" - set-blocking "^2.0.0" - string-width "^2.0.0" - which-module "^2.0.0" - y18n "^3.2.1" - yargs-parser "^7.0.0" - yarn@^1.21.1: version "1.22.10" resolved "https://registry.yarnpkg.com/yarn/-/yarn-1.22.10.tgz#c99daa06257c80f8fa2c3f1490724e394c26b18c"