diff --git a/README.md b/README.md index cfa9bd81..05bd75f9 100644 --- a/README.md +++ b/README.md @@ -142,6 +142,18 @@ Do this if you want to use the virtual machine for deployment. This will run the `configure.yml` playbook for you. +### Creating `concent-deployment` machine + +This step creates the `concent-deployment` machine meant to be used for deployment to `mainnet`, `testnet`, `staging` clusters environment and configuration machines, disks etc. + +- Run the `create-compute-instance-for-deployment-server.yml` playbook. + + ``` bash + cd concent-deployment/cloud/ + ansible-playbook create-compute-instance-for-deployment-server.yml \ + --inventory ../../concent-deployment-values/ansible_inventory \ + --user $user + ``` ### Configuring `concent-builder` machine Do this if you want to use the remote server for building and deploying. @@ -157,6 +169,19 @@ Do this if you want to use the remote server for building and deploying. Where the `$user` shell variable contains the name of your shell account on the remote machine. +### Configuring `concent-deployment` machine + +This step configures the `concent-deployment` machine. + +- Run the `configure-concent-deployment-server.yml` playbook. + + ``` bash + cd concent-deployment/concent-builder/ + ansible-playbook configure-concent-deployment-server.yml \ + --inventory ../../concent-deployment-values/ansible_inventory \ + --user $user + ``` + ### Setting up Ethereum client on a separate machine This step installs and configures Geth on a separate machine in Google Compute Engine. This is optional since Geth can be deployed automatically as a part of a Concent cluster but when you have multiple clusters, having one shared instance of the client allows you to use less resources. @@ -189,6 +214,11 @@ ansible-playbook create-vm-instances-for-geth.yml \ This step must be performed separately for every user of the build server who needs to be able to access other parts of the project infrastructure on Google Cloud with `kubectl` or `gcloud`. It can be performed by user himself or an admin who can impersonate him with `sudo`. +The `$cluster` variable determines which server the playbook will be executed on. +For `concent-dev` it connects to `concent-builder`. +For other values (`concent-staging`, `concent-testnet` or `concent-mainnet`) - to `concent-deployment-server`. +This behavior applies to all playbooks, except for `build-test-and-push-containers.yml`. + The `$user_name` variable below indicates the user account to be authorized. To perform this step you need to have the .vault files with encrypted secrets in your local `concent-secrets/` directory. Only cloud secrets are required in this case. @@ -197,7 +227,7 @@ Ansible will prompt you for password required to decrypt them. ```bash cd concent-deployment/cloud/ ansible-playbook configure-user-authentication-for-clusters.yml \ - --extra-vars user_name=$user_name \ + --extra-vars "cluster=$cluster user_name=$user_name" \ --ask-vault-pass \ --inventory ../../concent-deployment-values/ansible_inventory \ --user $user @@ -219,7 +249,12 @@ ansible-playbook install-repositories.yml \ --inventory ../../concent-deployment-values/ansible_inventory \ --user $user -ansible-playbook build-test-and-push.yml \ +ansible-playbook build-cluster-configuration.yml \ + --extra-vars cluster=$cluster \ + --inventory ../../concent-deployment-values/ansible_inventory \ + --user $user +``` +ansible-playbook build-test-and-push-containers.yml \ --extra-vars cluster=$cluster \ --inventory ../../concent-deployment-values/ansible_inventory \ --user $user diff --git a/cloud/cluster-deploy-secrets.yml b/cloud/cluster-deploy-secrets.yml index 5e699309..663cb0a9 100644 --- a/cloud/cluster-deploy-secrets.yml +++ b/cloud/cluster-deploy-secrets.yml @@ -1,5 +1,5 @@ - hosts: - - concent-builder + - "{{ 'concent-deployment-server' if cluster in ['concent-mainnet', 'concent-testnet', 'concent-staging'] else 'concent-builder' }}" vars_files: - ../concent-builder/consts.yml - ../containers/versions.yml diff --git a/cloud/cluster-remove-secrets.yml b/cloud/cluster-remove-secrets.yml index 27916b41..6129c708 100644 --- a/cloud/cluster-remove-secrets.yml +++ b/cloud/cluster-remove-secrets.yml @@ -1,5 +1,5 @@ - hosts: - - concent-builder + - "{{ 'concent-deployment-server' if cluster in ['concent-mainnet', 'concent-testnet', 'concent-staging'] else 'concent-builder' }}" vars_files: - ../concent-builder/consts.yml - ../containers/versions.yml diff --git a/cloud/configure-concent-deployment-server.yml b/cloud/configure-concent-deployment-server.yml new file mode 100644 index 00000000..9d5e527e --- /dev/null +++ b/cloud/configure-concent-deployment-server.yml @@ -0,0 +1,69 @@ +- hosts: + - concent-deployment-server + vars_files: + - ../containers/versions.yml + - ../concent-builder/consts.yml + - ../concent-builder/repositories.yml + - "{{ deployment_values }}/var.yml" + roles: + - { role: upload_cluster_secrets, cluster: "concent-dev" } + - { role: upload_cluster_secrets, cluster: "concent-staging" } + - { role: upload_cluster_secrets, cluster: "concent-testnet" } + - { role: upload_cluster_secrets, deploy_cloud_secrets: yes } + tasks: + - become: yes + become_user: root + block: + - name: include common prerequire tasks from `prerequire-configure-tasks.yml` file + include_tasks: ../concent-builder/common_tasks/prerequire-configure-tasks.yml + + - name: include task from `install-basic-utilities.yml` file + include_tasks: ../concent-builder/common_tasks/install-basic-utilities.yml + + - name: Install system updates for Debian + apt: update_cache=yes + + - name: Install basic packages + apt: + name: + - ncdu + - tree + - htop + - tmux + + - name: Install dependencies + apt: + name: + - git + - kubectl={{ kubectl_version }} + - gcc + - postgresql-{{ postgres_version }} + - python3-psycopg2 + - libssl-dev + + - name: include common postrequire tasks from `postrequire-configure-tasks.yml` file + include_tasks: ../concent-builder/common_tasks/postrequire-configure-tasks.yml + + - block: + - name: Create directory for concent repositories + file: + path: "{{ deployment_dir }}" + state: directory + + - name: Clone concent repositories + git: + repo: "{{ item.url }}" + dest: "{{ deployment_dir }}/{{ item.name }}" + clone: yes + update: yes + version: master + force: yes + with_items: + - { url: "{{ repositories['concent-deployment'].url }}", name: concent-deployment } + - { url: "{{ repositories['concent-deployment-values'].url }}", name: concent-deployment-values } + + - name: Create symbolic link to concent-secrets in user home directory + file: + src: "{{ data_dir }}/concent-secrets/" + dest: "{{ deployment_dir }}/concent-secrets" + state: link diff --git a/cloud/configure-user-authentication-for-clusters.yml b/cloud/configure-user-authentication-for-clusters.yml index c8d48b84..9be2118e 100644 --- a/cloud/configure-user-authentication-for-clusters.yml +++ b/cloud/configure-user-authentication-for-clusters.yml @@ -1,8 +1,9 @@ - hosts: - - concent-builder + - "{{ 'concent-deployment-server' if cluster in ['concent-mainnet', 'concent-testnet', 'concent-staging'] else 'concent-builder' }}" vars_files: - ../concent-builder/consts.yml - "{{ deployment_values }}/var.yml" + - "{{ deployment_values }}/var-{{ cluster }}.yml" tasks: - become: yes become_user: root diff --git a/cloud/create-compute-instance-for-deployment-server.yml b/cloud/create-compute-instance-for-deployment-server.yml new file mode 100644 index 00000000..01d42bf9 --- /dev/null +++ b/cloud/create-compute-instance-for-deployment-server.yml @@ -0,0 +1,20 @@ +- hosts: + - localhost + vars_files: + - ../concent-builder/consts.yml + - "{{ deployment_values }}/var.yml" + vars: + server_name: concent-deployment-server + name_of_ip: "{{ server_name }}-ip" + roles: + - reserve_static_ip + tasks: + - block: + - name: Create a GCP instance for {{ server_name }} + command: > + gcloud compute instances create {{ server_name }} + --description "Vm instance that contain {{ server_name }}" + --machine-type f1-micro + --address {{ name_of_ip }} + --project {{ gke.project }} + --zone {{ gke.zone }} diff --git a/cloud/create-databases.yml b/cloud/create-databases.yml index cce5facc..e542e359 100644 --- a/cloud/create-databases.yml +++ b/cloud/create-databases.yml @@ -1,5 +1,5 @@ - hosts: - - concent-builder + - concent-deployment-server vars_files: - ../concent-builder/consts.yml - "{{ deployment_values }}/var.yml" diff --git a/cloud/drop-databases.yml b/cloud/drop-databases.yml index 736204a2..c664501e 100644 --- a/cloud/drop-databases.yml +++ b/cloud/drop-databases.yml @@ -1,5 +1,5 @@ - hosts: - - concent-builder + - concent-deployment-server vars_files: - ../concent-builder/consts.yml - "{{ deployment_values }}/var.yml" diff --git a/cloud/roles/reserve_static_ip/tasks/main.yml b/cloud/roles/reserve_static_ip/tasks/main.yml new file mode 100644 index 00000000..fa646f9f --- /dev/null +++ b/cloud/roles/reserve_static_ip/tasks/main.yml @@ -0,0 +1,15 @@ +- name: Check if static IP address already exists + shell: > + gcloud compute addresses list + --project {{ gke.project }} + | grep {{ name_of_ip }} + register: ip_address_result + ignore_errors: yes + +- name: Reserve static IP address for the "{{ server_name }}" instance + command: > + gcloud compute addresses create {{ name_of_ip }} + --description "Static IP attached to {{ server_name }} instance" + --project {{ gke.project }} + --region europe-west3 + when: ip_address_result.stdout == "" diff --git a/cloud/roles/upload_cluster_secrets/tasks/cloud-secrets.yml b/cloud/roles/upload_cluster_secrets/tasks/cloud-secrets.yml new file mode 100644 index 00000000..a625b787 --- /dev/null +++ b/cloud/roles/upload_cluster_secrets/tasks/cloud-secrets.yml @@ -0,0 +1,30 @@ +- become: yes + become_user: root + block: + - name: Create user that will be used for building stuff + user: + name: "{{ shared_user }}" + state: present + + - name: Create data_dir + file: + path: "{{ item }}" + state: directory + owner: "{{ shared_user }}" + group: "{{ shared_user }}" + mode: 0777 + with_items: + - "{{ data_dir }}" + - "{{ data_dir }}/concent-secrets/" + - "{{ data_dir }}/concent-secrets/cloud/" + + - name: Upload secrets + copy: + src: "{{ local_secret_dir }}/{{ item }}" + dest: "{{ data_dir }}/concent-secrets/{{ item }}" + decrypt: no + owner: "{{ shared_user }}" + group: "{{ shared_user }}" + with_items: + - cloud/{{ gke.service_account_name }}-private-key.json.vault + - cloud/cloud-secrets.yml.vault diff --git a/cloud/roles/upload_cluster_secrets/tasks/cluster-secrets.yml b/cloud/roles/upload_cluster_secrets/tasks/cluster-secrets.yml new file mode 100644 index 00000000..2da2aa34 --- /dev/null +++ b/cloud/roles/upload_cluster_secrets/tasks/cluster-secrets.yml @@ -0,0 +1,33 @@ +- become: yes + become_user: root + block: + - name: Create user that will be used for building stuff + user: + name: "{{ shared_user }}" + state: present + + - name: Create a global directory for data shared by all users + file: + path: "{{ item }}" + state: directory + owner: "{{ shared_user }}" + group: "{{ shared_user }}" + mode: 0777 + with_items: + - "{{ data_dir }}" + - "{{ data_dir }}/concent-secrets/" + - "{{ data_dir }}/concent-secrets/{{ cluster }}" + + - name: Upload secrets + copy: + src: "{{ local_secret_dir }}/{{ cluster }}/{{ item }}" + dest: "{{ data_dir }}/concent-secrets/{{ cluster }}/{{ item }}" + decrypt: no + owner: "{{ shared_user }}" + group: "{{ shared_user }}" + with_items: + - cluster-secrets.yml.vault + - nginx-proxy-ssl.crt.vault + - nginx-proxy-ssl.key.vault + - nginx-storage-ssl.crt.vault + - nginx-storage-ssl.key.vault diff --git a/cloud/roles/upload_cluster_secrets/tasks/main.yml b/cloud/roles/upload_cluster_secrets/tasks/main.yml new file mode 100644 index 00000000..45ccc7f4 --- /dev/null +++ b/cloud/roles/upload_cluster_secrets/tasks/main.yml @@ -0,0 +1,5 @@ +- include_tasks: cluster-secrets.yml + when: cluster is defined and cluster in ['concent-dev', 'concent-staging', 'concent-testnet'] + +- include_tasks: cloud-secrets.yml + when: deploy_cloud_secrets is defined and deploy_cloud_secrets diff --git a/concent-builder/build-cluster-configuration.yml b/concent-builder/build-cluster-configuration.yml new file mode 100644 index 00000000..ba3aebfd --- /dev/null +++ b/concent-builder/build-cluster-configuration.yml @@ -0,0 +1,27 @@ +- hosts: + - "{{ 'concent-deployment-server' if cluster in ['concent-mainnet', 'concent-testnet', 'concent-staging'] else 'concent-builder' }}" + vars_files: + - consts.yml + - repositories.yml + - ../containers/versions.yml + - "{{ deployment_values }}/var.yml" + - "{{ deployment_values }}/var-{{ cluster }}.yml" + roles: + - clean_up_and_set_up_environment + tasks: + - name: Install var.yml from the local machine + copy: + src: "{{ deployment_values }}/{{ item }}" + dest: "{{ build_dir }}/concent-deployment/kubernetes/" + with_items: + - var.yml + - var-{{ cluster }}.yml + + - name: Build cluster configuration + make: + chdir: "{{ build_dir }}/concent-deployment/kubernetes" + params: + CONCENT_SECRET_DIR: "{{ deployment_dir }}/concent-secrets/{{ cluster }}" + IMAGE_PREFIX: "{{ image_prefix }}" + CLUSTER: "{{ cluster }}" + diff --git a/concent-builder/build-test-and-push.yml b/concent-builder/build-test-and-push-containers.yml similarity index 74% rename from concent-builder/build-test-and-push.yml rename to concent-builder/build-test-and-push-containers.yml index f93eb8cc..8a2e423b 100644 --- a/concent-builder/build-test-and-push.yml +++ b/concent-builder/build-test-and-push-containers.yml @@ -7,27 +7,6 @@ - "{{ deployment_values }}/var.yml" - "{{ deployment_values }}/var-{{ cluster }}.yml" tasks: - - name: Remove the build directory to get rid of files from previous builds - file: - path: "{{ build_dir }}" - state: absent - - - name: Check out working copy of concent-deployment repositories - git: - repo: "{{ data_dir }}/concent-deployment" - dest: "{{ build_dir }}/concent-deployment" - version: "{{ concent_versions[concent_version].versions['concent-deployment'] }}" - clone: yes - update: yes - - - name: Install var.yml from the local machine - copy: - src: "{{ deployment_values }}/{{ item }}" - dest: "{{ build_dir }}/concent-deployment/kubernetes/" - with_items: - - var.yml - - var-{{ cluster }}.yml - - block: - name: Build containers make: @@ -35,14 +14,6 @@ params: IMAGE_PREFIX: "{{ image_prefix }}" - - name: Build cluster configuration - make: - chdir: "{{ build_dir }}/concent-deployment/kubernetes" - params: - CONCENT_SECRET_DIR: "{{ deployment_dir }}/concent-secrets/{{ cluster }}" - IMAGE_PREFIX: "{{ image_prefix }}" - CLUSTER: "{{ cluster }}" - - name: Create custom network that allows communication between django and postgres containers command: docker network create {{ concent_versions[concent_version].gke.cluster }}-{{ image_prefix }}unittest-network diff --git a/concent-builder/common_tasks/postrequire-configure-tasks.yml b/concent-builder/common_tasks/postrequire-configure-tasks.yml index e8f90215..4e5ad006 100644 --- a/concent-builder/common_tasks/postrequire-configure-tasks.yml +++ b/concent-builder/common_tasks/postrequire-configure-tasks.yml @@ -18,6 +18,7 @@ - name: Install dependencies for pyenv apt: + default_release: testing name: - zlib1g-dev - libbz2-dev diff --git a/concent-builder/configure-jenkins.yml b/concent-builder/configure-jenkins.yml index caf27ba7..d9e902db 100644 --- a/concent-builder/configure-jenkins.yml +++ b/concent-builder/configure-jenkins.yml @@ -29,8 +29,6 @@ state: directory with_items: - concent-secrets - - concent-secrets/{{ cluster }}/ - - concent-secrets/cloud/ - concent-secrets/jenkins/ - become: yes @@ -38,19 +36,11 @@ block: - name: Upload secrets copy: - src: "{{ local_secret_dir }}/{{ cluster }}/{{ item }}" - dest: "{{ jenkins_home_dir }}/concent-secrets/{{ cluster }}/{{ item }}" + src: "{{ local_secret_dir }}/jenkins/.token" + dest: "{{ jenkins_home_dir }}/concent-secrets/jenkins/.token" owner: jenkins group: jenkins mode: 0400 - with_items: - - cluster-secrets.yml - - "../cloud/{{ gke.service_account_name }}-private-key.json" - - nginx-proxy-ssl.crt - - nginx-proxy-ssl.key - - nginx-storage-ssl.crt - - nginx-storage-ssl.key - - "../jenkins/.token" - name: Delete default user settings file: diff --git a/concent-builder/configure.yml b/concent-builder/configure.yml index f28d7740..8d85251a 100644 --- a/concent-builder/configure.yml +++ b/concent-builder/configure.yml @@ -12,15 +12,6 @@ - name: include common prerequire tasks from `prerequire-configure-tasks.yml` file include_tasks: ../concent-builder/common_tasks/prerequire-configure-tasks.yml - - name: Add Google SDK repository key - apt_key: - url: https://packages.cloud.google.com/apt/doc/apt-key.gpg - state: present - - - name: Add Google Cloud SDK repository - apt_repository: - repo: "deb http://packages.cloud.google.com/apt cloud-sdk-{{ ansible_distribution_release }} main" - - name: Add jenkins repository key apt_key: url: https://pkg.jenkins.io/debian/jenkins.io.key @@ -47,7 +38,6 @@ - git - kubectl={{ kubectl_version }} - docker-engine={{ docker_version }} - - google-cloud-sdk={{ google_cloud_sdk_version }} - libpq-dev - gcc - python3-yaml diff --git a/concent-builder/deploy.yml b/concent-builder/deploy.yml index 9e6516e3..025ceee3 100644 --- a/concent-builder/deploy.yml +++ b/concent-builder/deploy.yml @@ -1,5 +1,5 @@ - hosts: - - concent-builder + - "{{ 'concent-deployment-server' if cluster in ['concent-mainnet', 'concent-testnet', 'concent-staging'] else 'concent-builder' }}" vars_files: - consts.yml - ../containers/versions.yml diff --git a/concent-builder/install-repositories.yml b/concent-builder/install-repositories.yml index 550d7788..06da9dc3 100644 --- a/concent-builder/install-repositories.yml +++ b/concent-builder/install-repositories.yml @@ -1,5 +1,5 @@ - hosts: - - concent-builder + - "{{ 'concent-deployment-server' if cluster in ['concent-mainnet', 'concent-testnet', 'concent-staging'] else 'concent-builder' }}" vars_files: - consts.yml - repositories.yml diff --git a/concent-builder/job-cleanup.yml b/concent-builder/job-cleanup.yml index 199d0e4c..2c8536cb 100644 --- a/concent-builder/job-cleanup.yml +++ b/concent-builder/job-cleanup.yml @@ -1,14 +1,12 @@ - hosts: - - concent-builder + - "{{ 'concent-deployment-server' if cluster in ['concent-mainnet', 'concent-testnet', 'concent-staging'] else 'concent-builder' }}" vars_files: - consts.yml - ../containers/versions.yml - "{{ deployment_values }}/var.yml" - "{{ deployment_values }}/var-{{ cluster }}.yml" tasks: - - become: yes - become_user: "{{ shared_user }}" - block: + - block: - name: Configure kubectl to operate on the right cluster command: gcloud container clusters get-credentials \ "{{ concent_versions[concent_version].gke.cluster }}" \ diff --git a/concent-builder/migrate-db.yml b/concent-builder/migrate-db.yml index ba63b0d0..a79d7425 100644 --- a/concent-builder/migrate-db.yml +++ b/concent-builder/migrate-db.yml @@ -1,14 +1,12 @@ - hosts: - - concent-builder + - "{{ 'concent-deployment-server' if cluster in ['concent-mainnet', 'concent-testnet', 'concent-staging'] else 'concent-builder' }}" vars_files: - consts.yml - ../containers/versions.yml - "{{ deployment_values }}/var.yml" - "{{ deployment_values }}/var-{{ cluster }}.yml" tasks: - - become: yes - become_user: "{{ shared_user }}" - block: + - block: - name: Configure kubectl to operate on the right cluster command: gcloud container clusters get-credentials \ "{{ concent_versions[concent_version].gke.cluster }}" \ diff --git a/concent-builder/redeploy-nginx-proxy-router.yml b/concent-builder/redeploy-nginx-proxy-router.yml index 052a3db9..ee11336b 100644 --- a/concent-builder/redeploy-nginx-proxy-router.yml +++ b/concent-builder/redeploy-nginx-proxy-router.yml @@ -1,5 +1,5 @@ - hosts: - - concent-builder + - "{{ 'concent-deployment-server' if cluster in ['concent-mainnet', 'concent-testnet', 'concent-staging'] else 'concent-builder' }}" vars_files: - consts.yml - repositories.yml diff --git a/concent-builder/reset-db.yml b/concent-builder/reset-db.yml index 6832fc51..a61a81b3 100644 --- a/concent-builder/reset-db.yml +++ b/concent-builder/reset-db.yml @@ -1,14 +1,12 @@ - hosts: - - concent-builder + - "{{ 'concent-deployment-server' if cluster in ['concent-mainnet', 'concent-testnet', 'concent-staging'] else 'concent-builder' }}" vars_files: - consts.yml - ../containers/versions.yml - "{{ deployment_values }}/var.yml" - "{{ deployment_values }}/var-{{ cluster }}.yml" tasks: - - become: yes - become_user: "{{ shared_user }}" - block: + - block: - name: Configure kubectl to operate on the right cluster command: gcloud container clusters get-credentials \ "{{ concent_versions[concent_version].gke.cluster }}" \ diff --git a/concent-builder/roles/clean_up_and_set_up_environment/tasks/main.yml b/concent-builder/roles/clean_up_and_set_up_environment/tasks/main.yml new file mode 100644 index 00000000..ea6037b2 --- /dev/null +++ b/concent-builder/roles/clean_up_and_set_up_environment/tasks/main.yml @@ -0,0 +1,12 @@ +- name: Remove the build directory to get rid of files from previous builds + file: + path: "{{ build_dir }}" + state: absent + +- name: Check out working copy of concent-deployment repositories + git: + repo: "{{ data_dir }}/concent-deployment" + dest: "{{ build_dir }}/concent-deployment" + version: "{{ concent_versions[concent_version].versions['concent-deployment'] }}" + clone: yes + update: yes diff --git a/concent-builder/templates/jenkins/Jenkinsfile.j2 b/concent-builder/templates/jenkins/Jenkinsfile.j2 index 7e705d7c..416c0625 100755 --- a/concent-builder/templates/jenkins/Jenkinsfile.j2 +++ b/concent-builder/templates/jenkins/Jenkinsfile.j2 @@ -42,7 +42,15 @@ catchError { cluster: 'concent-dev', ], inventory: '/home/jenkins/concent-deployment-values/ansible_inventory', - playbook: '{{ jenkins_configuration_files_dir }}/build-test-and-push.yml', + playbook: '{{ jenkins_configuration_files_dir }}/build-cluster-configuration.yml', + extras: '--connection local' + ) + ansiblePlaybook( + extraVars: [ + cluster: 'concent-dev', + ], + inventory: '/home/jenkins/concent-deployment-values/ansible_inventory', + playbook: '{{ jenkins_configuration_files_dir }}/build-test-and-push-containers.yml', extras: '--connection local' ) } diff --git a/containers/versions.yml b/containers/versions.yml index 3e91331b..69f8bc96 100644 --- a/containers/versions.yml +++ b/containers/versions.yml @@ -6,7 +6,6 @@ concent_version: "v0.11.0" golemfactory_blender_verifier_version: "1.1" golem_hyperdrive_version: "0.2.6" golem_hyperdrive_checksum: "sha256:94220ef8533030652d4a1c126f06fa9cdce9d620b91f1c4574a109a3891e8adf" -google_cloud_sdk_version: "219.0.1-0" gunicorn_version: "19.8.1" jenkins_version: "2.154" lua_resty_http_version: "0.12" @@ -17,7 +16,7 @@ openresty_alpine_fat_version: "1.13.6.2-0" postgres_alpine_version: "10.4" postgres_version: "9.6" debian_postgres_version: "9.6" -kubectl_version: "1.13.3-00" +kubectl_version: "1.14.0-00" python_version: "3.6" python_patch_version: "8" rabbitmq_alpine_version: "3.7.6" diff --git a/kubernetes/Makefile b/kubernetes/Makefile index d1df7fde..1193d463 100644 --- a/kubernetes/Makefile +++ b/kubernetes/Makefile @@ -6,7 +6,6 @@ CLUSTER_SCRIPTS := \ build/services/conductor.yml \ build/services/conductor-worker.yml \ build/services/nginx-storage.yml \ - build/services/geth.yml \ build/services/rabbitmq.yml \ build/services/signing-service.yml \ build/services/verifier.yml \ diff --git a/kubernetes/config-maps/concent-api-worker/local_settings.py.j2 b/kubernetes/config-maps/concent-api-worker/local_settings.py.j2 index 5f7eac4f..5da5c181 100644 --- a/kubernetes/config-maps/concent-api-worker/local_settings.py.j2 +++ b/kubernetes/config-maps/concent-api-worker/local_settings.py.j2 @@ -50,11 +50,7 @@ CELERY_BROKER_URL = 'amqp://rabbitmq.default.svc.cluster.local:5672' EMAIL_SUBJECT_PREFIX = "[{{ concent_versions[concent_version].gke.cluster }}:concent-api-worker] " PAYMENT_BACKEND = 'core.payments.backends.sci_backend' -{% if concent_versions[concent_version].external_geth_address is none %} -GETH_ADDRESS = 'http://geth.default.svc.cluster.local:8545' -{% else %} -GETH_ADDRESS = '{{ concent_versions[concent_version].external_geth_address }}' -{% endif %} +GETH_ADDRESS = '{{ concent_versions[concent_version].external_geth_address if concent_versions[concent_version].external_geth_address != None else '{{ ethnode_geth_' ~ ethereum_chain ~ '_address }}' }}' CONCENT_ETHEREUM_PUBLIC_KEY = '{{ concent_ethereum_public_key }}' GNT_DEPOSIT_CONTRACT_ADDRESS = '{{ gnt_deposit_address }}' ETHEREUM_CHAIN = '{{ ethereum_chain }}' diff --git a/kubernetes/config-maps/concent-api/local_settings.py.j2 b/kubernetes/config-maps/concent-api/local_settings.py.j2 index 6ed58285..4783d8da 100644 --- a/kubernetes/config-maps/concent-api/local_settings.py.j2 +++ b/kubernetes/config-maps/concent-api/local_settings.py.j2 @@ -62,11 +62,7 @@ CELERY_BROKER_URL = 'amqp://rabbitmq.default.svc.cluster.local:5672' EMAIL_SUBJECT_PREFIX = "[{{ concent_versions[concent_version].gke.cluster }}:concent-api] " PAYMENT_BACKEND = 'core.payments.backends.sci_backend' -{% if concent_versions[concent_version].external_geth_address is none %} -GETH_ADDRESS = 'http://geth.default.svc.cluster.local:8545' -{% else %} -GETH_ADDRESS = '{{ concent_versions[concent_version].external_geth_address }}' -{% endif %} +GETH_ADDRESS = '{{ concent_versions[concent_version].external_geth_address if concent_versions[concent_version].external_geth_address != None else '{{ ethnode_geth_' ~ ethereum_chain ~ '_address }}' }}' CONCENT_ETHEREUM_PUBLIC_KEY = '{{ concent_ethereum_public_key }}' GNT_DEPOSIT_CONTRACT_ADDRESS = '{{ gnt_deposit_address }}' ETHEREUM_CHAIN = '{{ ethereum_chain }}' diff --git a/kubernetes/create-services.sh.j2 b/kubernetes/create-services.sh.j2 index c1457e51..a67aa5e5 100755 --- a/kubernetes/create-services.sh.j2 +++ b/kubernetes/create-services.sh.j2 @@ -4,9 +4,6 @@ kubectl create --record --filename services/verifier.yml ./wait-until-ready.sh verifier 70 -{% if concent_versions[concent_version].external_geth_address is none %} -kubectl create --record --filename services/geth.yml -{% endif %} kubectl create --record --filename services/rabbitmq.yml {% if allow_signing_service_authentication %} kubectl create --record --filename services/middleman.yml @@ -35,6 +32,3 @@ kubectl create --record --filename services/nginx-proxy.yml ./wait-until-ready.sh conductor-worker 30 ./wait-until-ready.sh nginx-storage 30 ./wait-until-ready.sh nginx-proxy 30 -{% if concent_versions[concent_version].external_geth_address is none %} -./wait-until-ready.sh geth 80 -{% endif %} diff --git a/kubernetes/delete-services.sh b/kubernetes/delete-services.sh index 162b58ad..ace1c19c 100755 --- a/kubernetes/delete-services.sh +++ b/kubernetes/delete-services.sh @@ -12,6 +12,5 @@ kubectl delete --filename services/concent-api.yml || true kubectl delete --filename services/middleman.yml || true kubectl delete --filename services/signing-service.yml || true kubectl delete --filename services/rabbitmq.yml || true -kubectl delete --filename services/geth.yml || true ./delete-config-maps.sh || true diff --git a/kubernetes/services/geth.yml.j2 b/kubernetes/services/geth.yml.j2 deleted file mode 100644 index 6fd65c3a..00000000 --- a/kubernetes/services/geth.yml.j2 +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: geth -spec: - replicas: 1 - revisionHistoryLimit: 1 - template: - metadata: - labels: - run: geth - spec: - containers: - - name: geth - image: ethereum/client-go:{{ geth_version }} - imagePullPolicy: Always - args: [ - "--rinkeby", - "--datadir", "/blockchain/.ethereum/rinkeby/", - "--syncmode", "fast", - # SYNC: Make sure to give the container enough RAM to fit the cache. - # Also remember that geth needs significantly more memory than just cache so don't set it to the same value. - "--cache", "512", - "--rpc", - "--rpcaddr", "0.0.0.0", - "--rpcvhosts", "geth, geth.default, geth.default.svc.cluster.local", - # These APIs are used by golem smart contract interface. - # First one is for basic methods with use json, second one is for basic methods with use javascript for example to connect to geth RPC, - # third one is used to check network status for example peer count - "--rpcapi", "eth, web3, net", - "--ipcdisable" - ] - livenessProbe: - httpGet: - path: / - port: 8545 - httpHeaders: - - name: Content-Type - value: application/json - initialDelaySeconds: 5 - periodSeconds: 8 - resources: - requests: - # SYNC: Make sure that the memory limits for the pod include the cache size defined above. - memory: "{{ concent_versions[concent_version] | chained_get('resource_limits.others.geth.memory.requests') | default('{{ resource_limits.others.geth.memory.requests }}', true) }}" - cpu: "{{ concent_versions[concent_version] | chained_get('resource_limits.others.geth.cpu.requests') | default('{{ resource_limits.others.geth.cpu.requests }}', true) }}" - limits: - memory: "{{ concent_versions[concent_version] | chained_get('resource_limits.others.geth.memory.limits') | default('{{ resource_limits.others.geth.memory.limits }}', true) }}" - cpu: "{{ concent_versions[concent_version] | chained_get('resource_limits.others.geth.cpu.limits') | default('{{ resource_limits.others.geth.cpu.limits }}', true) }}" - volumeMounts: - - mountPath: /blockchain - name: geth-storage - volumes: - - name: geth-storage - gcePersistentDisk: - pdName: {{ concent_versions[concent_version].geth_disk }} - fsType: ext4 ---- -apiVersion: v1 -kind: Service -metadata: - name: geth - labels: - run: geth -spec: - type: ClusterIP - ports: - - port: 8545 - targetPort: 8545 - name: geth-rpc-port - selector: - run: geth