feat: add clickhouse proxy instance (#100)

This diff adds a clickhouse proxy server config to the existing oonibackend proxy to establish the connection between AWS and the clickhouse DB. Part of #95
ooni · Sep 7, 2024 · 99cd52d · 99cd52d
1 parent 8edde89
commit 99cd52d
Show file tree

Hide file tree

Showing 5 changed files with 80 additions and 24 deletions.
diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf
@@ -251,13 +251,19 @@ moved {
 module "ooni_backendproxy" {
  source = "../../modules/ooni_backendproxy"
 
+ stage = local.environment
+
  vpc_id = module.network.vpc_id
- subnet_ids = module.network.vpc_subnet_public[*].id
+ subnet_id = module.network.vpc_subnet_public[0].id
+ private_subnet_cidr = module.network.vpc_subnet_private[*].cidr_block 
+ dns_zone_ooni_io = local.dns_zone_ooni_io
 
  key_name = module.adm_iam_roles.oonidevops_key_name
  instance_type = "t2.micro"
 
  backend_url = "https://backend-hel.ooni.org/"
+ clickhouse_url = "backend-fsn.ooni.org"
+ clickhouse_port = "9000"
 
  tags = merge(
  local.tags,

diff --git a/tf/modules/ooni_backendproxy/main.tf b/tf/modules/ooni_backendproxy/main.tf
@@ -17,6 +17,13 @@ resource "aws_security_group" "nginx_sg" {
  cidr_blocks = ["0.0.0.0/0"]
  }
 
+ ingress { 
+ protocol = "tcp"
+ from_port = 9000
+ to_port = 9000
+ cidr_blocks = var.private_subnet_cidr
+ }
+
  ingress {
  protocol = "tcp"
  from_port = 22
@@ -55,7 +62,9 @@ resource "aws_launch_template" "ooni_backendproxy" {
  key_name = var.key_name
 
  user_data = base64encode(templatefile("${path.module}/templates/setup-backend-proxy.sh", {
- backend_url = var.backend_url
+ backend_url = var.backend_url,
+ clickhouse_url = var.clickhouse_url,
+ clickhouse_port = var.clickhouse_port
  }))
 
  lifecycle {
@@ -65,6 +74,7 @@ resource "aws_launch_template" "ooni_backendproxy" {
  network_interfaces {
  delete_on_termination = true
  associate_public_ip_address = true
+ subnet_id = var.subnet_id
  security_groups = [
  aws_security_group.nginx_sg.id,
  ]
@@ -76,7 +86,7 @@ resource "aws_launch_template" "ooni_backendproxy" {
  }
 }
 
-resource "aws_autoscaling_group" "oonibackend_proxy" {
+resource "aws_instance" "oonibackend_proxy" {
  launch_template {
  id = aws_launch_template.ooni_backendproxy.id
  version = "$Latest"
@@ -86,19 +96,7 @@ resource "aws_autoscaling_group" "oonibackend_proxy" {
  create_before_destroy = true
  }
 
- name_prefix = "${var.name}-asg-"
-
- min_size = 1
- max_size = 2
- desired_capacity = 1
- vpc_zone_identifier = var.subnet_ids
-
- instance_refresh {
- strategy = "Rolling"
- preferences {
- min_healthy_percentage = 50
- }
- }
+ tags = var.tags
 }
 
 resource "aws_alb_target_group" "oonibackend_proxy" {
@@ -114,7 +112,18 @@ resource "aws_alb_target_group" "oonibackend_proxy" {
  tags = var.tags
 }
 
-resource "aws_autoscaling_attachment" "oonibackend_proxy" {
- autoscaling_group_name = aws_autoscaling_group.oonibackend_proxy.id
- lb_target_group_arn = aws_alb_target_group.oonibackend_proxy.arn
+resource "aws_lb_target_group_attachment" "oonibackend_proxy" {
+ target_id = aws_instance.oonibackend_proxy.id
+ target_group_arn = aws_alb_target_group.oonibackend_proxy.arn
+}
+
+resource "aws_route53_record" "clickhouse_proxy_alias" {
+ zone_id = var.dns_zone_ooni_io
+ name = "clickhouse.${var.stage}.ooni.io"
+ type = "CNAME"
+ ttl = 300
+
+ records = [
+ aws_instance.oonibackend_proxy.public_dns
+ ]
 }
diff --git a/tf/modules/ooni_backendproxy/outputs.tf b/tf/modules/ooni_backendproxy/outputs.tf
@@ -1,6 +1,7 @@
-output "autoscaling_group_id" {
- value = aws_autoscaling_group.oonibackend_proxy.id
+output "aws_instance_id" {
+ value = aws_instance.oonibackend_proxy.id
 }
+
 output "alb_target_group_id" {
  value = aws_alb_target_group.oonibackend_proxy.id
 }
diff --git a/tf/modules/ooni_backendproxy/templates/setup-backend-proxy.sh b/tf/modules/ooni_backendproxy/templates/setup-backend-proxy.sh
@@ -22,5 +22,24 @@ server {
 EOF
 sudo mv $tmpfile /etc/nginx/sites-available/default
 
+
+tmpfile_stream=$(mktemp /tmp/nginx-stream-config.XXXXXX)
+cat > $tmpfile_stream <<EOF
+stream {
+ upstream clickhouse_backend {
+ server ${clickhouse_url}:${clickhouse_port};
+ }
+
+ server {
+ listen 9000;
+
+ proxy_pass clickhouse_backend; 
+ }
+
+ error_log /var/log/nginx/error.log;
+}
+EOF
+sudo mv $tmpfile_stream /etc/nginx/modules-enabled/stream.conf
+
 sudo nginx -t
 sudo systemctl reload nginx
diff --git a/tf/modules/ooni_backendproxy/variables.tf b/tf/modules/ooni_backendproxy/variables.tf
@@ -2,8 +2,12 @@ variable "vpc_id" {
  description = "the id of the VPC to deploy the instance into"
 }
 
-variable "subnet_ids" {
- description = "the ids of the subnet of the subnets to deploy the instance into"
+variable "subnet_id" {
+ description = "the ids of the subnet to deploy the instance into"
+}
+
+variable "private_subnet_cidr" {
+ description = "the cidr block of the private subnet to allow traffic from for the clickhouse proxy"
 }
 
 variable "tags" {
@@ -28,4 +32,21 @@ variable "instance_type" {
 variable "backend_url" {
  type = string
  default = "https://backend-fsn.ooni.org/"
-}
+}
+
+variable "stage" {
+ default = "one of dev, stage, test, prod"
+}
+
+variable "dns_zone_ooni_io" {
+ description = "id of the DNS zone for ooni_io"
+}
+
+variable "clickhouse_url" {
+ description = "clickhouse url to proxy requests to"
+ default = "backend-fsn.ooni.org" 
+}
+
+variable "clickhouse_port" {
+ description = "clickhouse port for the backend"
+}