blockstream-satellite-api/terraform/modules/blc/cloud-init/blc.yaml

bootcmd:
  - blkid /dev/disk/by-id/google-data || mkfs.ext4 -L data /dev/disk/by-id/google-data
  - mkdir -p /mnt/disks/data
mounts:
  - [ /dev/disk/by-id/google-data, /mnt/disks/data, auto, "rw,noatime,discard,nobarrier,nodev" ]

users:
  - name: bs
    uid: 2000

write_files:
  - path: /home/bs/check_containers.sh
    permissions: 0744
    owner: root
    content: |
        #!/bin/bash

        # Save # and names of running containers
        NUM_CONT=$$(docker ps -q | wc -l)
        RUNNING_CONT="$$(docker ps --format '{{.Names}}' | tr '\n' ', ' | sed -e 's/,$//g')"

        # If less than 9 are running, send alert to opsgenie
        if [ $${NUM_CONT} != '9' ]
        then
               curl -s -X POST https://api.opsgenie.com/v2/alerts \
                  -H "Content-Type: application/json" \
                  -H "Authorization: GenieKey ${opsgenie_key}" \
                  -d \
              '{
                  "message": "Satellite API instance does not have all 9 containers running",
                  "alias": "satapi-missing-containers",
                  "description":"Currently running '$${NUM_CONT}'/9: '$${RUNNING_CONT}'",
                  "tags": ["SatAPI","Critical"],
                  "entity":"api.blockstream.space",
                  "priority":"P2"
              }'
          else
                echo "'$${NUM_CONT}'/9 containers are running"
        fi

  - path: /etc/systemd/system/check-containers.service
    permissions: 0644
    owner: root
    content: |
        [Unit]
        Description=Check # of containers every 10 mins
        Wants=check-containers.timer
        After=charge.service

        [Service]
        ExecStart=/bin/bash /home/bs/check_containers.sh

  - path: /etc/systemd/system/check-containers.timer
    permissions: 0644
    owner: root
    content: |
        [Unit]
        Description=Run check-containers service every 10 minutes (7 min delay)

        [Timer]
        OnBootSec=420s
        OnUnitActiveSec=10m
        Persistent=true

        [Install]
        WantedBy=timers.target

  - path: /etc/systemd/system/node-exporter.service
    permissions: 0644
    owner: root
    content: |
        [Unit]
        Description=Prometheus node-exporter
        Wants=gcr-online.target docker.service
        After=gcr-online.service docker.service

        [Service]
        Restart=always
        RestartSec=3
        Environment=HOME=/home/bs
        ExecStartPre=/usr/bin/docker pull ${node_exporter_docker}
        ExecStartPre=/sbin/iptables -A INPUT -m tcp -p tcp --dport 9100 -j ACCEPT
        ExecStart=/usr/bin/docker run \
            --name=node-exporter \
            --network=host \
            --read-only \
            -v /proc:/host/proc:ro \
            -v /sys:/host/sys:ro \
            -v /:/rootfs:ro \
            -v metrics:/metrics:ro \
            -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro \
            "${node_exporter_docker}" --path.procfs /host/proc --path.sysfs /host/sys --collector.textfile.directory /metrics --collector.filesystem.ignored-mount-points "^/(sys|proc|dev|host|etc($|/))" --collector.systemd
        ExecStop=/usr/bin/docker stop node-exporter
        ExecStopPost=/usr/bin/docker rm node-exporter
        ExecStopPost=/sbin/iptables -D INPUT -m tcp -p tcp --dport 9100 -j ACCEPT

  - path: /etc/systemd/system/postgres.service
    permissions: 0644
    owner: root
    content: |
        [Unit]
        Description=PostgreSQL Server
        Wants=gcr-online.target docker.service
        After=gcr-online.service docker.service

        [Service]
        Restart=always
        RestartSec=3
        Environment=HOME=/home/bs
        ExecStartPre=/usr/bin/docker pull ${postgres_docker}
        ExecStartPre=/sbin/iptables -A INPUT -p tcp -s localhost --dport 5432 -j ACCEPT
        ExecStart=/usr/bin/docker run \
            --name=postgres \
            --network=host \
            -v /mnt/disks/data/postgres:/var/lib/postgresql/data/pgdata \
            -e "PGDATA=/var/lib/postgresql/data/pgdata" \
            -e "POSTGRES_USER=${pguser}" \
            -e "POSTGRES_PASSWORD=${pgpass}" \
            "${postgres_docker}" postgres
        ExecStop=/usr/bin/docker stop postgres
        ExecStopPost=/usr/bin/docker rm postgres
        ExecStopPost=/sbin/iptables -D INPUT -p tcp -s localhost --dport 5432 -j ACCEPT

  - path: /etc/systemd/system/autossh-key-downloader.service
    permissions: 0644
    owner: root
    content: |
        [Unit]
        Description=Download SSH privkey from GCS
        Wants=gcr-online.target
        After=gcr-online.target

        [Service]
        Type=oneshot
        RemainAfterExit=true
        Environment=HOME=/home/bs
        ExecStart=/usr/bin/docker run \
            --name=autosssh-key \
            --tmpfs /root \
            --tmpfs /tmp \
            --rm \
            -v /home/bs:/mnt/bs:rw \
            "${certbot_docker}" /google-cloud-sdk/bin/gsutil -m cp -r ${private_bucket}/k8s_keys${ssh_key_net}/* /mnt/bs/
        ExecStartPost=-/bin/chmod 0600 /home/bs/k8s_autossh.key
        ExecStopPost=-/bin/chmod 0600 /home/bs/k8s_autossh.key

  - path: /etc/systemd/system/k8s-autossh.service
    permissions: 0644
    owner: root
    content: |
        [Unit]
        Description=SSH tunnel to on-prem K8s node
        Wants=gcr-online.target
        After=autossh-key-downloader.service

        [Service]
        Restart=always
        RestartSec=5
        Environment=HOME=/home/bs
        ExecStartPre=/sbin/iptables -A INPUT -p tcp -s localhost --dport ${k8s_autossh_btc_port} -j ACCEPT
        ExecStart=/usr/bin/docker run \
            --network=host \
            --name=k8s-autossh \
            -e AUTOSSH_GATETIME=0 \
            -v /home/bs/k8s_autossh.key:/root/.ssh/id_ed25519:ro \
            ${autossh_docker} ${k8s_autossh_btc_port}:localhost:${k8s_autossh_btc_port} -p ${k8s_autossh_ssh_port} root@${k8s_autossh_lb}
        ExecStop=/usr/bin/docker stop k8s-autossh
        ExecStopPost=/usr/bin/docker rm k8s-autossh
        ExecStopPost=/sbin/iptables -D INPUT -p tcp -s localhost --dport ${k8s_autossh_btc_port} -j ACCEPT

  - path: /home/bs/lightning.conf
    permissions: 0644
    owner: root
    content: |
        log-level=debug
        plugin-dir=/usr/local/bin/plugins
        alias=ionosphere-${net}
        bitcoin-rpcuser=${net}-def
        bitcoin-rpcpassword=${rpcpass}
        announce-addr=${announce_addr}
        bind-addr=0.0.0.0

  - path: /etc/systemd/system/lightning.service
    permissions: 0644
    owner: root
    content: |
        [Unit]
        Description=Lightning node
        Wants=gcr-online.target
        After=k8s-autossh.service

        [Service]
        Restart=always
        RestartSec=3
        Environment=HOME=/home/bs
        ExecStartPre=/usr/bin/docker pull ${lightning_docker}
        ExecStartPre=/sbin/iptables -A INPUT -p tcp --dport ${lightning_port} -j ACCEPT
        ExecStartPre=/sbin/iptables -A INPUT -m tcp -p tcp --dport 9900 -j ACCEPT
        ExecStart=/usr/bin/docker run \
            --network=host \
            --pid=host \
            --name=lightning \
            --cap-add=SYS_PTRACE \
            --memory=2g \
            --log-opt max-size=1g \
            -v /home/bs/lightning.conf:/root/.lightning${network_dir}/lightning.conf:ro \
            -v /mnt/disks/data/lightning:/root/.lightning:rw \
            "${lightning_docker}" ${lightning_cmd}
        ExecStop=/usr/bin/docker exec lightning lightning-cli stop
        ExecStopPost=/usr/bin/sleep 3
        ExecStopPost=/usr/bin/docker rm -f lightning
        ExecStopPost=/sbin/iptables -D INPUT -p tcp --dport ${lightning_port} -j ACCEPT
        ExecStopPost=/sbin/iptables -D INPUT -m tcp -p tcp --dport 9900 -j ACCEPT

  - path: /etc/systemd/system/redis.service
    permissions: 0644
    owner: root
    content: |
        [Unit]
        Description=Redis db for server-side events
        Wants=gcr-online.target
        After=gcr-online.service

        [Service]
        Restart=always
        RestartSec=3
        Environment=HOME=/home/bs
        ExecStartPre=/usr/bin/docker pull redis:latest
        ExecStartPre=/sbin/iptables -A INPUT -p tcp -s localhost --dport ${redis_port} -j ACCEPT
        ExecStart=/usr/bin/docker run \
            --network=host \
            --pid=host \
            --name=sse-redis-db \
            "redis:latest"
        ExecStop=/usr/bin/docker stop sse-redis-db
        ExecStopPost=/usr/bin/docker rm sse-redis-db
        ExecStopPost=/sbin/iptables -D INPUT -p tcp -s localhost --dport ${redis_port} -j ACCEPT

  - path: /etc/systemd/system/ionosphere.service
    permissions: 0644
    owner: root
    content: |
        [Unit]
        Description=Ionosphere daemon
        Wants=gcr-online.target
        After=lightning.service

        [Service]
        Restart=always
        RestartSec=3
        Environment=HOME=/home/bs
        ExecStartPre=/usr/bin/docker pull ${ionosphere_docker}
        ExecStartPre=/sbin/iptables -A INPUT -p tcp -s 10.138.0.0/16 --dport 9292 -j ACCEPT
        ExecStartPre=/sbin/iptables -A INPUT -p tcp -s 10.138.0.0/16 --dport 4500 -j ACCEPT
        ExecStartPre=/usr/bin/docker run \
            --user root \
            -v /mnt/disks/data/ionosphere:/data \
            --entrypoint bash \
            --rm \
            "${ionosphere_docker}" \
            -c 'chown -R ionosphere:ionosphere /data'
        ExecStart=/usr/bin/docker run \
            --network=host \
            --pid=host \
            --name=ionosphere \
            --log-opt max-size=200m \
            --log-opt max-file=3 \
            -v /mnt/disks/data/ionosphere:/data \
            -e "RACK_ENV=production" \
            -e "CHARGE_ROOT=http://api-token:${charge_token}@localhost:9112" \
            -e "CALLBACK_URI_ROOT=http://localhost:9292" \
            "${ionosphere_docker}"
        ExecStop=/usr/bin/docker stop ionosphere
        ExecStopPost=/usr/bin/docker rm ionosphere
        ExecStopPost=/sbin/iptables -D INPUT -p tcp -s 10.138.0.0/16 --dport 9292 -j ACCEPT
        ExecStopPost=/sbin/iptables -D INPUT -p tcp -s 10.138.0.0/16 --dport 4500 -j ACCEPT

  - path: /etc/systemd/system/ionosphere-tx.service
    permissions: 0644
    owner: root
    content: |
        [Unit]
        Description=Ionosphere Transmitter daemon
        Wants=gcr-online.target
        After=ionosphere.service

        [Service]
        Restart=always
        RestartSec=3
        Environment=HOME=/home/bs
        ExecStart=/usr/bin/docker run \
            --network=host \
            --pid=host \
            --name=ionosphere-tx \
            -v /mnt/disks/data/ionosphere:/data \
            -e "RACK_ENV=production" \
            "${ionosphere_docker}" ./docker_entrypoint_transmitter.sh
        ExecStop=/usr/bin/docker stop ionosphere-tx
        ExecStopPost=/usr/bin/docker rm ionosphere-tx

  - path: /etc/systemd/system/ionosphere-sse.service
    permissions: 0644
    owner: root
    content: |
        [Unit]
        Description=Ionosphere Server-Side Events Server
        Wants=gcr-online.target
        After=redis.service

        [Service]
        Restart=always
        RestartSec=3
        Environment=HOME=/home/bs
        ExecStartPre=/usr/bin/docker pull ${ionosphere_sse_docker}
        ExecStart=/usr/bin/docker run \
            --network=host \
            --pid=host \
            --name=ionosphere-sse \
            -e "SUB_CHANNELS=transmissions" \
            -e "REDIS_URI=redis://localhost:6379" \
            "${ionosphere_sse_docker}"
        ExecStop=/usr/bin/docker stop ionosphere-sse
        ExecStopPost=/usr/bin/docker rm ionosphere-sse

  - path: /etc/systemd/system/charge.service
    permissions: 0644
    owner: root
    content: |
        [Unit]
        Description=Charge instance
        Wants=gcr-online.target
        After=ionosphere.service

        [Service]
        Restart=always
        RestartSec=200
        Environment=HOME=/home/bs
        ExecStartPre=/usr/bin/docker pull ${charge_docker}
        ExecStartPre=/sbin/iptables -A INPUT -p tcp -s localhost --dport 9112 -j ACCEPT
        ExecStart=/usr/bin/docker run \
            --network=host \
            --pid=host \
            --name=charge \
            -v /mnt/disks/data/lightning${network_dir}:/root/.lightning:ro \
            -v /mnt/disks/data/charge:/data:rw \
            -e "API_TOKEN=${charge_token}" \
            "${charge_docker}" ${charge_cmd}
        ExecStop=/usr/bin/docker stop charge
        ExecStopPost=/usr/bin/docker rm charge
        ExecStopPost=/sbin/iptables -D INPUT -p tcp -s localhost --dport 9112 -j ACCEPT

runcmd:
  - systemctl daemon-reload
  - systemctl start autossh-key-downloader.service
  - systemctl enable autossh-key-downloader.service
  - systemctl start k8s-autossh.service
  - systemctl enable k8s-autossh.service
  - systemctl start lightning.service
  - systemctl enable lightning.service
#  - systemctl start postgres.service
#  - systemctl enable postgres.service  
  - systemctl start redis.service
  - systemctl enable redis.service
  - systemctl start ionosphere.service
  - systemctl enable ionosphere.service
  - systemctl start ionosphere-tx.service
  - systemctl enable ionosphere-tx.service
  - systemctl start ionosphere-sse.service
  - systemctl enable ionosphere-sse.service
  - systemctl start charge.service
  - systemctl enable charge.service
  - systemctl start node-exporter.service
  - systemctl enable node-exporter.service
  - systemctl start check-containers.timer
  - systemctl enable check-containers.timer
add nginx proxy as LB 2019-06-13 09:01:23 -07:00			`bootcmd:`
initial commit 2019-01-16 10:22:44 -08:00			`- blkid /dev/disk/by-id/google-data \|\| mkfs.ext4 -L data /dev/disk/by-id/google-data`
			`- mkdir -p /mnt/disks/data`
			`mounts:`
			`- [ /dev/disk/by-id/google-data, /mnt/disks/data, auto, "rw,noatime,discard,nobarrier,nodev" ]`

			`users:`
			`- name: bs`
			`uid: 2000`

			`write_files:`
			`- path: /home/bs/check_containers.sh`
			`permissions: 0744`
			`owner: root`
			`content: \|`
			`#!/bin/bash`

			`# Save # and names of running containers`
			`NUM_CONT=$$(docker ps -q \| wc -l)`
			`RUNNING_CONT="$$(docker ps --format '{{.Names}}' \| tr '\n' ', ' \| sed -e 's/,$//g')"`

typos 2019-09-06 12:24:34 -07:00			`# If less than 9 are running, send alert to opsgenie`
typo in ionosphere.service + check_containers.sh 2019-06-17 11:03:18 -07:00			`if [ $${NUM_CONT} != '9' ]`
initial commit 2019-01-16 10:22:44 -08:00			`then`
			`curl -s -X POST https://api.opsgenie.com/v2/alerts \`
			`-H "Content-Type: application/json" \`
			`-H "Authorization: GenieKey ${opsgenie_key}" \`
			`-d \`
			`'{`
typo in ionosphere.service + check_containers.sh 2019-06-17 11:03:18 -07:00			`"message": "Satellite API instance does not have all 9 containers running",`
initial commit 2019-01-16 10:22:44 -08:00			`"alias": "satapi-missing-containers",`
typos 2019-09-06 12:24:34 -07:00			`"description":"Currently running '$${NUM_CONT}'/9: '$${RUNNING_CONT}'",`
initial commit 2019-01-16 10:22:44 -08:00			`"tags": ["SatAPI","Critical"],`
add nginx proxy as LB 2019-06-13 09:01:23 -07:00			`"entity":"api.blockstream.space",`
typos 2019-09-06 12:24:34 -07:00			`"priority":"P2"`
initial commit 2019-01-16 10:22:44 -08:00			`}'`
			`else`
typos 2019-09-06 12:24:34 -07:00			`echo "'$${NUM_CONT}'/9 containers are running"`
initial commit 2019-01-16 10:22:44 -08:00			`fi`

			`- path: /etc/systemd/system/check-containers.service`
			`permissions: 0644`
			`owner: root`
			`content: \|`
			`[Unit]`
			`Description=Check # of containers every 10 mins`
			`Wants=check-containers.timer`
			`After=charge.service`

			`[Service]`
			`ExecStart=/bin/bash /home/bs/check_containers.sh`

			`- path: /etc/systemd/system/check-containers.timer`
			`permissions: 0644`
			`owner: root`
			`content: \|`
			`[Unit]`
			`Description=Run check-containers service every 10 minutes (7 min delay)`

			`[Timer]`
			`OnBootSec=420s`
			`OnUnitActiveSec=10m`
			`Persistent=true`

			`[Install]`
			`WantedBy=timers.target`

			`- path: /etc/systemd/system/node-exporter.service`
			`permissions: 0644`
			`owner: root`
			`content: \|`
			`[Unit]`
			`Description=Prometheus node-exporter`
			`Wants=gcr-online.target docker.service`
			`After=gcr-online.service docker.service`

			`[Service]`
			`Restart=always`
			`RestartSec=3`
			`Environment=HOME=/home/bs`
			`ExecStartPre=/usr/bin/docker pull ${node_exporter_docker}`
			`ExecStartPre=/sbin/iptables -A INPUT -m tcp -p tcp --dport 9100 -j ACCEPT`
			`ExecStart=/usr/bin/docker run \`
			`--name=node-exporter \`
			`--network=host \`
			`--read-only \`
			`-v /proc:/host/proc:ro \`
			`-v /sys:/host/sys:ro \`
			`-v /:/rootfs:ro \`
			`-v metrics:/metrics:ro \`
			`-v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro \`
			`"${node_exporter_docker}" --path.procfs /host/proc --path.sysfs /host/sys --collector.textfile.directory /metrics --collector.filesystem.ignored-mount-points "^/(sys\|proc\|dev\|host\|etc($\|/))" --collector.systemd`
			`ExecStop=/usr/bin/docker stop node-exporter`
			`ExecStopPost=/usr/bin/docker rm node-exporter`
			`ExecStopPost=/sbin/iptables -D INPUT -m tcp -p tcp --dport 9100 -j ACCEPT`

add postgres 2019-07-29 16:40:27 -07:00			`- path: /etc/systemd/system/postgres.service`
			`permissions: 0644`
			`owner: root`
			`content: \|`
			`[Unit]`
			`Description=PostgreSQL Server`
			`Wants=gcr-online.target docker.service`
			`After=gcr-online.service docker.service`

			`[Service]`
			`Restart=always`
			`RestartSec=3`
			`Environment=HOME=/home/bs`
			`ExecStartPre=/usr/bin/docker pull ${postgres_docker}`
			`ExecStartPre=/sbin/iptables -A INPUT -p tcp -s localhost --dport 5432 -j ACCEPT`
			`ExecStart=/usr/bin/docker run \`
			`--name=postgres \`
			`--network=host \`
			`-v /mnt/disks/data/postgres:/var/lib/postgresql/data/pgdata \`
			`-e "PGDATA=/var/lib/postgresql/data/pgdata" \`
			`-e "POSTGRES_USER=${pguser}" \`
			`-e "POSTGRES_PASSWORD=${pgpass}" \`
			`"${postgres_docker}" postgres`
			`ExecStop=/usr/bin/docker stop postgres`
			`ExecStopPost=/usr/bin/docker rm postgres`
			`ExecStopPost=/sbin/iptables -D INPUT -p tcp -s localhost --dport 5432 -j ACCEPT`

add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`- path: /etc/systemd/system/autossh-key-downloader.service`
add postgres 2019-07-29 16:40:27 -07:00			`permissions: 0644`
			`owner: root`
			`content: \|`
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`[Unit]`
			`Description=Download SSH privkey from GCS`
			`Wants=gcr-online.target`
			`After=gcr-online.target`

			`[Service]`
			`Type=oneshot`
			`RemainAfterExit=true`
			`Environment=HOME=/home/bs`
			`ExecStart=/usr/bin/docker run \`
			`--name=autosssh-key \`
			`--tmpfs /root \`
			`--tmpfs /tmp \`
			`--rm \`
			`-v /home/bs:/mnt/bs:rw \`
stop using data image, use private_bucket as CI var 2019-09-06 11:43:25 -07:00			`"${certbot_docker}" /google-cloud-sdk/bin/gsutil -m cp -r ${private_bucket}/k8s_keys${ssh_key_net}/* /mnt/bs/`
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`ExecStartPost=-/bin/chmod 0600 /home/bs/k8s_autossh.key`
			`ExecStopPost=-/bin/chmod 0600 /home/bs/k8s_autossh.key`
add postgres 2019-07-29 16:40:27 -07:00
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`- path: /etc/systemd/system/k8s-autossh.service`
initial commit 2019-01-16 10:22:44 -08:00			`permissions: 0644`
			`owner: root`
			`content: \|`
			`[Unit]`
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`Description=SSH tunnel to on-prem K8s node`
initial commit 2019-01-16 10:22:44 -08:00			`Wants=gcr-online.target`
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`After=autossh-key-downloader.service`
initial commit 2019-01-16 10:22:44 -08:00
			`[Service]`
			`Restart=always`
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`RestartSec=5`
initial commit 2019-01-16 10:22:44 -08:00			`Environment=HOME=/home/bs`
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`ExecStartPre=/sbin/iptables -A INPUT -p tcp -s localhost --dport ${k8s_autossh_btc_port} -j ACCEPT`
initial commit 2019-01-16 10:22:44 -08:00			`ExecStart=/usr/bin/docker run \`
			`--network=host \`
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`--name=k8s-autossh \`
			`-e AUTOSSH_GATETIME=0 \`
			`-v /home/bs/k8s_autossh.key:/root/.ssh/id_ed25519:ro \`
			`${autossh_docker} ${k8s_autossh_btc_port}:localhost:${k8s_autossh_btc_port} -p ${k8s_autossh_ssh_port} root@${k8s_autossh_lb}`
			`ExecStop=/usr/bin/docker stop k8s-autossh`
			`ExecStopPost=/usr/bin/docker rm k8s-autossh`
			`ExecStopPost=/sbin/iptables -D INPUT -p tcp -s localhost --dport ${k8s_autossh_btc_port} -j ACCEPT`
initial commit 2019-01-16 10:22:44 -08:00
add postgres 2019-07-29 16:40:27 -07:00			`- path: /home/bs/lightning.conf`
			`permissions: 0644`
			`owner: root`
			`content: \|`
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`log-level=debug`
			`plugin-dir=/usr/local/bin/plugins`
add postgres 2019-07-29 16:40:27 -07:00			`alias=ionosphere-${net}`
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`bitcoin-rpcuser=${net}-def`
add postgres 2019-07-29 16:40:27 -07:00			`bitcoin-rpcpassword=${rpcpass}`
			`announce-addr=${announce_addr}`
lightning.conf typo + gcloud-docker 2019-08-12 16:18:10 -07:00			`bind-addr=0.0.0.0`
add postgres 2019-07-29 16:40:27 -07:00
initial commit 2019-01-16 10:22:44 -08:00			`- path: /etc/systemd/system/lightning.service`
			`permissions: 0644`
			`owner: root`
			`content: \|`
			`[Unit]`
			`Description=Lightning node`
			`Wants=gcr-online.target`
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`After=k8s-autossh.service`
initial commit 2019-01-16 10:22:44 -08:00
			`[Service]`
			`Restart=always`
			`RestartSec=3`
			`Environment=HOME=/home/bs`
			`ExecStartPre=/usr/bin/docker pull ${lightning_docker}`
			`ExecStartPre=/sbin/iptables -A INPUT -p tcp --dport ${lightning_port} -j ACCEPT`
C-Lightning: add Prom plugin, update gcloud-docker-tf 2019-07-16 18:03:01 -07:00			`ExecStartPre=/sbin/iptables -A INPUT -m tcp -p tcp --dport 9900 -j ACCEPT`
initial commit 2019-01-16 10:22:44 -08:00			`ExecStart=/usr/bin/docker run \`
			`--network=host \`
			`--pid=host \`
			`--name=lightning \`
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`--cap-add=SYS_PTRACE \`
			`--memory=2g \`
make sure logs don't fill up disk 2019-05-08 13:52:25 -07:00			`--log-opt max-size=1g \`
terraform: LN node dir structure; literal values vs quotes 2020-01-02 10:58:11 -08:00			`-v /home/bs/lightning.conf:/root/.lightning${network_dir}/lightning.conf:ro \`
fixup lightning command + charge lightning dir 2020-01-03 05:57:51 -08:00			`-v /mnt/disks/data/lightning:/root/.lightning:rw \`
initial commit 2019-01-16 10:22:44 -08:00			`"${lightning_docker}" ${lightning_cmd}`
			`ExecStop=/usr/bin/docker exec lightning lightning-cli stop`
remove http_x_forwarded_for from nginx and set it to 0.0.0.0 + update some image hashes + add log rotation 2019-04-18 19:31:02 -07:00			`ExecStopPost=/usr/bin/sleep 3`
			`ExecStopPost=/usr/bin/docker rm -f lightning`
initial commit 2019-01-16 10:22:44 -08:00			`ExecStopPost=/sbin/iptables -D INPUT -p tcp --dport ${lightning_port} -j ACCEPT`
C-Lightning: add Prom plugin, update gcloud-docker-tf 2019-07-16 18:03:01 -07:00			`ExecStopPost=/sbin/iptables -D INPUT -m tcp -p tcp --dport 9900 -j ACCEPT`
initial commit 2019-01-16 10:22:44 -08:00
			`- path: /etc/systemd/system/redis.service`
			`permissions: 0644`
			`owner: root`
			`content: \|`
			`[Unit]`
			`Description=Redis db for server-side events`
			`Wants=gcr-online.target`
			`After=gcr-online.service`

			`[Service]`
			`Restart=always`
			`RestartSec=3`
			`Environment=HOME=/home/bs`
			`ExecStartPre=/usr/bin/docker pull redis:latest`
			`ExecStartPre=/sbin/iptables -A INPUT -p tcp -s localhost --dport ${redis_port} -j ACCEPT`
			`ExecStart=/usr/bin/docker run \`
			`--network=host \`
			`--pid=host \`
			`--name=sse-redis-db \`
			`"redis:latest"`
			`ExecStop=/usr/bin/docker stop sse-redis-db`
			`ExecStopPost=/usr/bin/docker rm sse-redis-db`
			`ExecStopPost=/sbin/iptables -D INPUT -p tcp -s localhost --dport ${redis_port} -j ACCEPT`

			`- path: /etc/systemd/system/ionosphere.service`
			`permissions: 0644`
			`owner: root`
			`content: \|`
			`[Unit]`
			`Description=Ionosphere daemon`
			`Wants=gcr-online.target`
			`After=lightning.service`

			`[Service]`
			`Restart=always`
			`RestartSec=3`
			`Environment=HOME=/home/bs`
			`ExecStartPre=/usr/bin/docker pull ${ionosphere_docker}`
add nginx proxy as LB 2019-06-13 09:01:23 -07:00			`ExecStartPre=/sbin/iptables -A INPUT -p tcp -s 10.138.0.0/16 --dport 9292 -j ACCEPT`
typo in ionosphere.service + check_containers.sh 2019-06-17 11:03:18 -07:00			`ExecStartPre=/sbin/iptables -A INPUT -p tcp -s 10.138.0.0/16 --dport 4500 -j ACCEPT`
initial commit 2019-01-16 10:22:44 -08:00			`ExecStartPre=/usr/bin/docker run \`
			`--user root \`
			`-v /mnt/disks/data/ionosphere:/data \`
			`--entrypoint bash \`
			`--rm \`
			`"${ionosphere_docker}" \`
			`-c 'chown -R ionosphere:ionosphere /data'`
			`ExecStart=/usr/bin/docker run \`
			`--network=host \`
			`--pid=host \`
			`--name=ionosphere \`
remove http_x_forwarded_for from nginx and set it to 0.0.0.0 + update some image hashes + add log rotation 2019-04-18 19:31:02 -07:00			`--log-opt max-size=200m \`
			`--log-opt max-file=3 \`
initial commit 2019-01-16 10:22:44 -08:00			`-v /mnt/disks/data/ionosphere:/data \`
			`-e "RACK_ENV=production" \`
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`-e "CHARGE_ROOT=http://api-token:${charge_token}@localhost:9112" \`
initial commit 2019-01-16 10:22:44 -08:00			`-e "CALLBACK_URI_ROOT=http://localhost:9292" \`
			`"${ionosphere_docker}"`
			`ExecStop=/usr/bin/docker stop ionosphere`
			`ExecStopPost=/usr/bin/docker rm ionosphere`
add nginx proxy as LB 2019-06-13 09:01:23 -07:00			`ExecStopPost=/sbin/iptables -D INPUT -p tcp -s 10.138.0.0/16 --dport 9292 -j ACCEPT`
			`ExecStopPost=/sbin/iptables -D INPUT -p tcp -s 10.138.0.0/16 --dport 4500 -j ACCEPT`
initial commit 2019-01-16 10:22:44 -08:00
			`- path: /etc/systemd/system/ionosphere-tx.service`
			`permissions: 0644`
			`owner: root`
			`content: \|`
			`[Unit]`
			`Description=Ionosphere Transmitter daemon`
			`Wants=gcr-online.target`
			`After=ionosphere.service`

			`[Service]`
			`Restart=always`
			`RestartSec=3`
			`Environment=HOME=/home/bs`
			`ExecStart=/usr/bin/docker run \`
			`--network=host \`
			`--pid=host \`
			`--name=ionosphere-tx \`
			`-v /mnt/disks/data/ionosphere:/data \`
			`-e "RACK_ENV=production" \`
			`"${ionosphere_docker}" ./docker_entrypoint_transmitter.sh`
			`ExecStop=/usr/bin/docker stop ionosphere-tx`
			`ExecStopPost=/usr/bin/docker rm ionosphere-tx`

			`- path: /etc/systemd/system/ionosphere-sse.service`
			`permissions: 0644`
			`owner: root`
			`content: \|`
			`[Unit]`
			`Description=Ionosphere Server-Side Events Server`
			`Wants=gcr-online.target`
			`After=redis.service`

			`[Service]`
			`Restart=always`
			`RestartSec=3`
			`Environment=HOME=/home/bs`
			`ExecStartPre=/usr/bin/docker pull ${ionosphere_sse_docker}`
			`ExecStart=/usr/bin/docker run \`
			`--network=host \`
			`--pid=host \`
			`--name=ionosphere-sse \`
			`-e "SUB_CHANNELS=transmissions" \`
			`-e "REDIS_URI=redis://localhost:6379" \`
			`"${ionosphere_sse_docker}"`
			`ExecStop=/usr/bin/docker stop ionosphere-sse`
			`ExecStopPost=/usr/bin/docker rm ionosphere-sse`

			`- path: /etc/systemd/system/charge.service`
			`permissions: 0644`
			`owner: root`
			`content: \|`
			`[Unit]`
			`Description=Charge instance`
			`Wants=gcr-online.target`
			`After=ionosphere.service`

			`[Service]`
			`Restart=always`
			`RestartSec=200`
			`Environment=HOME=/home/bs`
			`ExecStartPre=/usr/bin/docker pull ${charge_docker}`
			`ExecStartPre=/sbin/iptables -A INPUT -p tcp -s localhost --dport 9112 -j ACCEPT`
			`ExecStart=/usr/bin/docker run \`
			`--network=host \`
			`--pid=host \`
			`--name=charge \`
fixup lightning command + charge lightning dir 2020-01-03 05:57:51 -08:00			`-v /mnt/disks/data/lightning${network_dir}:/root/.lightning:ro \`
initial commit 2019-01-16 10:22:44 -08:00			`-v /mnt/disks/data/charge:/data:rw \`
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`-e "API_TOKEN=${charge_token}" \`
rename project 2019-01-29 11:28:40 -08:00			`"${charge_docker}" ${charge_cmd}`
initial commit 2019-01-16 10:22:44 -08:00			`ExecStop=/usr/bin/docker stop charge`
			`ExecStopPost=/usr/bin/docker rm charge`
			`ExecStopPost=/sbin/iptables -D INPUT -p tcp -s localhost --dport 9112 -j ACCEPT`

			`runcmd:`
			`- systemctl daemon-reload`
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`- systemctl start autossh-key-downloader.service`
			`- systemctl enable autossh-key-downloader.service`
			`- systemctl start k8s-autossh.service`
			`- systemctl enable k8s-autossh.service`
initial commit 2019-01-16 10:22:44 -08:00			`- systemctl start lightning.service`
			`- systemctl enable lightning.service`
start using docker-push-latest-if-changed, add plan before each prod/staging deploy, and make prod/staging deploys manual 2019-09-04 17:29:16 -07:00			`# - systemctl start postgres.service`
			`# - systemctl enable postgres.service`
initial commit 2019-01-16 10:22:44 -08:00			`- systemctl start redis.service`
			`- systemctl enable redis.service`
			`- systemctl start ionosphere.service`
			`- systemctl enable ionosphere.service`
			`- systemctl start ionosphere-tx.service`
			`- systemctl enable ionosphere-tx.service`
			`- systemctl start ionosphere-sse.service`
			`- systemctl enable ionosphere-sse.service`
			`- systemctl start charge.service`
			`- systemctl enable charge.service`
			`- systemctl start node-exporter.service`
stop maintaining satellite.bs.com 2019-06-06 07:33:01 -07:00			`- systemctl enable node-exporter.service`
initial commit 2019-01-16 10:22:44 -08:00			`- systemctl start check-containers.timer`
terraform: LN node dir structure; literal values vs quotes 2020-01-02 10:58:11 -08:00			`- systemctl enable check-containers.timer`