mirrors/blockstream-satellite-api
1
0
Fork 0
mirror of https://github.com/Blockstream/satellite-api.git synced 2025-02-21 21:31:37 +01:00
Code Issues Projects Releases Packages Wiki Activity

CI: GCR docker auth; rename ionosphere to api-server

Browse source 
TF: add CI service account; add REDIS_URI to services
This commit is contained in:
nitramiz 2021-07-16 06:49:29 -07:00 committed by Blockstream Satellite
parent 7f6d4b3a6b
commit 5860c65540
3 changed files with 41 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitlab-ci.yml
View file

@ -19,6 +19,7 @@ before_script:
- echo $GCLOUD_KEY > $TMPF - echo $GCLOUD_KEY > $TMPF
- export GOOGLE_APPLICATION_CREDENTIALS=$TMPF - export GOOGLE_APPLICATION_CREDENTIALS=$TMPF
- gcloud auth activate-service-account --key-file=$TMPF - gcloud auth activate-service-account --key-file=$TMPF
- gcloud auth configure-docker
- gcloud auth list - gcloud auth list
- gcloud --version - gcloud --version

14
terraform/iam.tf Normal file
View file

@ -0,0 +1,14 @@
resource "google_service_account" "api_server_ci" {
project = var.project
account_id = "satellite-api-tf-ci"
display_name = "satellite-api-tf-ci"
description = "Terraform/CI"
count = local.create_mainnet
}
resource "google_project_iam_member" "api_server_ci" {
project = var.project
role = "roles/editor"
member = "serviceAccount:${google_service_account.api_server_ci[0].email}"
count = local.create_mainnet
}

56
terraform/modules/blc/cloud-init/blc.yaml
View file

@ -19,23 +19,23 @@ write_files:
NUM_CONT=$$(docker ps -q | wc -l) NUM_CONT=$$(docker ps -q | wc -l)
RUNNING_CONT="$$(docker ps --format '{{.Names}}' | tr '\n' ', ' | sed -e 's/,$//g')" RUNNING_CONT="$$(docker ps --format '{{.Names}}' | tr '\n' ', ' | sed -e 's/,$//g')"
# If less than 9 are running, send alert to opsgenie # If less than 8 are running, send alert to opsgenie
if [ $${NUM_CONT} != '9' ] if [ $${NUM_CONT} != '8' ]
then then
curl -s -X POST https://api.opsgenie.com/v2/alerts \ curl -s -X POST https://api.opsgenie.com/v2/alerts \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
-H "Authorization: GenieKey ${opsgenie_key}" \ -H "Authorization: GenieKey ${opsgenie_key}" \
-d \ -d \
'{ '{
"message": "Satellite API instance does not have all 9 containers running", "message": "Satellite API instance does not have all 8 containers running",
"alias": "satapi-missing-containers", "alias": "satapi-missing-containers",
"description":"Currently running '$${NUM_CONT}'/9: '$${RUNNING_CONT}'", "description":"Currently running '$${NUM_CONT}'/8: '$${RUNNING_CONT}'",
"tags": ["SatAPI","Critical"], "tags": ["SatAPI","Critical"],
"entity":"api.blockstream.space", "entity":"api.blockstream.space",
"priority":"P2" "priority":"P2"
}' }'
else else
echo "'$${NUM_CONT}'/9 containers are running" echo "'$${NUM_CONT}'/8 containers are running"
fi fi
- path: /etc/systemd/system/check-containers.service - path: /etc/systemd/system/check-containers.service
@ -209,12 +209,12 @@ write_files:
ExecStopPost=/usr/bin/docker rm sse-redis-db ExecStopPost=/usr/bin/docker rm sse-redis-db
ExecStopPost=/sbin/iptables -D INPUT -p tcp -s localhost --dport ${redis_port} -j ACCEPT ExecStopPost=/sbin/iptables -D INPUT -p tcp -s localhost --dport ${redis_port} -j ACCEPT
- path: /etc/systemd/system/ionosphere.service - path: /etc/systemd/system/api-server.service
permissions: 0644 permissions: 0644
owner: root owner: root
content: | content: |
[Unit] [Unit]
Description=Ionosphere daemon Description=API server daemon
Wants=gcr-online.target Wants=gcr-online.target
After=lightning.service After=lightning.service
@ -222,20 +222,14 @@ write_files:
Restart=always Restart=always
RestartSec=3 RestartSec=3
Environment=HOME=/home/bs Environment=HOME=/home/bs
ExecStartPre=/usr/bin/docker-credential-gcr configure-docker
ExecStartPre=/usr/bin/docker pull ${ionosphere_docker} ExecStartPre=/usr/bin/docker pull ${ionosphere_docker}
ExecStartPre=/sbin/iptables -A INPUT -p tcp -s 10.138.0.0/16 --dport 9292 -j ACCEPT ExecStartPre=/sbin/iptables -A INPUT -p tcp -s 10.138.0.0/16 --dport 9292 -j ACCEPT
ExecStartPre=/sbin/iptables -A INPUT -p tcp -s 10.138.0.0/16 --dport 4500 -j ACCEPT ExecStartPre=/sbin/iptables -A INPUT -p tcp -s 10.138.0.0/16 --dport 4500 -j ACCEPT
ExecStartPre=/usr/bin/docker run \
--user root \
-v /mnt/disks/data/ionosphere:/data \
--entrypoint bash \
--rm \
"${ionosphere_docker}" \
-c 'chown -R ionosphere:ionosphere /data'
ExecStart=/usr/bin/docker run \ ExecStart=/usr/bin/docker run \
--network=host \ --network=host \
--pid=host \ --pid=host \
--name=ionosphere \ --name=api-server \
--log-opt max-size=200m \ --log-opt max-size=200m \
--log-opt max-file=3 \ --log-opt max-file=3 \
-v /mnt/disks/data/ionosphere:/data \ -v /mnt/disks/data/ionosphere:/data \
@ -243,18 +237,19 @@ write_files:
-e "CHARGE_ROOT=http://api-token:${charge_token}@localhost:9112" \ -e "CHARGE_ROOT=http://api-token:${charge_token}@localhost:9112" \
-e "CALLBACK_URI_ROOT=http://localhost:9292" \ -e "CALLBACK_URI_ROOT=http://localhost:9292" \
-e "MIN_PER_BYTE_BID=1" \ -e "MIN_PER_BYTE_BID=1" \
-e "REDIS_URI=redis://localhost:6379" \
"${ionosphere_docker}" "${ionosphere_docker}"
ExecStop=/usr/bin/docker stop ionosphere ExecStop=/usr/bin/docker stop api-server
ExecStopPost=/usr/bin/docker rm ionosphere ExecStopPost=/usr/bin/docker rm api-server
ExecStopPost=/sbin/iptables -D INPUT -p tcp -s 10.138.0.0/16 --dport 9292 -j ACCEPT ExecStopPost=/sbin/iptables -D INPUT -p tcp -s 10.138.0.0/16 --dport 9292 -j ACCEPT
ExecStopPost=/sbin/iptables -D INPUT -p tcp -s 10.138.0.0/16 --dport 4500 -j ACCEPT ExecStopPost=/sbin/iptables -D INPUT -p tcp -s 10.138.0.0/16 --dport 4500 -j ACCEPT
- path: /etc/systemd/system/ionosphere-tx.service - path: /etc/systemd/system/api-server-tx.service
permissions: 0644 permissions: 0644
owner: root owner: root
content: | content: |
[Unit] [Unit]
Description=Ionosphere Transmitter daemon Description=Transmitter daemon
Wants=gcr-online.target Wants=gcr-online.target
After=ionosphere.service After=ionosphere.service
@ -265,19 +260,20 @@ write_files:
ExecStart=/usr/bin/docker run \ ExecStart=/usr/bin/docker run \
--network=host \ --network=host \
--pid=host \ --pid=host \
--name=ionosphere-tx \ --name=tx-daemon \
-v /mnt/disks/data/ionosphere:/data \ -v /mnt/disks/data/ionosphere:/data \
-e ENV="production" \ -e ENV="production" \
-e "REDIS_URI=redis://localhost:6379" \
"${ionosphere_docker}" daemon.sh "${ionosphere_docker}" daemon.sh
ExecStop=/usr/bin/docker stop ionosphere-tx ExecStop=/usr/bin/docker stop tx-daemon
ExecStopPost=/usr/bin/docker rm ionosphere-tx ExecStopPost=/usr/bin/docker rm tx-daemon
- path: /etc/systemd/system/ionosphere-sse.service - path: /etc/systemd/system/api-server-sse.service
permissions: 0644 permissions: 0644
owner: root owner: root
content: | content: |
[Unit] [Unit]
Description=Ionosphere Server-Side Events Server Description=Server-Side Events Server
Wants=gcr-online.target Wants=gcr-online.target
After=redis.service After=redis.service
@ -289,12 +285,12 @@ write_files:
ExecStart=/usr/bin/docker run \ ExecStart=/usr/bin/docker run \
--network=host \ --network=host \
--pid=host \ --pid=host \
--name=ionosphere-sse \ --name=sse-server \
-e "SUB_CHANNELS=transmissions" \ -e "SUB_CHANNELS=transmissions" \
-e "REDIS_URI=redis://localhost:6379" \ -e "REDIS_URI=redis://localhost:6379" \
"${ionosphere_sse_docker}" "${ionosphere_sse_docker}"
ExecStop=/usr/bin/docker stop ionosphere-sse ExecStop=/usr/bin/docker stop sse-server
ExecStopPost=/usr/bin/docker rm ionosphere-sse ExecStopPost=/usr/bin/docker rm sse-server
- path: /etc/systemd/system/charge.service - path: /etc/systemd/system/charge.service
permissions: 0644 permissions: 0644
@ -329,9 +325,9 @@ runcmd:
- systemctl enable --now k8s-autossh.service - systemctl enable --now k8s-autossh.service
- systemctl enable --now lightning.service - systemctl enable --now lightning.service
- systemctl enable --now redis.service - systemctl enable --now redis.service
- systemctl enable --now ionosphere.service - systemctl enable --now api-server.service
- systemctl enable --now ionosphere-tx.service - systemctl enable --now api-server-tx.service
- systemctl enable --now ionosphere-sse.service - systemctl enable --now api-server-sse.service
- systemctl enable --now charge.service - systemctl enable --now charge.service
- systemctl enable --now node-exporter.service - systemctl enable --now node-exporter.service
- systemctl enable --now check-containers.timer - systemctl enable --now check-containers.timer