Commit graph

89 commits

Author SHA1 Message Date
Blockstream Satellite
cce56fcfda tf: Reorganize the LB config for readability
Just move some locations around to make the configuration more readable.
2023-02-15 11:48:56 -03:00
Blockstream Satellite
74e12c5903 tf: Drop the auth, gossip and btc-src servers
With the multichannel support, the handling of auth, gossip, and btc-src
messages has been migrated to the single shared production Satellite API
server. There are separate logical channels now for these streams.
Hence, the previous dedicated servers used for them are no longer
required.
2023-02-15 11:48:56 -03:00
Blockstream Satellite
616584da8a tf: Increase the max body size on /admin 2023-02-06 13:07:15 -03:00
Blockstream Satellite
f2058ac3f8 Add admin route for SSE on get-protected channels
The auth channel does not allow users to get messages (access them over
the internet). Hence, a regular SSE client should not be able to monitor
the events generated on the auth channel. In contrast, an admin host
should be able to monitor the auth events. For that, this patch adds an
/admin/subscribe endpoint that is SSL-authenticated in production, so
only the admin hosts can connect to it.
2023-02-02 17:16:12 -03:00
Blockstream Satellite
50df236d6b Support multiple parallel logical message channels
The same server now can handle multiple logical channels, on which the
transmitter logic runs independently. That is, while previously a single
message would be in transmitting state at a time, now multiple messages
can be in transmitting state as long as they belong to distinct logical
channels.

The supported channels each have different permissions. The user channel
is where users can post, get, and delete messages as needed. In
contrast, the other channels do not grant all permissions to users. Some
are read-only (users can get but not post) and there is a channel (the
auth channel) on which users have no permissions (neither get nor post).

For the channels on which users do not have all permissions (get, post,
and delete), this patch adds admin-specific routes, which are prefixed
by /admin/. The /admin/ route is protected via SSL in production and
allows the admin host to send GET/POST/DELETE requests normally. Hence,
for instance, the admin host can post a message on the auth channel
(with POST /admin/order) and read it (with GET /admin/order) for
transmission over satellite, whereas regulars cannot. With this scheme,
the auth channel messages are accessible exclusively over satellite (and
not over the internet).

The admin routes were added to the following endpoints:
- /order/<uuid> (GET and DELETE requests)
- /order (POST request)
- /orders/<state> (GET request)
- /message/<tx_seq_num> (GET request)

The messages posted by the admin are not paid, so this patch removes the
requirement of invoice generation and payment. Only paid orders now
generate an invoice. Thus, the POST request to the /order/ endpoint does
not return an invoice for non-paid (admin-only) messages.

Also, this patch updates the queue page to display the orders separately
for each channel. The query string channel parameter determines which
channel the page shows.

Finally, this patch updates the events published into the Redis db on
transmission. The event includes the corresponding logical channel so
that SSE events can be subscribed independently for each channel.
2023-02-02 17:16:12 -03:00
Chase Sillevis
f7695da16c
terraform fmt + update DNS description 2022-11-29 16:20:28 +01:00
nitramiz
b4ccd902d3 TF: make staging deploys proactive/prod opportunistic + don't create tor backend service on staging 2022-01-06 09:18:30 -08:00
nitramiz
ead897b77c TF: update tor + clightning
turn on chunked_transfer_encoding on the LB for SSE subscribers
2022-01-06 08:16:30 -08:00
nitramiz
f84e11fa85 TF: fix hidden service 2022-01-05 13:09:53 -08:00
Blockstream Satellite
99a5784a0a tf: Fix API workers service with old daemon script
The former daemon.sh script was replaced by the workers.sh script in
2cfc398. Update on the terraform setup and also rename the service now
that it no longer consists of only Tx-related daemon workers.
2022-01-05 16:45:45 -03:00
Blockstream Satellite
8c91e11cca Remove chunked transfer encoding from nginx conf
This configuration was leading to long delays when receiving SSE
notifications with the demo-rx app.
2021-12-28 10:01:04 -03:00
nitramiz
0fc668d490 tf: update check-containers.sh 2021-09-24 07:48:03 -07:00
nitramiz
71ca226f6b tf: disable google-logging 2021-09-24 07:36:32 -07:00
nitramiz
6b6448437e tf: update prometheus instance 2021-09-02 08:30:19 -07:00
Blockstream Satellite
69b97e9eae Randomize charge api token's getenv fallback value
If the env var is not defined, fall back to a random string. However,
note the random string won't work over gunicorn if using multiple
workers. In this case, it is necessary to define the env var.
2021-07-20 15:05:11 -03:00
nitramiz
608e61692a TF: update check_containers alert 2021-07-20 08:58:03 -07:00
nitramiz
c0c904d7ff TF: move iptables 4500 rule to correct service 2021-07-20 12:28:49 -03:00
nitramiz
ff1081033c TF: rename the tx-daemon and sse services 2021-07-20 12:28:49 -03:00
Blockstream Satellite
095034b7dd TF: Review the api-server and charge service order 2021-07-20 12:28:49 -03:00
nitramiz
a89d2f3e70 TF: systemd services nits 2021-07-20 12:28:49 -03:00
Blockstream Satellite
a6e5102641 TF: change lightningd prom metrics iptables port 2021-07-20 12:28:49 -03:00
Blockstream Satellite
4cf05d45f0 TF: make api-server PROACTIVE 2021-07-20 12:28:49 -03:00
nitramiz
5860c65540 CI: GCR docker auth; rename ionosphere to api-server
TF: add CI service account; add REDIS_URI to services
2021-07-20 12:28:49 -03:00
Blockstream Satellite
afbd02f759 TF: prepare staging 2021-07-20 12:28:28 -03:00
Blockstream Satellite
be67323a24 CI/TF: Updates for python-ported version 2021-07-20 12:28:28 -03:00
Blockstream Satellite
8a332afcb0 TF: cleanup unused postgres service 2021-07-20 12:28:08 -03:00
nitramiz
417b52ad5e
update lightningd to 0.9.3
remove LB autoscaler
2021-03-29 08:10:23 -07:00
nitramiz
a4281072b6 update DNS; output LB's internal IP 2021-02-23 07:23:07 -08:00
nitramiz
c4be27d1cb tf: update auth endpoint 2021-02-22 10:42:49 -08:00
nitramiz
77e920be6f
increase max file size for btc-src orders 2021-01-28 10:16:34 -08:00
Igor Freire
35b61e0685 Handle auth/ and btc-src/ via LB 2021-01-28 07:03:12 -08:00
nitramiz
414341b3fa
tf: update the LB's cert-renewer.service to reload nginx 2020-12-31 07:35:39 -08:00
nitramiz
9c04dd66d0
lower min per byte bid to 1msat/byte 2020-12-07 12:45:48 -08:00
nitramiz
b6ea319c0a
LB gossip order fix 2020-11-04 05:27:29 -08:00
Chase Sillevis
0ab56847c2
more LB patches: /gossip/order protection fix, 2MB upload limit 2020-11-03 10:31:28 +01:00
Chase Sillevis
c9cd6a31ea
nginx lb: also protect /gossip/order 2020-11-02 19:10:18 +01:00
nitramiz
bb0845af89
LB nits 2020-10-29 08:50:58 -07:00
nitramiz
cfe2cf3136
handle /gossip via LB 2020-10-29 08:34:07 -07:00
nitramiz
17aa8c0319 tf: fix interpolation syntax 2020-10-28 08:51:17 -07:00
nitramiz
d1310aac8b
tf: remote-state troubles 2020-01-06 06:36:41 -08:00
nitramiz
f08662c145 nits 2020-01-03 08:11:41 -08:00
nitramiz
609065afc2
typo 2020-01-03 06:36:20 -08:00
nitramiz
d9e32ce561
fixup lightning command + charge lightning dir 2020-01-03 05:57:51 -08:00
nitramiz
9d8018ab4e
terraform: LN node dir structure; literal values vs quotes 2020-01-02 10:58:11 -08:00
nitramiz
a0ac23fcef
typos 2019-09-06 12:24:34 -07:00
nitramiz
11058196de
stop using data image, use private_bucket as CI var 2019-09-06 12:11:53 -07:00
nitramiz
2def7eb263
start using docker-push-latest-if-changed, add plan before each prod/staging deploy, and make prod/staging deploys manual 2019-09-04 17:29:16 -07:00
nitramiz
e351418b0c
tor, prom modules: update indexes 2019-09-03 15:45:10 -07:00
nitramiz
910a73d282
update instance_types + don't always refresh different modules 2019-09-03 15:20:15 -07:00
nitramiz
27c7df9e4c
fix cert-renwer.timer 2019-08-26 09:05:47 -07:00