mirror of
https://github.com/Blockstream/satellite-api.git
synced 2025-02-24 22:16:48 +01:00
357 lines
No EOL
12 KiB
YAML
357 lines
No EOL
12 KiB
YAML
bootcmd:
|
|
- blkid /dev/disk/by-id/google-data || mkfs.ext4 -L data /dev/disk/by-id/google-data
|
|
- mkdir -p /mnt/disks/data
|
|
mounts:
|
|
- [ /dev/disk/by-id/google-data, /mnt/disks/data, auto, "rw,noatime,discard,nobarrier,nodev" ]
|
|
|
|
users:
|
|
- name: bs
|
|
uid: 2000
|
|
|
|
write_files:
|
|
- path: /home/bs/check_containers.sh
|
|
permissions: 0744
|
|
owner: root
|
|
content: |
|
|
#!/bin/bash
|
|
|
|
# Save # and names of running containers
|
|
NUM_CONT=$$(docker ps -q | wc -l)
|
|
RUNNING_CONT="$$(docker ps --format '{{.Names}}' | tr '\n' ', ' | sed -e 's/,$//g')"
|
|
|
|
# If less than 10 are running, send alert to opsgenie
|
|
if [ $${NUM_CONT} != '9' ]
|
|
then
|
|
curl -s -X POST https://api.opsgenie.com/v2/alerts \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: GenieKey ${opsgenie_key}" \
|
|
-d \
|
|
'{
|
|
"message": "Satellite API instance does not have all 9 containers running",
|
|
"alias": "satapi-missing-containers",
|
|
"description":"Currently running '$${NUM_CONT}'/10: '$${RUNNING_CONT}'",
|
|
"tags": ["SatAPI","Critical"],
|
|
"entity":"api.blockstream.space",
|
|
"priority":"P3"
|
|
}'
|
|
else
|
|
echo "'$${NUM_CONT}'/10 containers are running"
|
|
fi
|
|
|
|
- path: /etc/systemd/system/check-containers.service
|
|
permissions: 0644
|
|
owner: root
|
|
content: |
|
|
[Unit]
|
|
Description=Check # of containers every 10 mins
|
|
Wants=check-containers.timer
|
|
After=charge.service
|
|
|
|
[Service]
|
|
ExecStart=/bin/bash /home/bs/check_containers.sh
|
|
|
|
- path: /etc/systemd/system/check-containers.timer
|
|
permissions: 0644
|
|
owner: root
|
|
content: |
|
|
[Unit]
|
|
Description=Run check-containers service every 10 minutes (7 min delay)
|
|
|
|
[Timer]
|
|
OnBootSec=420s
|
|
OnUnitActiveSec=10m
|
|
Persistent=true
|
|
|
|
[Install]
|
|
WantedBy=timers.target
|
|
|
|
- path: /etc/systemd/system/node-exporter.service
|
|
permissions: 0644
|
|
owner: root
|
|
content: |
|
|
[Unit]
|
|
Description=Prometheus node-exporter
|
|
Wants=gcr-online.target docker.service
|
|
After=gcr-online.service docker.service
|
|
|
|
[Service]
|
|
Restart=always
|
|
RestartSec=3
|
|
Environment=HOME=/home/bs
|
|
ExecStartPre=/usr/bin/docker pull ${node_exporter_docker}
|
|
ExecStartPre=/sbin/iptables -A INPUT -m tcp -p tcp --dport 9100 -j ACCEPT
|
|
ExecStart=/usr/bin/docker run \
|
|
--name=node-exporter \
|
|
--network=host \
|
|
--read-only \
|
|
-v /proc:/host/proc:ro \
|
|
-v /sys:/host/sys:ro \
|
|
-v /:/rootfs:ro \
|
|
-v metrics:/metrics:ro \
|
|
-v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro \
|
|
"${node_exporter_docker}" --path.procfs /host/proc --path.sysfs /host/sys --collector.textfile.directory /metrics --collector.filesystem.ignored-mount-points "^/(sys|proc|dev|host|etc($|/))" --collector.systemd
|
|
ExecStop=/usr/bin/docker stop node-exporter
|
|
ExecStopPost=/usr/bin/docker rm node-exporter
|
|
ExecStopPost=/sbin/iptables -D INPUT -m tcp -p tcp --dport 9100 -j ACCEPT
|
|
|
|
- path: /etc/systemd/system/postgres.service
|
|
permissions: 0644
|
|
owner: root
|
|
content: |
|
|
[Unit]
|
|
Description=PostgreSQL Server
|
|
Wants=gcr-online.target docker.service
|
|
After=gcr-online.service docker.service
|
|
|
|
[Service]
|
|
Restart=always
|
|
RestartSec=3
|
|
Environment=HOME=/home/bs
|
|
ExecStartPre=/usr/bin/docker pull ${postgres_docker}
|
|
ExecStartPre=/sbin/iptables -A INPUT -p tcp -s localhost --dport 5432 -j ACCEPT
|
|
ExecStart=/usr/bin/docker run \
|
|
--name=postgres \
|
|
--network=host \
|
|
-v /mnt/disks/data/postgres:/var/lib/postgresql/data/pgdata \
|
|
-e "PGDATA=/var/lib/postgresql/data/pgdata" \
|
|
-e "POSTGRES_USER=${pguser}" \
|
|
-e "POSTGRES_PASSWORD=${pgpass}" \
|
|
"${postgres_docker}" postgres
|
|
ExecStop=/usr/bin/docker stop postgres
|
|
ExecStopPost=/usr/bin/docker rm postgres
|
|
ExecStopPost=/sbin/iptables -D INPUT -p tcp -s localhost --dport 5432 -j ACCEPT
|
|
|
|
- path: /home/bs/bitcoin.conf
|
|
permissions: 0644
|
|
owner: root
|
|
content: |
|
|
rpcuser=${rpcuser}
|
|
rpcpassword=${rpcpass}
|
|
txindex=1
|
|
dbcache=4000
|
|
|
|
- path: /etc/systemd/system/bitcoin.service
|
|
permissions: 0644
|
|
owner: root
|
|
content: |
|
|
[Unit]
|
|
Description=Bitcoin node
|
|
Wants=gcr-online.target
|
|
After=gcr-online.service
|
|
|
|
[Service]
|
|
Restart=always
|
|
RestartSec=3
|
|
Environment=HOME=/home/bs
|
|
ExecStartPre=/usr/bin/docker pull ${bitcoin_docker}
|
|
ExecStart=/usr/bin/docker run \
|
|
--network=host \
|
|
--pid=host \
|
|
--name=bitcoin \
|
|
--log-opt max-size=1g \
|
|
-v /home/bs/bitcoin.conf:/root/.bitcoin/bitcoin.conf:ro \
|
|
-v /mnt/disks/data/${net}:/root/.bitcoin:rw \
|
|
"${bitcoin_docker}" ${bitcoin_cmd}
|
|
ExecStop=/usr/bin/docker exec bitcoin bitcoin-cli stop
|
|
ExecStopPost=/usr/bin/sleep 3
|
|
ExecStopPost=/usr/bin/docker rm -f bitcoin
|
|
|
|
- path: /home/bs/lightning.conf
|
|
permissions: 0644
|
|
owner: root
|
|
content: |
|
|
alias=ionosphere-${net}
|
|
bitcoin-rpcuser=${rpcuser}
|
|
bitcoin-rpcpassword=${rpcpass}
|
|
announce-addr=${announce_addr}
|
|
bind-addr=0.0.0.0
|
|
|
|
- path: /etc/systemd/system/lightning.service
|
|
permissions: 0644
|
|
owner: root
|
|
content: |
|
|
[Unit]
|
|
Description=Lightning node
|
|
Wants=gcr-online.target
|
|
After=bitcoin.service
|
|
|
|
[Service]
|
|
Restart=always
|
|
RestartSec=3
|
|
Environment=HOME=/home/bs
|
|
ExecStartPre=/usr/bin/docker pull ${lightning_docker}
|
|
ExecStartPre=/sbin/iptables -A INPUT -p tcp --dport ${lightning_port} -j ACCEPT
|
|
ExecStartPre=/sbin/iptables -A INPUT -m tcp -p tcp --dport 9900 -j ACCEPT
|
|
ExecStart=/usr/bin/docker run \
|
|
--network=host \
|
|
--pid=host \
|
|
--name=lightning \
|
|
--log-opt max-size=1g \
|
|
-v /home/bs/lightning.conf:/root/.lightning/lightning.conf:ro \
|
|
-v /mnt/disks/data/lightning:/root/.lightning:rw \
|
|
"${lightning_docker}" ${lightning_cmd}
|
|
ExecStop=/usr/bin/docker exec lightning lightning-cli stop
|
|
ExecStopPost=/usr/bin/sleep 3
|
|
ExecStopPost=/usr/bin/docker rm -f lightning
|
|
ExecStopPost=/sbin/iptables -D INPUT -p tcp --dport ${lightning_port} -j ACCEPT
|
|
ExecStopPost=/sbin/iptables -D INPUT -m tcp -p tcp --dport 9900 -j ACCEPT
|
|
|
|
- path: /etc/systemd/system/redis.service
|
|
permissions: 0644
|
|
owner: root
|
|
content: |
|
|
[Unit]
|
|
Description=Redis db for server-side events
|
|
Wants=gcr-online.target
|
|
After=gcr-online.service
|
|
|
|
[Service]
|
|
Restart=always
|
|
RestartSec=3
|
|
Environment=HOME=/home/bs
|
|
ExecStartPre=/usr/bin/docker pull redis:latest
|
|
ExecStartPre=/sbin/iptables -A INPUT -p tcp -s localhost --dport ${redis_port} -j ACCEPT
|
|
ExecStart=/usr/bin/docker run \
|
|
--network=host \
|
|
--pid=host \
|
|
--name=sse-redis-db \
|
|
"redis:latest"
|
|
ExecStop=/usr/bin/docker stop sse-redis-db
|
|
ExecStopPost=/usr/bin/docker rm sse-redis-db
|
|
ExecStopPost=/sbin/iptables -D INPUT -p tcp -s localhost --dport ${redis_port} -j ACCEPT
|
|
|
|
- path: /etc/systemd/system/ionosphere.service
|
|
permissions: 0644
|
|
owner: root
|
|
content: |
|
|
[Unit]
|
|
Description=Ionosphere daemon
|
|
Wants=gcr-online.target
|
|
After=lightning.service
|
|
|
|
[Service]
|
|
Restart=always
|
|
RestartSec=3
|
|
Environment=HOME=/home/bs
|
|
ExecStartPre=/usr/bin/docker pull ${ionosphere_docker}
|
|
ExecStartPre=/sbin/iptables -A INPUT -p tcp -s 10.138.0.0/16 --dport 9292 -j ACCEPT
|
|
ExecStartPre=/sbin/iptables -A INPUT -p tcp -s 10.138.0.0/16 --dport 4500 -j ACCEPT
|
|
ExecStartPre=/usr/bin/docker run \
|
|
--user root \
|
|
-v /mnt/disks/data/ionosphere:/data \
|
|
--entrypoint bash \
|
|
--rm \
|
|
"${ionosphere_docker}" \
|
|
-c 'chown -R ionosphere:ionosphere /data'
|
|
ExecStart=/usr/bin/docker run \
|
|
--network=host \
|
|
--pid=host \
|
|
--name=ionosphere \
|
|
--log-opt max-size=200m \
|
|
--log-opt max-file=3 \
|
|
-v /mnt/disks/data/ionosphere:/data \
|
|
-e "RACK_ENV=production" \
|
|
-e "CHARGE_ROOT=http://api-token:${rpcpass}@localhost:9112" \
|
|
-e "CALLBACK_URI_ROOT=http://localhost:9292" \
|
|
"${ionosphere_docker}"
|
|
ExecStop=/usr/bin/docker stop ionosphere
|
|
ExecStopPost=/usr/bin/docker rm ionosphere
|
|
ExecStopPost=/sbin/iptables -D INPUT -p tcp -s 10.138.0.0/16 --dport 9292 -j ACCEPT
|
|
ExecStopPost=/sbin/iptables -D INPUT -p tcp -s 10.138.0.0/16 --dport 4500 -j ACCEPT
|
|
|
|
- path: /etc/systemd/system/ionosphere-tx.service
|
|
permissions: 0644
|
|
owner: root
|
|
content: |
|
|
[Unit]
|
|
Description=Ionosphere Transmitter daemon
|
|
Wants=gcr-online.target
|
|
After=ionosphere.service
|
|
|
|
[Service]
|
|
Restart=always
|
|
RestartSec=3
|
|
Environment=HOME=/home/bs
|
|
ExecStart=/usr/bin/docker run \
|
|
--network=host \
|
|
--pid=host \
|
|
--name=ionosphere-tx \
|
|
-v /mnt/disks/data/ionosphere:/data \
|
|
-e "RACK_ENV=production" \
|
|
"${ionosphere_docker}" ./docker_entrypoint_transmitter.sh
|
|
ExecStop=/usr/bin/docker stop ionosphere-tx
|
|
ExecStopPost=/usr/bin/docker rm ionosphere-tx
|
|
|
|
- path: /etc/systemd/system/ionosphere-sse.service
|
|
permissions: 0644
|
|
owner: root
|
|
content: |
|
|
[Unit]
|
|
Description=Ionosphere Server-Side Events Server
|
|
Wants=gcr-online.target
|
|
After=redis.service
|
|
|
|
[Service]
|
|
Restart=always
|
|
RestartSec=3
|
|
Environment=HOME=/home/bs
|
|
ExecStartPre=/usr/bin/docker pull ${ionosphere_sse_docker}
|
|
ExecStart=/usr/bin/docker run \
|
|
--network=host \
|
|
--pid=host \
|
|
--name=ionosphere-sse \
|
|
-e "SUB_CHANNELS=transmissions" \
|
|
-e "REDIS_URI=redis://localhost:6379" \
|
|
"${ionosphere_sse_docker}"
|
|
ExecStop=/usr/bin/docker stop ionosphere-sse
|
|
ExecStopPost=/usr/bin/docker rm ionosphere-sse
|
|
|
|
- path: /etc/systemd/system/charge.service
|
|
permissions: 0644
|
|
owner: root
|
|
content: |
|
|
[Unit]
|
|
Description=Charge instance
|
|
Wants=gcr-online.target
|
|
After=ionosphere.service
|
|
|
|
[Service]
|
|
Restart=always
|
|
RestartSec=200
|
|
Environment=HOME=/home/bs
|
|
ExecStartPre=/usr/bin/docker pull ${charge_docker}
|
|
ExecStartPre=/sbin/iptables -A INPUT -p tcp -s localhost --dport 9112 -j ACCEPT
|
|
ExecStart=/usr/bin/docker run \
|
|
--network=host \
|
|
--pid=host \
|
|
--name=charge \
|
|
-v /mnt/disks/data/lightning:/root/.lightning:ro \
|
|
-v /mnt/disks/data/charge:/data:rw \
|
|
-e "API_TOKEN=${rpcpass}" \
|
|
"${charge_docker}" ${charge_cmd}
|
|
ExecStop=/usr/bin/docker stop charge
|
|
ExecStopPost=/usr/bin/docker rm charge
|
|
ExecStopPost=/sbin/iptables -D INPUT -p tcp -s localhost --dport 9112 -j ACCEPT
|
|
|
|
runcmd:
|
|
- systemctl daemon-reload
|
|
- systemctl start bitcoin.service
|
|
- systemctl enable bitcoin.service
|
|
- systemctl start lightning.service
|
|
- systemctl enable lightning.service
|
|
- systemctl start postgres.service
|
|
- systemctl enable postgres.service
|
|
- systemctl start redis.service
|
|
- systemctl enable redis.service
|
|
- systemctl start ionosphere.service
|
|
- systemctl enable ionosphere.service
|
|
- systemctl start ionosphere-tx.service
|
|
- systemctl enable ionosphere-tx.service
|
|
- systemctl start ionosphere-sse.service
|
|
- systemctl enable ionosphere-sse.service
|
|
- systemctl start charge.service
|
|
- systemctl enable charge.service
|
|
- systemctl start node-exporter.service
|
|
- systemctl enable node-exporter.service
|
|
- systemctl start check-containers.timer
|
|
- systemctl enable check-containers.timer |