Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F3174474
D12711.id42191.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
13 KB
Referenced Files
None
Subscribers
None
D12711.id42191.diff
View Options
diff --git a/services/terraform/self-host/keyserver_primary.tf b/keyserver_secondary.tf
copy from services/terraform/self-host/keyserver_primary.tf
copy to keyserver_secondary.tf
--- a/services/terraform/self-host/keyserver_primary.tf
+++ b/keyserver_secondary.tf
@@ -1,21 +1,15 @@
locals {
- keyserver_service_image_tag = "1.0"
- keyserver_service_server_image = "wyilio/keyserver:${local.keyserver_service_image_tag}"
- keyserver_service_container_name = "keyserver-primary"
+ keyserver_secondary_container_name = "keyserver-secondary"
}
-resource "aws_cloudwatch_log_group" "ecs_log_group" {
- name = "/ecs/keyserver-primary-task-def"
+resource "aws_cloudwatch_log_group" "keyserver_secondary_service" {
+ name = "/ecs/keyserver-secondary-task-def"
retention_in_days = 7
}
-output "mariadb_address" {
- value = aws_db_instance.mariadb.address
-}
-
-resource "aws_ecs_task_definition" "keyserver_service" {
+resource "aws_ecs_task_definition" "keyserver_secondary_service" {
network_mode = "awsvpc"
- family = "keyserver-primary-task-def"
+ family = "keyserver-secondary-task-def"
requires_compatibilities = ["FARGATE"]
task_role_arn = aws_iam_role.ecs_task_role.arn
execution_role_arn = aws_iam_role.ecs_task_execution.arn
@@ -28,7 +22,7 @@
container_definitions = jsonencode([
{
- name = local.keyserver_service_container_name
+ name = local.keyserver_secondary_container_name
image = local.keyserver_service_server_image
essential = true
portMappings = [
@@ -45,6 +39,10 @@
name = "REDIS_URL"
value = "rediss://${aws_elasticache_serverless_cache.redis.endpoint[0].address}:6379"
},
+ {
+ name = "COMM_NODE_ROLE"
+ value = "secondary"
+ },
{
name = "COMM_LISTEN_ADDR"
value = "0.0.0.0"
@@ -70,17 +68,11 @@
value = "${var.mariadb_password}"
},
{
- name = "COMM_JSONCONFIG_secrets_user_credentials"
+ name = "COMM_JSONCONFIG_secrets_user_credentials"
value = jsonencode({
- "username" : "${var.keyserver_username}",
- "password" : "${var.keyserver_password}",
- "usingIdentityCredentials" : "${var.using_identity_credentials}"
- })
- },
- {
- name = "COMM_JSONCONFIG_facts_webapp_cors"
- value = jsonencode({
- "domain" : "https://web.comm.app"
+ "username": "${var.keyserver_username}",
+ "password": "${var.keyserver_password}",
+ "usingIdentityCredentials": "${var.using_identity_credentials}"
})
},
{
@@ -93,6 +85,12 @@
"proxy" : "none"
})
},
+ {
+ name = "COMM_JSONCONFIG_facts_webapp_cors"
+ value = jsonencode({
+ "domain" : "https://web.comm.app"
+ })
+ },
{
name = "COMM_JSONCONFIG_secrets_identity_service_config",
value = jsonencode({
@@ -110,7 +108,7 @@
"logDriver" = "awslogs"
"options" = {
"awslogs-create-group" = "true"
- "awslogs-group" = aws_cloudwatch_log_group.ecs_log_group.name
+ "awslogs-group" = aws_cloudwatch_log_group.keyserver_secondary_service.name
"awslogs-stream-prefix" = "ecs"
"awslogs-region" = "${var.region}"
}
@@ -129,20 +127,15 @@
skip_destroy = false
}
-resource "aws_ecs_service" "keyserver_primary_service" {
- depends_on = [null_resource.create_comm_database]
-
- name = "keyserver-primary-service"
- cluster = aws_ecs_cluster.keyserver_cluster.id
- task_definition = aws_ecs_task_definition.keyserver_service.arn
- launch_type = "FARGATE"
- enable_execute_command = true
- enable_ecs_managed_tags = true
- force_new_deployment = true
- desired_count = 1
- deployment_maximum_percent = 100
- deployment_minimum_healthy_percent = 0
-
+resource "aws_ecs_service" "keyserver_secondary_service" {
+ name = "keyserver-secondary-service"
+ cluster = aws_ecs_cluster.keyserver_cluster.id
+ task_definition = aws_ecs_task_definition.keyserver_secondary_service.arn
+ launch_type = "FARGATE"
+ enable_execute_command = true
+ enable_ecs_managed_tags = true
+ force_new_deployment = true
+ desired_count = 1
network_configuration {
subnets = [data.aws_subnets.default.ids[0], data.aws_subnets.default.ids[1]]
@@ -152,7 +145,7 @@
load_balancer {
target_group_arn = aws_lb_target_group.keyserver_service.arn
- container_name = local.keyserver_service_container_name
+ container_name = local.keyserver_secondary_container_name
container_port = 3000
}
@@ -161,38 +154,3 @@
rollback = true
}
}
-
-resource "aws_security_group" "keyserver_service" {
- name = "keyserver-service-ecs-sg"
- vpc_id = data.aws_vpc.default.id
-
- # Allow all inbound traffic on port 3000
- ingress {
- from_port = 3000
- to_port = 3000
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- ingress {
- description = "Allow inbound traffic from any IPv6 address"
- from_port = 3000
- to_port = 3000
- protocol = "tcp"
- ipv6_cidr_blocks = ["::/0"]
- }
-
- # Allow all outbound traffic
- egress {
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- lifecycle {
- create_before_destroy = true
- }
-}
-
-
diff --git a/services/terraform/self-host/keyserver_primary.tf b/services/terraform/self-host/keyserver_primary.tf
--- a/services/terraform/self-host/keyserver_primary.tf
+++ b/services/terraform/self-host/keyserver_primary.tf
@@ -1,10 +1,10 @@
locals {
keyserver_service_image_tag = "1.0"
keyserver_service_server_image = "wyilio/keyserver:${local.keyserver_service_image_tag}"
- keyserver_service_container_name = "keyserver-primary"
+ keyserver_primary_container_name = "keyserver-primary"
}
-resource "aws_cloudwatch_log_group" "ecs_log_group" {
+resource "aws_cloudwatch_log_group" "keyserver_primary_service" {
name = "/ecs/keyserver-primary-task-def"
retention_in_days = 7
}
@@ -13,7 +13,7 @@
value = aws_db_instance.mariadb.address
}
-resource "aws_ecs_task_definition" "keyserver_service" {
+resource "aws_ecs_task_definition" "keyserver_primary_service" {
network_mode = "awsvpc"
family = "keyserver-primary-task-def"
requires_compatibilities = ["FARGATE"]
@@ -28,7 +28,7 @@
container_definitions = jsonencode([
{
- name = local.keyserver_service_container_name
+ name = local.keyserver_primary_container_name
image = local.keyserver_service_server_image
essential = true
portMappings = [
@@ -45,6 +45,10 @@
name = "REDIS_URL"
value = "rediss://${aws_elasticache_serverless_cache.redis.endpoint[0].address}:6379"
},
+ {
+ name = "COMM_NODE_ROLE"
+ value = "primary"
+ },
{
name = "COMM_LISTEN_ADDR"
value = "0.0.0.0"
@@ -110,7 +114,7 @@
"logDriver" = "awslogs"
"options" = {
"awslogs-create-group" = "true"
- "awslogs-group" = aws_cloudwatch_log_group.ecs_log_group.name
+ "awslogs-group" = aws_cloudwatch_log_group.keyserver_primary_service.name
"awslogs-stream-prefix" = "ecs"
"awslogs-region" = "${var.region}"
}
@@ -134,7 +138,7 @@
name = "keyserver-primary-service"
cluster = aws_ecs_cluster.keyserver_cluster.id
- task_definition = aws_ecs_task_definition.keyserver_service.arn
+ task_definition = aws_ecs_task_definition.keyserver_primary_service.arn
launch_type = "FARGATE"
enable_execute_command = true
enable_ecs_managed_tags = true
@@ -152,7 +156,7 @@
load_balancer {
target_group_arn = aws_lb_target_group.keyserver_service.arn
- container_name = local.keyserver_service_container_name
+ container_name = local.keyserver_primary_container_name
container_port = 3000
}
diff --git a/services/terraform/self-host/keyserver_primary.tf b/services/terraform/self-host/keyserver_secondary.tf
copy from services/terraform/self-host/keyserver_primary.tf
copy to services/terraform/self-host/keyserver_secondary.tf
--- a/services/terraform/self-host/keyserver_primary.tf
+++ b/services/terraform/self-host/keyserver_secondary.tf
@@ -1,21 +1,15 @@
locals {
- keyserver_service_image_tag = "1.0"
- keyserver_service_server_image = "wyilio/keyserver:${local.keyserver_service_image_tag}"
- keyserver_service_container_name = "keyserver-primary"
+ keyserver_secondary_container_name = "keyserver-secondary"
}
-resource "aws_cloudwatch_log_group" "ecs_log_group" {
- name = "/ecs/keyserver-primary-task-def"
+resource "aws_cloudwatch_log_group" "keyserver_secondary_service" {
+ name = "/ecs/keyserver-secondary-task-def"
retention_in_days = 7
}
-output "mariadb_address" {
- value = aws_db_instance.mariadb.address
-}
-
-resource "aws_ecs_task_definition" "keyserver_service" {
+resource "aws_ecs_task_definition" "keyserver_secondary_service" {
network_mode = "awsvpc"
- family = "keyserver-primary-task-def"
+ family = "keyserver-secondary-task-def"
requires_compatibilities = ["FARGATE"]
task_role_arn = aws_iam_role.ecs_task_role.arn
execution_role_arn = aws_iam_role.ecs_task_execution.arn
@@ -28,7 +22,7 @@
container_definitions = jsonencode([
{
- name = local.keyserver_service_container_name
+ name = local.keyserver_secondary_container_name
image = local.keyserver_service_server_image
essential = true
portMappings = [
@@ -45,6 +39,10 @@
name = "REDIS_URL"
value = "rediss://${aws_elasticache_serverless_cache.redis.endpoint[0].address}:6379"
},
+ {
+ name = "COMM_NODE_ROLE"
+ value = "secondary"
+ },
{
name = "COMM_LISTEN_ADDR"
value = "0.0.0.0"
@@ -77,12 +75,6 @@
"usingIdentityCredentials" : "${var.using_identity_credentials}"
})
},
- {
- name = "COMM_JSONCONFIG_facts_webapp_cors"
- value = jsonencode({
- "domain" : "https://web.comm.app"
- })
- },
{
name = "COMM_JSONCONFIG_facts_keyserver_url"
value = jsonencode({
@@ -93,6 +85,12 @@
"proxy" : "none"
})
},
+ {
+ name = "COMM_JSONCONFIG_facts_webapp_cors"
+ value = jsonencode({
+ "domain" : "https://web.comm.app"
+ })
+ },
{
name = "COMM_JSONCONFIG_secrets_identity_service_config",
value = jsonencode({
@@ -110,7 +108,7 @@
"logDriver" = "awslogs"
"options" = {
"awslogs-create-group" = "true"
- "awslogs-group" = aws_cloudwatch_log_group.ecs_log_group.name
+ "awslogs-group" = aws_cloudwatch_log_group.keyserver_secondary_service.name
"awslogs-stream-prefix" = "ecs"
"awslogs-region" = "${var.region}"
}
@@ -129,20 +127,15 @@
skip_destroy = false
}
-resource "aws_ecs_service" "keyserver_primary_service" {
- depends_on = [null_resource.create_comm_database]
-
- name = "keyserver-primary-service"
- cluster = aws_ecs_cluster.keyserver_cluster.id
- task_definition = aws_ecs_task_definition.keyserver_service.arn
- launch_type = "FARGATE"
- enable_execute_command = true
- enable_ecs_managed_tags = true
- force_new_deployment = true
- desired_count = 1
- deployment_maximum_percent = 100
- deployment_minimum_healthy_percent = 0
-
+resource "aws_ecs_service" "keyserver_secondary_service" {
+ name = "keyserver-secondary-service"
+ cluster = aws_ecs_cluster.keyserver_cluster.id
+ task_definition = aws_ecs_task_definition.keyserver_secondary_service.arn
+ launch_type = "FARGATE"
+ enable_execute_command = true
+ enable_ecs_managed_tags = true
+ force_new_deployment = true
+ desired_count = 1
network_configuration {
subnets = [data.aws_subnets.default.ids[0], data.aws_subnets.default.ids[1]]
@@ -152,7 +145,7 @@
load_balancer {
target_group_arn = aws_lb_target_group.keyserver_service.arn
- container_name = local.keyserver_service_container_name
+ container_name = local.keyserver_secondary_container_name
container_port = 3000
}
@@ -161,38 +154,3 @@
rollback = true
}
}
-
-resource "aws_security_group" "keyserver_service" {
- name = "keyserver-service-ecs-sg"
- vpc_id = data.aws_vpc.default.id
-
- # Allow all inbound traffic on port 3000
- ingress {
- from_port = 3000
- to_port = 3000
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- ingress {
- description = "Allow inbound traffic from any IPv6 address"
- from_port = 3000
- to_port = 3000
- protocol = "tcp"
- ipv6_cidr_blocks = ["::/0"]
- }
-
- # Allow all outbound traffic
- egress {
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- lifecycle {
- create_before_destroy = true
- }
-}
-
-
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Fri, Nov 8, 4:57 PM (8 h, 22 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2444634
Default Alt Text
D12711.id42191.diff (13 KB)
Attached To
Mode
D12711: [terraform] Introduce secondary keyserver service
Attached
Detach File
Event Timeline
Log In to Comment