Page MenuHomePhabricator
Files F3177150

D12711.id42417.diff
No OneTemporary
Actions

D12711.id42417.diff
View Options

diff --git a/services/terraform/self-host/keyserver_primary.tf b/services/terraform/self-host/keyserver_primary.tf
--- a/services/terraform/self-host/keyserver_primary.tf
+++ b/services/terraform/self-host/keyserver_primary.tf
@@ -1,10 +1,10 @@
locals {
keyserver_service_image_tag = "1.0"
keyserver_service_server_image = "wyilio/keyserver:${local.keyserver_service_image_tag}"
- keyserver_service_container_name = "keyserver-primary"
+ keyserver_primary_container_name = "keyserver-primary"
}
-resource "aws_cloudwatch_log_group" "ecs_log_group" {
+resource "aws_cloudwatch_log_group" "keyserver_primary_service" {
name = "/ecs/keyserver-primary-task-def"
retention_in_days = 7
}
@@ -13,7 +13,7 @@
value = aws_db_instance.mariadb.address
}
-resource "aws_ecs_task_definition" "keyserver_service" {
+resource "aws_ecs_task_definition" "keyserver_primary_service" {
network_mode = "awsvpc"
family = "keyserver-primary-task-def"
requires_compatibilities = ["FARGATE"]
@@ -28,7 +28,7 @@
container_definitions = jsonencode([
{
- name = local.keyserver_service_container_name
+ name = local.keyserver_primary_container_name
image = local.keyserver_service_server_image
essential = true
portMappings = [
@@ -45,6 +45,10 @@
name = "REDIS_URL"
value = "rediss://${aws_elasticache_serverless_cache.redis.endpoint[0].address}:6379"
},
+ {
+ name = "COMM_NODE_ROLE"
+ value = "primary"
+ },
{
name = "COMM_LISTEN_ADDR"
value = "0.0.0.0"
@@ -106,7 +110,7 @@
"logDriver" = "awslogs"
"options" = {
"awslogs-create-group" = "true"
- "awslogs-group" = aws_cloudwatch_log_group.ecs_log_group.name
+ "awslogs-group" = aws_cloudwatch_log_group.keyserver_primary_service.name
"awslogs-stream-prefix" = "ecs"
"awslogs-region" = "${var.region}"
}
@@ -130,7 +134,7 @@
name = "keyserver-primary-service"
cluster = aws_ecs_cluster.keyserver_cluster.id
- task_definition = aws_ecs_task_definition.keyserver_service.arn
+ task_definition = aws_ecs_task_definition.keyserver_primary_service.arn
launch_type = "FARGATE"
enable_execute_command = true
enable_ecs_managed_tags = true
@@ -148,7 +152,7 @@
load_balancer {
target_group_arn = aws_lb_target_group.keyserver_service.arn
- container_name = local.keyserver_service_container_name
+ container_name = local.keyserver_primary_container_name
container_port = 3000
}
diff --git a/services/terraform/self-host/keyserver_primary.tf b/services/terraform/self-host/keyserver_secondary.tf
copy from services/terraform/self-host/keyserver_primary.tf
copy to services/terraform/self-host/keyserver_secondary.tf
--- a/services/terraform/self-host/keyserver_primary.tf
+++ b/services/terraform/self-host/keyserver_secondary.tf
@@ -1,21 +1,17 @@
locals {
- keyserver_service_image_tag = "1.0"
- keyserver_service_server_image = "wyilio/keyserver:${local.keyserver_service_image_tag}"
- keyserver_service_container_name = "keyserver-primary"
+ keyserver_secondary_container_name = "keyserver-secondary"
}
-resource "aws_cloudwatch_log_group" "ecs_log_group" {
- name = "/ecs/keyserver-primary-task-def"
+resource "aws_cloudwatch_log_group" "keyserver_secondary_service" {
+ name = "/ecs/keyserver-secondary-task-def"
retention_in_days = 7
}
-output "mariadb_address" {
- value = aws_db_instance.mariadb.address
-}
+resource "aws_ecs_task_definition" "keyserver_secondary_service" {
+ depends_on = [aws_ecs_service.keyserver_primary_service]
-resource "aws_ecs_task_definition" "keyserver_service" {
network_mode = "awsvpc"
- family = "keyserver-primary-task-def"
+ family = "keyserver-secondary-task-def"
requires_compatibilities = ["FARGATE"]
task_role_arn = aws_iam_role.ecs_task_role.arn
execution_role_arn = aws_iam_role.ecs_task_execution.arn
@@ -28,7 +24,7 @@
container_definitions = jsonencode([
{
- name = local.keyserver_service_container_name
+ name = local.keyserver_secondary_container_name
image = local.keyserver_service_server_image
essential = true
portMappings = [
@@ -45,6 +41,10 @@
name = "REDIS_URL"
value = "rediss://${aws_elasticache_serverless_cache.redis.endpoint[0].address}:6379"
},
+ {
+ name = "COMM_NODE_ROLE"
+ value = "secondary"
+ },
{
name = "COMM_LISTEN_ADDR"
value = "0.0.0.0"
@@ -73,12 +73,6 @@
name = "COMM_JSONCONFIG_secrets_user_credentials"
value = jsonencode(var.keyserver_user_credentials)
},
- {
- name = "COMM_JSONCONFIG_facts_webapp_cors"
- value = jsonencode({
- "domain" : "https://web.comm.app"
- })
- },
{
name = "COMM_JSONCONFIG_facts_keyserver_url"
value = jsonencode({
@@ -89,6 +83,12 @@
"proxy" : "none"
})
},
+ {
+ name = "COMM_JSONCONFIG_facts_webapp_cors"
+ value = jsonencode({
+ "domain" : "https://web.comm.app"
+ })
+ },
{
name = "COMM_JSONCONFIG_secrets_identity_service_config",
value = jsonencode({
@@ -106,7 +106,7 @@
"logDriver" = "awslogs"
"options" = {
"awslogs-create-group" = "true"
- "awslogs-group" = aws_cloudwatch_log_group.ecs_log_group.name
+ "awslogs-group" = aws_cloudwatch_log_group.keyserver_secondary_service.name
"awslogs-stream-prefix" = "ecs"
"awslogs-region" = "${var.region}"
}
@@ -125,20 +125,17 @@
skip_destroy = false
}
-resource "aws_ecs_service" "keyserver_primary_service" {
- depends_on = [null_resource.create_comm_database]
-
- name = "keyserver-primary-service"
- cluster = aws_ecs_cluster.keyserver_cluster.id
- task_definition = aws_ecs_task_definition.keyserver_service.arn
- launch_type = "FARGATE"
- enable_execute_command = true
- enable_ecs_managed_tags = true
- force_new_deployment = true
- desired_count = 1
- deployment_maximum_percent = 100
- deployment_minimum_healthy_percent = 0
+resource "aws_ecs_service" "keyserver_secondary_service" {
+ depends_on = [aws_ecs_service.keyserver_primary_service]
+ name = "keyserver-secondary-service"
+ cluster = aws_ecs_cluster.keyserver_cluster.id
+ task_definition = aws_ecs_task_definition.keyserver_secondary_service.arn
+ launch_type = "FARGATE"
+ enable_execute_command = true
+ enable_ecs_managed_tags = true
+ force_new_deployment = true
+ desired_count = 1
network_configuration {
subnets = local.vpc_subnets
@@ -148,7 +145,7 @@
load_balancer {
target_group_arn = aws_lb_target_group.keyserver_service.arn
- container_name = local.keyserver_service_container_name
+ container_name = local.keyserver_secondary_container_name
container_port = 3000
}
@@ -157,38 +154,3 @@
rollback = true
}
}
-
-resource "aws_security_group" "keyserver_service" {
- name = "keyserver-service-ecs-sg"
- vpc_id = local.vpc_id
-
- # Allow all inbound traffic on port 3000
- ingress {
- from_port = 3000
- to_port = 3000
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- ingress {
- description = "Allow inbound traffic from any IPv6 address"
- from_port = 3000
- to_port = 3000
- protocol = "tcp"
- ipv6_cidr_blocks = ["::/0"]
- }
-
- # Allow all outbound traffic
- egress {
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- lifecycle {
- create_before_destroy = true
- }
-}
-
-

File Metadata

Mime Type
text/plain
Expires
Fri, Nov 8, 10:40 PM (14 h, 3 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2446565
Default Alt Text
D12711.id42417.diff (8 KB)

Event Timeline