diff --git a/services/terraform/self-host/keyserver_secondary.tf b/services/terraform/self-host/keyserver_secondary.tf index 42f97e974..b47395276 100644 --- a/services/terraform/self-host/keyserver_secondary.tf +++ b/services/terraform/self-host/keyserver_secondary.tf @@ -1,160 +1,160 @@ locals { keyserver_secondary_container_name = "keyserver-secondary" } resource "aws_cloudwatch_log_group" "keyserver_secondary_service" { name = "/ecs/keyserver-secondary-task-def" retention_in_days = 7 } resource "aws_ecs_task_definition" "keyserver_secondary_service" { depends_on = [aws_ecs_service.keyserver_primary_service] network_mode = "awsvpc" family = "keyserver-secondary-task-def" requires_compatibilities = ["FARGATE"] task_role_arn = aws_iam_role.ecs_task_role.arn execution_role_arn = aws_iam_role.ecs_task_execution.arn cpu = "2048" memory = "4096" ephemeral_storage { size_in_gib = 40 } container_definitions = jsonencode([ { name = local.keyserver_secondary_container_name image = local.keyserver_service_server_image essential = true portMappings = [ { name = "keyserver-port" containerPort = 3000 hostPort = 3000, protocol = "tcp" }, ] environment = [ { name = "REDIS_URL" value = "rediss://${aws_elasticache_serverless_cache.redis.endpoint[0].address}:6379" }, { name = "COMM_NODE_ROLE" value = "secondary" }, { name = "COMM_LISTEN_ADDR" value = "0.0.0.0" }, { name = "COMM_DATABASE_HOST" value = "${aws_db_instance.mariadb.address}" }, { name = "COMM_DATABASE_DATABASE" value = "comm" }, { name = "COMM_DATABASE_PORT" value = "3307" }, { name = "COMM_DATABASE_USER" value = "${var.mariadb_username}" }, { name = "COMM_DATABASE_PASSWORD" value = "${var.mariadb_password}" }, { name = "COMM_JSONCONFIG_secrets_user_credentials" value = jsonencode(var.keyserver_user_credentials) }, { name = "COMM_JSONCONFIG_facts_keyserver_url" value = jsonencode({ "baseDomain" : "https://${var.domain_name}", "basePath" : "/", "baseRoutePath" : "/", "https" : true, "proxy" : "aws" }) }, { name = "COMM_JSONCONFIG_facts_webapp_cors" value = jsonencode({ "domain" : "https://web.comm.app" }) }, { name = "COMM_JSONCONFIG_facts_tunnelbroker", value = jsonencode({ "url" : "${var.tunnelbroker_url}" }) }, { name = "COMM_JSONCONFIG_secrets_identity_service_config", value = jsonencode({ "identitySocketAddr" : "${var.identity_socket_address}" }) }, { name = "COMM_JSONCONFIG_facts_authoritative_keyserver", value = jsonencode(var.authoritative_keyserver_config), } ] logConfiguration = { "logDriver" = "awslogs" "options" = { "awslogs-create-group" = "true" "awslogs-group" = aws_cloudwatch_log_group.keyserver_secondary_service.name "awslogs-stream-prefix" = "ecs" "awslogs-region" = "${var.region}" } } linuxParameters = { initProcessEnabled = true } } ]) runtime_platform { cpu_architecture = "ARM64" operating_system_family = "LINUX" } skip_destroy = false } resource "aws_ecs_service" "keyserver_secondary_service" { depends_on = [aws_ecs_service.keyserver_primary_service] name = "keyserver-secondary-service" cluster = aws_ecs_cluster.keyserver_cluster.id task_definition = aws_ecs_task_definition.keyserver_secondary_service.arn launch_type = "FARGATE" enable_execute_command = true enable_ecs_managed_tags = true force_new_deployment = true - desired_count = 1 + desired_count = var.desired_secondary_nodes network_configuration { subnets = local.vpc_subnets security_groups = [aws_security_group.keyserver_service.id] assign_public_ip = true } load_balancer { target_group_arn = aws_lb_target_group.keyserver_service.arn container_name = local.keyserver_secondary_container_name container_port = 3000 } deployment_circuit_breaker { enable = true rollback = true } } diff --git a/services/terraform/self-host/variables.tf b/services/terraform/self-host/variables.tf index 51b2ff942..3bf3a385f 100644 --- a/services/terraform/self-host/variables.tf +++ b/services/terraform/self-host/variables.tf @@ -1,79 +1,85 @@ variable "keyserver_user_credentials" { description = "Credentials for user authentication" type = object({ username = string password = string usingIdentityCredentials = optional(bool) force = optional(bool) }) } variable "domain_name" { description = "Domain name for your keyserver" type = string } variable "mariadb_username" { description = "MariaDB username" type = string sensitive = true } variable "mariadb_password" { description = "MariaDB password" type = string sensitive = true } variable "region" { description = "The AWS region to deploy your keyserver in" type = string default = "us-west-1" } variable "allowed_ip" { description = "IP address" type = string } variable "user_created_vpc" { description = "Use non-default vpc and subnets" } variable "authoritative_keyserver_config" { description = "Authoritative keyserver user id" type = object({ authoritativeKeyserverID = optional(string) }) default = {} } variable "availability_zone_1" { description = "First availability zone for vpc subnet if user created vpc" type = string default = "us-west-1b" } variable "availability_zone_2" { description = "Second availability zone for vpc subnet if user created vpc" type = string default = "us-west-1c" } variable "identity_socket_address" { description = "The socket address to access the identity service" type = string default = "https://identity.commtechnologies.org:50054" } variable "tunnelbroker_url" { description = "The address to access the tunnelbroker service" type = string default = "wss://tunnelbroker.commtechnologies.org:51001" } variable "db_instance_class" { description = "The instance class for the MariaDB RDS instance" type = string default = "db.t4g.medium" } + +variable "desired_secondary_nodes" { + description = "Desired number of secondary nodes" + type = number + default = 1 +}