Merge pull request #124 from input-output-hk/prem-sim-rebase

Adds aws premSim
input-output-hk · Jan 26, 2022 · 9542cc7 · 9542cc7
2 parents d511c90 + b13fb73
commit 9542cc7
Show file tree

Hide file tree

Showing 44 changed files with 1,534 additions and 260 deletions.
diff --git a/Gemfile b/Gemfile
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org' do
+  gem 'ed25519'
+  gem 'pry'
+  gem 'rake'
+  gem 'ssh_data'
+  gem 'toml-rb'
+end
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -0,0 +1,30 @@
+GEM
+  specs:
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    citrus (3.0.2)
+    coderay (1.1.3)
+    ed25519 (1.2.4)
+    method_source (1.0.0)
+    pry (0.14.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    rake (13.0.6)
+    ssh_data (1.2.0)
+    toml-rb (2.1.0)
+      citrus (~> 3.0, > 3.0)
+
+PLATFORMS
+  x86_64-linux
+
+DEPENDENCIES
+  ed25519!
+  pry!
+  rake!
+  ssh_data!
+  toml-rb!
+
+BUNDLED WITH
+   2.2.24
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -30,6 +30,11 @@
     cli.inputs.nixpkgs.follows = "nixpkgs-auxiliary";
     cli.inputs.nix.follows = "nix-auxiliary";
 
+    agenix.url = "github:ryantm/agenix";
+    agenix.inputs.nixpkgs.follows = "nixpkgs-auxiliary";
+    agenix-cli.url = "github:cole-h/agenix-cli";
+    agenix-cli.inputs.nixpkgs.follows = "nixpkgs-auxiliary";
+
     ragenix.url = "github:yaxitech/ragenix";
     ragenix.inputs.nixpkgs.follows = "nixpkgs-auxiliary";
 
@@ -115,7 +120,8 @@
       overlay = nixpkgs.lib.composeManyExtensions overlays;
       profiles = lib.mkModules ./profiles;
       nixosModules = (lib.mkModules ./modules) // {
-        agenix = ragenix.nixosModules.age;
+        # Until ready to update to the new age module options
+        # agenix = ragenix.nixosModules.age;
       };
       nixosModule.imports = builtins.attrValues self.nixosModules;
     };

diff --git a/gemset.nix b/gemset.nix
@@ -0,0 +1,84 @@
+{
+  citrus = {
+    groups = ["default"];
+    platforms = [];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0l7nhk3gkm1hdchkzzhg2f70m47pc0afxfpl6mkiibc9qcpl3hjf";
+      type = "gem";
+    };
+    version = "3.0.2";
+  };
+  coderay = {
+    groups = ["default"];
+    platforms = [];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0jvxqxzply1lwp7ysn94zjhh57vc14mcshw1ygw14ib8lhc00lyw";
+      type = "gem";
+    };
+    version = "1.1.3";
+  };
+  ed25519 = {
+    groups = ["default"];
+    platforms = [];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1f5kr8za7hvla38fc0n9jiv55iq62k5bzclsa5kdb14l3r4w6qnw";
+      type = "gem";
+    };
+    version = "1.2.4";
+  };
+  method_source = {
+    groups = ["default"];
+    platforms = [];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1pnyh44qycnf9mzi1j6fywd5fkskv3x7nmsqrrws0rjn5dd4ayfp";
+      type = "gem";
+    };
+    version = "1.0.0";
+  };
+  pry = {
+    dependencies = ["coderay" "method_source"];
+    groups = ["default"];
+    platforms = [];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0m445x8fwcjdyv2bc0glzss2nbm1ll51bq45knixapc7cl3dzdlr";
+      type = "gem";
+    };
+    version = "0.14.1";
+  };
+  rake = {
+    groups = ["default"];
+    platforms = [];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "15whn7p9nrkxangbs9hh75q585yfn66lv0v2mhj6q6dl6x8bzr2w";
+      type = "gem";
+    };
+    version = "13.0.6";
+  };
+  ssh_data = {
+    groups = ["default"];
+    platforms = [];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0p3vaq2fbmlphphqr0yjc5cyzzxjizq4zbxbbw3j2vpgdcmpi6bs";
+      type = "gem";
+    };
+    version = "1.2.0";
+  };
+  toml-rb = {
+    dependencies = ["citrus"];
+    groups = ["default"];
+    platforms = [];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1mrr8c9agmf9l9gs63lnsqzc62x08hj673yix7bjss1kvagwjnsr";
+      type = "gem";
+    };
+    version = "2.1.0";
+  };
+}
diff --git a/lib/clusters.nix b/lib/clusters.nix
@@ -12,12 +12,23 @@ lib.listToAttrs (lib.forEach clusterFiles (file:
       modules = [ file hydrateModule ];
     }).bitteProtoSystem;
 
+    # Separating core and premSim nodes may cause bitte-cli tooling to break.
+    # Currently groupings are viewed as core or awsAsg.
+    # May be able to split premSim nodes out going forward.
+    coreAndPremSimNodes = assert (lib.assertMsg (!builtins.any
+      (e: builtins.elem e (builtins.attrNames _proto.config.cluster.coreNodes))
+      (builtins.attrNames _proto.config.cluster.premSimNodes)) ''
+        ERROR
+        trace: ERROR  -->  premSimNodes may not have the same names as coreNodes
+      '');
+      _proto.config.cluster.premSimNodes // _proto.config.cluster.coreNodes;
+
     coreNodes = lib.mapAttrs (nodeName: coreNode:
       (mkSystem {
         inherit pkgs self inputs nodeName;
         modules = [ { networking.hostName = lib.mkForce nodeName; } file hydrateModule ]
           ++ coreNode.modules;
-      }).bitteAmazonSystem) _proto.config.cluster.coreNodes;
+      }).bitteAmazonSystem) coreAndPremSimNodes;
 
     awsAutoScalingGroups = lib.mapAttrs (nodeName: awsAutoScalingGroup:
       (mkSystem {

diff --git a/lib/mk-system.nix b/lib/mk-system.nix
@@ -35,7 +35,7 @@ let
       ../profiles/auxiliaries/nix.nix
       ../profiles/consul/policies.nix
       # This module purely exists to appease failing assertions on evaluating
-      # the proto system. The protosystem is only used to obtaion the tf config.
+      # the proto system. The protosystem is only used to obtain the tf config.
       ({ lib, ... }: {
         # assertion: The ‘fileSystems’ option does not specify your root file system.
         fileSystems."/" =

diff --git a/lib/mk-system/constants-module.nix b/lib/mk-system/constants-module.nix
@@ -1,16 +1,31 @@
-{ config, ... }: {
+{ config, ... }:
+let
+  deployType = config.currentCoreNode.deployType or config.currentAwsAutoScalingGroup.deployType;
+  domain = config.${if deployType == "aws" then "cluster" else "currentCoreNode"}.domain;
+in {
   _module.args = {
     pkiFiles = {
+      # Common deployType cert files
       caCertFile = "/etc/ssl/certs/ca.pem";
+
+      # "aws" deployType cert files
       certChainFile = "/etc/ssl/certs/full.pem";
       certFile = "/etc/ssl/certs/cert.pem";
       keyFile = "/etc/ssl/certs/cert-key.pem";
+
+      # "prem" and "premSim" deployType cert files
+      clientCertFile = "/etc/ssl/certs/client.pem";
+      clientKeyFile = "/etc/ssl/certs/client-key.pem";
+      clientCertChainFile = "/etc/ssl/certs/client-full.pem";
+      serverCertFile = "/etc/ssl/certs/server.pem";
+      serverKeyFile = "/etc/ssl/certs/server-key.pem";
+      serverCertChainFile = "/etc/ssl/certs/server-full.pem";
     };
 
     letsencryptCertMaterial = {
-      certFile = "/etc/ssl/certs/${config.cluster.domain}-cert.pem";
-      certChainFile = "/etc/ssl/certs/${config.cluster.domain}-full.pem";
-      keyFile = "/etc/ssl/certs/${config.cluster.domain}-key.pem";
+      certFile = "/etc/ssl/certs/${domain}-cert.pem";
+      certChainFile = "/etc/ssl/certs/${domain}-full.pem";
+      keyFile = "/etc/ssl/certs/${domain}-key.pem";
     };
 
     gossipEncryptionMaterial = {