Merge pull request #24 from input-output-hk/return-cardano-wallet-nom…

…ad-job Return cardano-wallet nomad job
IntersectMBO · Aug 8, 2022 · 9bbdc89 · 9bbdc89
2 parents 41cb449 + 92b715f
commit 9bbdc89
Show file tree

Hide file tree

Showing 5 changed files with 183 additions and 24 deletions.
diff --git a/nix/cardano/entrypoints.nix b/nix/cardano/entrypoints.nix
@@ -494,33 +494,51 @@ in {
   };
 
   cardano-wallet = writeShellApplication {
-    runtimeInputs = prelude-runtime;
-    debugInputs = [packages.cardano-wallet packages.cardano-cli];
+    runtimeInputs = prelude-runtime ++ [packages.cardano-cli];
+    debugInputs = [packages.cardano-wallet];
     name = "entrypoint";
     text = ''
 
       ${prelude}
 
       DB_DIR="$DATA_DIR/db-''${ENVIRONMENT:-custom}"
 
+      flags=()
+      [ "''${ENVIRONMENT}" == "mainnet" ] && flags+=("--mainnet")
+      [ "''${ENVIRONMENT}" != "mainnet" ] && flags+=(
+        "--testnet-magic" "$(
+          jq -r '.networkMagic' "$(
+            file="$(jq -r '.ShelleyGenesisFile' "$NODE_CONFIG" )"
+            folder="$(dirname "$NODE_CONFIG")"
+            [[ "$file" == /* ]] && echo "$file" || echo "$folder/$file"
+          )"
+        )"
+      )
+
+
+      while ! CARDANO_NODE_SOCKET_PATH="$SOCKET_PATH" cardano-cli query tip "''${flags[@]}"
+      do
+        sleep 30
+        echo Waiting for cardano socket to go live ... >&2
+      done
+
       # Build args array
       args+=("--listen-address" "0.0.0.0")
       args+=("--port" "8090")
       args+=("--node-socket" "$SOCKET_PATH")
       args+=("--database" "$DB_DIR/wallet")
-      # FIXME: consume the node config directly
-      args+=("$(
-        [ "''${ENVIRONMENT}" == "mainnet" ] &&
-          echo "--mainnet" ||
-          echo "--testnet-magic $(
-          jq '.networkMagic' "$(
-            file="$(jq '.ShelleyGenesisFile' "$NODE_CONFIG" )"
+      {
+        if [ "''${ENVIRONMENT}" == "mainnet" ]
+        then
+          args+=("--mainnet")
+        else
+          args+=("--testnet" "$(
+            file="$(jq -r '.ByronGenesisFile' "$NODE_CONFIG" )"
             folder="$(dirname "$NODE_CONFIG")"
             [[ "$file" == /* ]] && echo "$file" || echo "$folder/$file"
-          )"
-        )"
-      )")
-
+          )")
+        fi
+      }
       # Wallet will not export prometheus metrics without also enabling EKG
       export CARDANO_WALLET_EKG_HOST=127.0.0.1
       export CARDANO_WALLET_EKG_PORT=8083

diff --git a/nix/cardano/healthChecks.nix b/nix/cardano/healthChecks.nix
@@ -8,19 +8,14 @@
   inherit (cell) environments library packages;
 in {
   cardano-wallet-network-sync = writeShellApplication {
-    runtimeInputs = [srvaddr nixpkgs.jq nixpkgs.coreutils nixpkgs.curl];
+    runtimeInputs = [nixpkgs.jq nixpkgs.coreutils nixpkgs.curl];
     name = "healthcheck";
     text = ''
-      #!/bin/bash
+      [ -z "''${NOMAD_PORT_wallet:-}" ] && echo "NOMAD_PORT_wallet env var must be set -- aborting" && exit 1
 
-      [ -z "''${WALLET_SRV_FQDN:-}" ] && echo "WALLET_SRV_FQDN env var must be set -- aborting" && exit 1
-      [ -z "''${CARDANO_WALLET_ID:-}" ] && echo "CARDANO_WALLET_ID env var must be set -- aborting" && exit 1
-
-      mapfile -t wallet_urls <<<"$(srvaddr "''${WALLET_SRV_FQDN}")"
-
-      STATUS="$(curl -sf "''${wallet_urls[0]}/v2/wallets/$CARDANO_WALLET_ID" || :)"
-      jq <<<"$STATUS" || :
-      jq -e '.state.status == "ready"' <<<"$STATUS" || exit 1
+      STATUS="$(curl -sf "localhost:$NOMAD_PORT_wallet/v2/network/information" || :)"
+      jq <<< "$STATUS" || :
+      jq -e '.sync_progress.status == "ready"' <<< "$STATUS" || exit 1
     '';
   };
   cardano-submit-api-network-sync = writeShellApplication {

diff --git a/nix/cardano/nomadCharts/cardano-wallet.nix b/nix/cardano/nomadCharts/cardano-wallet.nix
@@ -0,0 +1,145 @@
+{
+  inputs,
+  cell,
+}: let
+  inherit (inputs) data-merge cells;
+  inherit (inputs.nixpkgs) lib;
+  inherit (inputs.nixpkgs) system;
+  inherit (inputs.bitte-cells) vector _utils;
+  inherit (cell) healthChecks constants oci-images;
+  # OCI-Image Namer
+  ociNamer = oci: l.unsafeDiscardStringContext "${oci.imageName}:${oci.imageTag}";
+  l = lib // builtins;
+in
+  {
+    jobname ? "wallet",
+    namespace,
+    datacenters ? ["eu-central-1" "eu-west-1" "us-east-2"],
+    domain,
+    nodeClass,
+    scaling,
+  } @ args: let
+    id = jobname;
+    type = "service";
+    priority = 50;
+    persistanceMount = "/persist";
+    vaultPkiPath = "pki/issue/wallet";
+    consulRolePath = "consul/creds/wallet";
+  in
+    with data-merge; {
+      job.${id} = {
+        inherit namespace datacenters id type priority;
+        # ----------
+        # Scheduling
+        # ----------
+        constraint = [
+          {
+            attribute = "\${node.class}";
+            operator = "=";
+            value = "${nodeClass}";
+          }
+          {
+            attribute = "\${meta.cardano}";
+            operator = "is_set";
+          }
+          {
+            operator = "distinct_hosts";
+            value = "true";
+          }
+        ];
+        spread = [{attribute = "\${node.datacenter}";}];
+        # ----------
+        # Update
+        # ----------
+        update.health_check = "task_states";
+        update.healthy_deadline = "5m0s";
+        update.max_parallel = 1;
+        update.min_healthy_time = "10s";
+        update.progress_deadline = "10m0s";
+        update.stagger = "30s";
+        # ----------
+        # Migrate
+        # ----------
+        migrate.health_check = "checks";
+        migrate.healthy_deadline = "8m20s";
+        migrate.max_parallel = 1;
+        migrate.min_healthy_time = "10s";
+        # ----------
+        # Reschedule
+        # ----------
+        reschedule.delay = "30s";
+        reschedule.delay_function = "exponential";
+        reschedule.max_delay = "1h0m0s";
+        reschedule.unlimited = true;
+        # ----------
+        # Task Groups
+        # ----------
+        group.wallet = let
+          # work-around: we need to get rid of vector first
+          node' = (cell.nomadCharts.cardano-node (args // {jobname = "node";})).job.node.group.cardano;
+          group = l.removeAttrs node' ["task"];
+          node = group // {task.node = node'.task.node;};
+        in
+          merge
+          # task.vector ...
+          (vector.nomadTask.default {
+            inherit namespace;
+            endpoints = [
+              # prometheus metrics for wallet
+              "http://127.0.0.1:8082/metrics"
+              # prometheus metrics for cardano-node
+              "http://127.0.0.1:12798/metrics"
+            ];
+          })
+          (
+            merge node
+            {
+              count = scaling;
+              service = append [
+                (import ./srv-wallet.nix {inherit namespace healthChecks;})
+              ];
+              volume = {
+                "persist-wallet-local" = {
+                  source = "${namespace}-persist-wallet-local";
+                  type = "host";
+                };
+              };
+              network.port.wallet = {to = 8090;};
+              task = {
+                # ----------
+                # Task: Wallet
+                # ----------
+                wallet = {
+                  env.DATA_DIR = persistanceMount;
+                  env.SOCKET_PATH = "/alloc/tmp/node.socket";
+                  template =
+                    _utils.nomadFragments.workload-identity-vault {inherit vaultPkiPath;}
+                    ++ _utils.nomadFragments.workload-identity-vault-consul {inherit consulRolePath;};
+                  env.WORKLOAD_CACERT = "/secrets/tls/ca.pem";
+                  env.WORKLOAD_CLIENT_KEY = "/secrets/tls/key.pem";
+                  env.WORKLOAD_CLIENT_CERT = "/secrets/tls/cert.pem";
+                  config.image = ociNamer oci-images.cardano-wallet;
+                  user = "0:0";
+                  driver = "docker";
+                  kill_signal = "SIGINT";
+                  kill_timeout = "30s";
+                  resources = {
+                    cpu = 2000;
+                    memory = 4096;
+                  };
+                  volume_mount = {
+                    destination = persistanceMount;
+                    propagation_mode = "private";
+                    volume = "persist-wallet-local";
+                  };
+                  vault = {
+                    change_mode = "noop";
+                    env = true;
+                    policies = ["wallet"];
+                  };
+                };
+              };
+            }
+          );
+      };
+    }
diff --git a/nix/cardano/nomadCharts/default.nix b/nix/cardano/nomadCharts/default.nix
@@ -6,4 +6,5 @@
   cardano-node = import ./cardano-node.nix {inherit inputs cell;};
   cardano-db-sync = import ./cardano-db-sync.nix {inherit inputs cell;};
   cardano-faucet = import ./cardano-faucet.nix {inherit inputs cell;};
+  cardano-wallet = import ./cardano-wallet.nix {inherit inputs cell;};
 }
diff --git a/nix/cardano/nomadCharts/srv-wallet.nix b/nix/cardano/nomadCharts/srv-wallet.nix
@@ -20,6 +20,6 @@
     }
   ];
   name = "${namespace}-wallet";
-  port = "8090";
+  port = "wallet";
   tags = ["\${NOMAD_ALLOC_ID}"];
 }