Adds changes from the incentivized testnet

input-output-hk · Nov 11, 2019 · fb7a60d · fb7a60d
1 parent 3738c87
commit fb7a60d
Show file tree

Hide file tree

Showing 9 changed files with 147 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -0,0 +1,19 @@
+# Deployment Tips
+
+* File `.envrc` needs to be created for each deployment.  See examples dir.
+* Run `direnv allow` to enable direnv to load the `.envrc` file
+* File `globals.nix` needs to be created for each deployment.  See examples dir.
+* File `deployments/${NIXOPS_DEPLOYMENT}.nix` needs to be created for the deployment.
+* File `clusters/${NIXOPS_DEPLOYMENT}.nix` needs to be created for the deployment.
+* Niv update any source repos as needed
+* Create the secrets dir populated with any required secrets
+* Create the static dir and populate with any required keys using the `genesis-generator` tool
+* Update the public IDs in the secrets dir with the `scripts/update-jormungandr-public-ids.rb` tool
+* Create the nixops clusters with the required params:
+
+```
+nixops create -d $NIXOPS_DEPLOYMENT -I nixpkgs=./nix deployments/${NIXOPS_DEPLOYMENT}.nix
+nixops --arg globals 'import ../globals.nix'
+```
+
+* Deploy as needed, utilizing scripts from the `scripts` folder if desired
diff --git a/clusters/jormungandr-incentivized.nix b/clusters/jormungandr-incentivized.nix
@@ -0,0 +1,53 @@
+{ targetEnv, tiny, medium, large }:
+let
+  mkNodes = import ../nix/mk-nodes.nix { inherit targetEnv; };
+  pkgs = import ../nix { };
+  lib = pkgs.lib;
+
+  mkStakes = region: amount: {
+    inherit amount;
+    imports = [ medium ../roles/jormungandr-stake.nix ];
+    deployment.ec2.region = region;
+    node.isStake = true;
+  };
+
+  mkRelays = region: amount: {
+    inherit amount;
+    imports = [ medium ../roles/jormungandr-relay.nix ];
+    deployment.ec2.region = region;
+    node.isRelay = true;
+  };
+
+  nodes = mkNodes {
+    monitoring = {
+      imports = [ large ../roles/monitor.nix ];
+      deployment.ec2.region = "eu-central-1";
+      node.isMonitoring = true;
+    };
+
+    explorer = {
+      imports = [ medium ../roles/jormungandr-explorer.nix ];
+      deployment.ec2.region = "eu-central-1";
+      node.isExplorer = true;
+      node.isRelay = true;
+    };
+
+    #faucet = {
+    #  imports = [ medium ../roles/jormungandr-faucet.nix ];
+    #  deployment.ec2.region = "eu-central-1";
+    #  node.isFaucet = true;
+    #  node.isRelay = true;
+    #};
+
+    stake-a = mkStakes "us-west-1" 1;
+    stake-b = mkStakes "ap-northeast-1" 1;
+    stake-c = mkStakes "eu-central-1" 1;
+
+    relay-a = mkRelays "us-west-1" 2;
+    relay-b = mkRelays "ap-northeast-1" 2;
+    relay-c = mkRelays "eu-central-1" 3;
+  };
+in {
+  network.description = "Jormungandr Incentivized";
+  network.enableRollback = true;
+} // nodes
diff --git a/deployments/jormungandr-incentivized.nix b/deployments/jormungandr-incentivized.nix
@@ -0,0 +1,55 @@
+{ globals ? import ./globals.nix, ... }:
+let
+  inherit (globals.ec2) credentials;
+  inherit (credentials) accessKeyId;
+  inherit (import ../nix { }) lib;
+  inherit (lib)
+    attrValues filter filterAttrs flatten foldl' hasAttrByPath listToAttrs
+    mapAttrs' nameValuePair recursiveUpdate unique;
+
+  cluster = import ../clusters/jormungandr-incentivized.nix {
+    targetEnv = "ec2";
+    tiny = ../physical/aws/t3a.small.nix;
+    medium = ../physical/aws/t3a.medium.nix;
+    large = ../physical/aws/t3.xlarge.nix;
+  };
+
+  nodes = filterAttrs (name: node:
+    ((node.deployment.targetEnv or null) == "ec2")
+    && ((node.deployment.ec2.region or null) != null)) cluster;
+
+  regions =
+    unique (map (node: node.deployment.ec2.region) (attrValues nodes));
+
+  securityGroupFiles = [
+    ../physical/aws/security-groups/allow-deployer-ssh.nix
+    ../physical/aws/security-groups/allow-graylog-nodes.nix
+    ../physical/aws/security-groups/allow-jormungandr.nix
+    ../physical/aws/security-groups/allow-monitoring-collection.nix
+    ../physical/aws/security-groups/allow-public-www-https.nix
+  ];
+
+  importSecurityGroup = region: file:
+    import file { inherit lib region accessKeyId nodes; };
+
+  mkEC2SecurityGroup = region:
+    foldl' recursiveUpdate { }
+    (map (importSecurityGroup region) securityGroupFiles);
+
+  settings = {
+    resources = {
+      ec2SecurityGroups =
+        foldl' recursiveUpdate { } (map mkEC2SecurityGroup regions);
+
+      elasticIPs = mapAttrs' (name: node:
+        nameValuePair "${name}-ip" {
+          inherit accessKeyId;
+          inherit (node.deployment.ec2) region;
+        }) nodes;
+
+      ec2KeyPairs = __listToAttrs (map (region:
+        nameValuePair "jormungandr-${region}" { inherit region accessKeyId; })
+        regions);
+    };
+  };
+in cluster // settings
diff --git a/examples/DOTenvrc b/examples/DOTenvrc
@@ -0,0 +1,14 @@
+# This is an example file for `.envrc` that should live in the root dir
+use nix
+
+watch_file nix/*
+
+export NIXOPS_DEPLOYMENT=$NIXOPS_DEPLOYMENT
+
+export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY
+export PACKET_API_KEY=$PACKET_API_KEY
+export PACKET_PROJECT_ID=$PACKET_PROJECT_ID
+
+export NIX_PATH="nixpkgs=$(nix eval '(import ./nix {}).path')"
+export EDITOR=~/$USER/result/bin/vim
+export GITHUB_TOKEN=$GITHUB_TOKEN
diff --git a/modules/common.nix b/modules/common.nix
@@ -100,6 +100,6 @@ in {
   }];
 
   deployment.ec2.securityGroups = [
-    resources.ec2SecurityGroups."allow-graylog-${config.node.region}"
+    resources.ec2SecurityGroups."allow-graylog-nodes-${config.node.region}"
   ];
 }
diff --git a/nix/mk-nodes.nix b/nix/mk-nodes.nix
@@ -7,6 +7,7 @@ let
 
   pp = v: __trace (__toJSON v) v;
 
+  # defs: passed from clusters/jormungandr-$CLUSTER.nix as the node defs
   mkNodes = defs:
     listToAttrs (foldl foldNodes {
       stakeKeys = allStakeKeys;

diff --git a/physical/aws/security-groups/allow-graylog-nodes.nix b/physical/aws/security-groups/allow-graylog-nodes.nix
@@ -2,10 +2,10 @@
 let
   inherit (lib) foldl' recursiveUpdate mapAttrs' nameValuePair flip;
 in flip mapAttrs' nodes (name: node:
-  nameValuePair "allow-graylog-${name}-${region}" ({resources, ...}: {
+  nameValuePair "allow-graylog-nodes-${region}" ({resources, ...}: {
     inherit region accessKeyId;
     _file = ./allow-graylog-nodes.nix;
-    description = "Allow Graylog ${name} ${region}";
+    description = "Allow Graylog nodes ${region}";
     rules = [{
       protocol = "tcp"; # all
       fromPort = 5044;

diff --git a/scripts/gen-grafana-creds.nix b/scripts/gen-grafana-creds.nix
@@ -7,7 +7,7 @@ pkgs.stdenv.mkDerivation {
     defaultUser="root"                   # Default administrative user
     password="${toString password}"      # password supplied by cli arg
     passwordChar="32"                    # Default grafana password length
-    staticPath=${toString ../static}     # Absolute path to the static dir
+    staticPath=${toString ../secrets}    # Absolute path to the static dir
     user="${toString user}"              # user supplied by cli arg
 
     if [[ -e "$staticPath/$credsFilename" ]]; then

diff --git a/scripts/gen-graylog-creds.nix b/scripts/gen-graylog-creds.nix
@@ -10,7 +10,7 @@ pkgs.mkShell {
     password="${toString password}"      # password supplied by cli arg
     passwordChar="32"                    # Default graylog password length
     passwordHash=""                      # Sha256 hash of the plaintext password
-    staticPath=${toString ../static}     # Absolute path to the static dir
+    staticPath=${toString ../secrets}    # Absolute path to the static dir
     user="${toString user}"              # user supplied by cli arg
 
     if [[ -e "$staticPath/$credsFilename" ]]; then