provision stable upstream seed

Add documentation and scripts to explain the provisioning of a stable
hosted `upstream-seed`.

Fixes #2620.

Signed-off-by: Thomas Scholtes <geigerzaehler@axiom.fm>

docs/infrastructure.md

@@ -165,14 +165,32 @@ END
 docker-compose --env-file upstream-production-config.env -f docker-compose.yml up --detach
 ```
 
+## seed-node instance
+
+The seed node uses the following resources
+* GCE VM `seed-node-2`
+  * Zone `europe-north1-a`
+  * 100GB disk
+  * Ubuntu LTS 21.04
+  * n1-standard-1 (1vCPU, 3.75GB RAM)
+  * Network tag `seed-node`
+* External IP Address `seed-node-2`
+  * bound to the VM instance `seed-node-2`
+  * reachable under `34.88.37.244`
+* Firewall rule `seed-node` to allow traffic to the VM.
+
+The peer address is `hydyq6xmgp3amt44z41n6cbods1osx73j5z6fky5xx4yx33afycyfc@34.88.37.244:8776`.
+
+For more details see the [readme](../infra/seed-node/README.md).
+
 ## seed-node development instance
 
 For upstream-seed testing and development we have another VM. To save costs, we
 start and stop it on demand whenever we need to test something.
 
 Connect to the VM via: `ssh seednode@35.228.122.189`.
 
-The org node uses the following resources
+The seed node uses the following resources
 * GCE VM `seed-node`
   * 4 vCPUs, 4GB RAM, 50GB SSD disk
 * External IP Address `seed-node`

infra/seed-node/README.md

@@ -0,0 +1,44 @@
+# Upstream Seed Node infrastructure
+
+Provides a GCP instance `seed-node-2` running `upstream-seed` in the cloud. The
+Upstream team uses the seed to collaborate.
+
+The peer address is `hydyq6xmgp3amt44z41n6cbods1osx73j5z6fky5xx4yx33afycyfc@34.88.37.244:8776`.
+
+## Configuration
+
+The list of projects the seed node tracks is set in `/etc/upstream-seed.env`.
+
+## Logging
+
+You can find logs for the seed [here](https://cloudlogging.app.goo.gl/AEcmLeCyix5iY4AY8).
+
+## Update the binary
+
+You can update the `upstream-seed` binary to the latest build of the `main`
+branch by running
+
+```bash
+/home/ubuntu/radicle-upstream/infa/seed-node/update-upstream-seed.sh
+```
+
+The script accepts a commit hash as an optional argument. If provided, it
+downloads the binary build for the given commit hash.
+
+## Setup
+
+To setup the instance, first log into the instance.
+
+```bash
+gcloud compute ssh ubuntu@seed-node-2 --zone=europe-north1-a
+```
+
+Then run the following commands
+
+```bash
+git clone https://github.com/radicle-dev/radicle-upstream
+cd radicle-upstream
+sudo infra/seed-node/setup.sh
+```
+
+The setup script can be re-run at a later point to upgrade the deployment.

infra/seed-node/google-cloud-ops-agent-config.yaml

@@ -0,0 +1,20 @@
+# <== Enter custom agent configurations in this file.
+# See https://cloud.google.com/stackdriver/docs/solutions/agents/ops-agent/configuration
+# for more details.
+logging:
+  receivers:
+    journald:
+      type: systemd_journald
+  processors:
+    journald-json:
+      type: parse_json
+      field: MESSAGE
+  service:
+    log_level: error
+    pipelines:
+      default_pipeline:
+        receivers: [journald]
+        processors: [journald-json]
+metrics:
+  service:
+    log_level: error

infra/seed-node/setup.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+# Copyright © 2021 The Radicle Upstream Contributors
+#
+# This file is part of radicle-upstream, distributed under the GPLv3
+# with Radicle Linking Exception. For full terms see the included
+# LICENSE file.
+
+set -euo pipefail
+
+curl -sSO https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh
+sudo bash add-google-cloud-ops-agent-repo.sh --also-install
+
+ln -sf "$(pwd)/infra/seed-node/google-cloud-ops-agent-config.yaml" /etc/google-cloud-ops-agent/config.yaml
+systemctl restart "google-cloud-ops-agent*"
+
+mkdir -p /var/local/upstream-seed
+chown 1000:1000 /var/local/upstream-seed
+
+if [[ ! -f /etc/upstream-seed.env ]]; then
+  cp "$(pwd)/infra/seed-node/upstream-seed.env" /etc
+fi
+
+ln -sf "$(pwd)/infra/seed-node/upstream-seed.service" /etc/systemd/system/
+systemctl daemon-reload
+systemctl enable upstream-seed
+systemctl stop upstream-seed
+
+curl -fsSL \
+  https://storage.googleapis.com/radicle-upstream-build-artifacts/v1/main/x86_64-linux/upstream-seed \
+  -o /usr/local/bin/upstream-seed
+chmod +x /usr/local/bin/upstream-seed
+
+systemctl start upstream-seed

infra/seed-node/update-upstream-seed.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+# Copyright © 2021 The Radicle Upstream Contributors
+#
+# This file is part of radicle-upstream, distributed under the GPLv3
+# with Radicle Linking Exception. For full terms see the included
+# LICENSE file.
+
+set -euo pipefail
+
+if [[ -n "${1:-}" ]]; then
+  path="by-commit/${1}"
+else
+  path="main"
+fi
+
+systemctl stop upstream-seed
+curl -fsSL \
+  "https://storage.googleapis.com/radicle-upstream-build-artifacts/v1/${path}/x86_64-linux/upstream-seed" \
+  -o /usr/local/bin/upstream-seed
+chmod +x /usr/local/bin/upstream-seed
+
+systemctl start upstream-seed

infra/seed-node/upstream-seed.env

@@ -0,0 +1,2 @@
+# Comma-separated list of projects to track
+PROJECTS="rad:git:hnrk8ueib11sen1g9n1xbt71qdns9n4gipw1o"

infra/seed-node/upstream-seed.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Upstream seed node
+
+[Service]
+ExecStart=/usr/local/bin/upstream-seed \
+  --log-json \
+  --rad-home /var/local/upstream-seed \
+  --identity-key /var/local/upstream-seed/identity.key \
+  --project ${PROJECTS}
+EnvironmentFile=/etc/upstream-seed.env
+User=1000
+Group=1000
+
+[Install]
+WantedBy=multi-user.target

scripts/license-header.ts

@@ -103,6 +103,9 @@ function makeLicenseComment(extName: string): string {
   if (extName === ".js" || extName === ".ts" || extName === ".rs") {
     const commentLines = licenseHeaderContent.map(x => `//${x}`);
     return `${commentLines.join("\n")}\n\n`;
+  } else if (extName === ".sh") {
+    const commentLines = licenseHeaderContent.map(x => `#${x}`);
+    return `${commentLines.join("\n")}\n\n`;
   } else if (extName === ".svelte") {
     return `<!--\n${licenseHeaderContent.join("\n")}\n-->\n`;
   } else if (extName === ".css") {

upstream-seed/src/cli.rs

@@ -27,9 +27,14 @@ pub struct Args {
     #[structopt(long, parse(try_from_str = parse_bootstrap))]
     pub bootstrap: Option<Vec<(librad::PeerId, std::net::SocketAddr)>>,
 
-    /// URNs of projects to replicate. May be specified multiple times.
-    #[structopt(long)]
+    /// URNs of projects to replicate. May be specified multiple times or as a comma separated
+    /// list.
+    #[structopt(long, use_delimiter = true)]
     pub project: Vec<link_identities::git::Urn>,
+
+    /// Output logs as JSON.
+    #[structopt(long)]
+    pub log_json: bool,
 }
 
 pub fn from_args() -> Args {

upstream-seed/src/lib.rs

@@ -26,10 +26,10 @@ mod peer;
 
 #[tokio::main(flavor = "multi_thread")]
 pub async fn main() {
-    init_logging();
-
     let args = cli::from_args();
 
+    init_logging(args.log_json);
+
     if let Err(err) = run(args).await {
         tracing::error!(?err, "fatal error");
         std::process::exit(1);
@@ -225,7 +225,7 @@ fn load_or_create_secret_key(path: &std::path::Path) -> anyhow::Result<librad::S
     }
 }
 
-fn init_logging() {
+fn init_logging(log_json: bool) {
     if std::env::var("RUST_BACKTRACE").is_err() {
         std::env::set_var("RUST_BACKTRACE", "full");
     }
@@ -262,12 +262,11 @@ fn init_logging() {
         .with_writer(std::io::stderr)
         .with_env_filter(env_filter);
 
-    match std::env::var("TRACING_FMT").as_deref() {
-        Ok("pretty") => builder.pretty().init(),
-        Ok("compact") => builder.compact().init(),
-        Ok("json") => builder.json().init(),
-        _ => builder.pretty().init(),
-    };
+    if log_json {
+        builder.json().init();
+    } else {
+        builder.pretty().init();
+    }
 }
 
 /// Run [`Future`]s as tasks until a shutdown condition is triggered and collect their result.