From 0cd0ae4e69cf2c4fe6b1e23034de8125a0bf6175 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Raynaud Date: Fri, 4 Nov 2022 14:54:27 +0100 Subject: [PATCH 1/4] Add infra disk snapshot retention policy --- mithril-infra/main.vm.tf | 4 ++++ mithril-infra/variables.tf | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/mithril-infra/main.vm.tf b/mithril-infra/main.vm.tf index 13fffa622b0..5738263f47a 100644 --- a/mithril-infra/main.vm.tf +++ b/mithril-infra/main.vm.tf @@ -59,6 +59,10 @@ resource "google_compute_resource_policy" "policy" { start_time = "04:00" } } + retention_policy { + max_retention_days = var.google_snapshot_max_retention_days + on_source_disk_delete = "KEEP_AUTO_SNAPSHOTS" + } } } diff --git a/mithril-infra/variables.tf b/mithril-infra/variables.tf index 025c5086b2a..6e28fc9b842 100644 --- a/mithril-infra/variables.tf +++ b/mithril-infra/variables.tf @@ -48,6 +48,12 @@ variable "google_storage_bucket_max_age" { default = 14 } +variable "google_snapshot_max_retention_days" { + type = number + description = "Number of days after a disk snapshot is dropped" + default = 30 +} + locals { google_service_credentials_json_file_decoded = jsondecode(file(var.google_service_credentials_json_file)) google_service_account_private_key = local.google_service_credentials_json_file_decoded.private_key From 3ab367e038fdd0d2b3930dc617b878395bb2b9c0 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Raynaud Date: Fri, 4 Nov 2022 15:04:56 +0100 Subject: [PATCH 2/4] Add custom setup VM boot disk VM disk can be restored from image or from snapshot. Warning: Manual snapshot/restore operation may be necessary for live environments to avoid data loss (as terraform considers vm disk must be replaced). --- mithril-infra/main.vm.tf | 19 ++++++++++++++----- mithril-infra/variables.tf | 24 ++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 5 deletions(-) diff --git a/mithril-infra/main.vm.tf b/mithril-infra/main.vm.tf index 5738263f47a..8cbece6ad97 100644 --- a/mithril-infra/main.vm.tf +++ b/mithril-infra/main.vm.tf @@ -31,10 +31,7 @@ resource "google_compute_instance" "vm_instance" { metadata_startup_script = file("./assets/startup-vm.sh") boot_disk { - initialize_params { - size = 200 - image = "ubuntu-os-cloud/ubuntu-2204-lts" - } + source = google_compute_disk.boot.name } network_interface { @@ -45,6 +42,18 @@ resource "google_compute_instance" "vm_instance" { } } +resource "google_compute_disk" "boot" { + name = "${local.environment_name}-boot" + type = var.google_compute_instance_boot_disk_type + zone = var.google_zone + size = var.google_compute_instance_boot_disk_size + image = var.google_compute_instance_boot_disk_image + snapshot = var.google_compute_instance_boot_disk_snapshot + labels = { + environment = local.environment_name + } +} + resource "google_compute_address" "mithril-external-address" { name = "${local.environment_name}-ip" } @@ -68,6 +77,6 @@ resource "google_compute_resource_policy" "policy" { resource "google_compute_disk_resource_policy_attachment" "attachment" { name = google_compute_resource_policy.policy.name - disk = google_compute_instance.vm_instance.name + disk = google_compute_disk.boot.name zone = var.google_zone } diff --git a/mithril-infra/variables.tf b/mithril-infra/variables.tf index 6e28fc9b842..586d56a99fc 100644 --- a/mithril-infra/variables.tf +++ b/mithril-infra/variables.tf @@ -37,6 +37,30 @@ variable "google_machine_type" { default = "e2-medium" } +variable "google_compute_instance_boot_disk_size" { + type = number + description = "Size of the boot disk in GB" + default = 200 +} + +variable "google_compute_instance_boot_disk_type" { + type = string + description = "Type of disk" + default = "pd-standard" +} + +variable "google_compute_instance_boot_disk_image" { + type = string + description = "Image of the boot disk" + default = "ubuntu-os-cloud/ubuntu-2204-lts" +} + +variable "google_compute_instance_boot_disk_snapshot" { + type = string + description = "Snapshot used to restore the boot disk" + default = "" +} + variable "google_service_credentials_json_file" { type = string description = "The credentials of the GCP service account" From 4f21ea0f00eaa901bc15b3f55f544f67233eb97a Mon Sep 17 00:00:00 2001 From: Jean-Philippe Raynaud Date: Fri, 4 Nov 2022 16:53:26 +0100 Subject: [PATCH 3/4] Add unverified signer light resource This Mithril signer node does not connect to its own Cardano node, but on the Mithril Aggregator node instead. --- .github/workflows/ci.yml | 1 + .github/workflows/pre-release.yml | 1 + .github/workflows/release.yml | 1 + ...ocker-compose-signer-unverified-light.yaml | 38 +++++++++++++++++++ .../docker-compose-signer-unverified.yaml | 8 ++-- mithril-infra/mithril.signer.tf | 2 +- mithril-infra/variables.tf | 2 + 7 files changed, 49 insertions(+), 4 deletions(-) create mode 100644 mithril-infra/assets/docker/docker-compose-signer-unverified-light.yaml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b8b6462778a..e7309d00482 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -381,6 +381,7 @@ jobs: mithril_signers: | { "1" = { + type = "unverified" pool_id = "pool18r62tz408lkgfu6pq5svwzkh2vslkeg6mf72qf3h8njgvzhx9ce", }, } diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml index 63dc9e24d44..82dab4c4c0c 100644 --- a/.github/workflows/pre-release.yml +++ b/.github/workflows/pre-release.yml @@ -163,6 +163,7 @@ jobs: mithril_signers: | { "1" = { + type = "unverified" pool_id = "pool18r62tz408lkgfu6pq5svwzkh2vslkeg6mf72qf3h8njgvzhx9ce", }, } diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 393a7083edd..0e5f0271be7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -79,6 +79,7 @@ jobs: mithril_signers: | { "1" = { + type = "unverified" pool_id = "pool1zr907nmfsq5kalxdjju349nwg6f03lyfmcjfqcz52jf45gcgh03", }, } diff --git a/mithril-infra/assets/docker/docker-compose-signer-unverified-light.yaml b/mithril-infra/assets/docker/docker-compose-signer-unverified-light.yaml new file mode 100644 index 00000000000..6f78f8f341b --- /dev/null +++ b/mithril-infra/assets/docker/docker-compose-signer-unverified-light.yaml @@ -0,0 +1,38 @@ +# Unverified Mithril Signer node running on top of shared Cardano node (from Mithril Aggregator) + +version: "3.9" + +services: + mithril-signer: + image: ghcr.io/input-output-hk/mithril-signer:${IMAGE_ID} + container_name: mithril-signer-${SIGNER_ID} + restart: always + user: ${CURRENT_UID} + profiles: + - mithril + - all + environment: + - RUST_BACKTRACE=1 + - AGGREGATOR_ENDPOINT=http://mithril-aggregator:8080/aggregator + - NETWORK=${NETWORK} + - PARTY_ID=${PARTY_ID} + - RUN_INTERVAL=120000 + - DB_DIRECTORY=/mithril-aggregator/cardano/db + - DATA_STORES_DIRECTORY=/mithril-signer-${SIGNER_ID}/mithril/stores + - STORE_RETENTION_LIMIT=5 + - CARDANO_NODE_SOCKET_PATH=/ipc/node.socket + - CARDANO_CLI_PATH=/app/bin/cardano-cli + volumes: + - ../data/${NETWORK}/mithril-signer-${SIGNER_ID}/mithril:/mithril-signer-${SIGNER_ID}/mithril + - ../data/${NETWORK}/mithril-aggregator/cardano/db:/mithril-aggregator/cardano/db + - ../data/${NETWORK}/mithril-aggregator/cardano/ipc:/ipc + logging: + driver: "json-file" + options: + max-size: "100m" + max-file: "5" + +networks: + default: + external: + name: mithril_network diff --git a/mithril-infra/assets/docker/docker-compose-signer-unverified.yaml b/mithril-infra/assets/docker/docker-compose-signer-unverified.yaml index cc77a9f64f4..f8080a26b71 100644 --- a/mithril-infra/assets/docker/docker-compose-signer-unverified.yaml +++ b/mithril-infra/assets/docker/docker-compose-signer-unverified.yaml @@ -1,3 +1,5 @@ +# Unverified Mithril Signer node running on top of its own Cardano node + version: "3.9" services: @@ -47,15 +49,15 @@ services: - AGGREGATOR_ENDPOINT=http://mithril-aggregator:8080/aggregator - NETWORK=${NETWORK} - PARTY_ID=${PARTY_ID} - - RUN_INTERVAL=240000 - - DB_DIRECTORY=/db + - RUN_INTERVAL=120000 + - DB_DIRECTORY=/mithril-signer-${SIGNER_ID}/cardano/db - DATA_STORES_DIRECTORY=/mithril-signer-${SIGNER_ID}/mithril/stores - STORE_RETENTION_LIMIT=5 - CARDANO_NODE_SOCKET_PATH=/ipc/node.socket - CARDANO_CLI_PATH=/app/bin/cardano-cli volumes: - ../data/${NETWORK}/mithril-signer-${SIGNER_ID}/mithril:/mithril-signer-${SIGNER_ID}/mithril - - ../data/${NETWORK}/mithril-signer-${SIGNER_ID}/cardano/db:/db + - ../data/${NETWORK}/mithril-signer-${SIGNER_ID}/cardano/db:/mithril-signer-${SIGNER_ID}/cardano/db - ../data/${NETWORK}/mithril-signer-${SIGNER_ID}/cardano/ipc:/ipc logging: driver: "json-file" diff --git a/mithril-infra/mithril.signer.tf b/mithril-infra/mithril.signer.tf index 0d3b283e643..d514a5650a3 100644 --- a/mithril-infra/mithril.signer.tf +++ b/mithril-infra/mithril.signer.tf @@ -34,7 +34,7 @@ resource "null_resource" "mithril_signer" { "export IMAGE_ID=${var.mithril_image_id}", "export CURRENT_UID=$(id -u)", "export DOCKER_GID=$(getent group docker | cut -d: -f3)", - "docker-compose -p $SIGNER_ID -f /home/curry/docker/docker-compose-signer-unverified.yaml --profile all up -d", + "docker-compose -p $SIGNER_ID -f /home/curry/docker/docker-compose-signer-${each.value.type}.yaml --profile all up -d", ] } } diff --git a/mithril-infra/variables.tf b/mithril-infra/variables.tf index 586d56a99fc..42bcf3ea1b8 100644 --- a/mithril-infra/variables.tf +++ b/mithril-infra/variables.tf @@ -119,10 +119,12 @@ variable "mithril_protocol_parameters" { variable "mithril_signers" { type = map(object({ + type = string pool_id = string })) default = { "1" = { + type = "unverified", pool_id = "pool15qde6mnkc0jgycm69ua0grwxmmu0tke54h5uhml0j8ndw3kcu9x", } } From d4876ec0b52b14a6c65733dad5bb708a0146948d Mon Sep 17 00:00:00 2001 From: Jean-Philippe Raynaud Date: Fri, 4 Nov 2022 19:13:32 +0100 Subject: [PATCH 4/4] Update VM startup script Add missing jq tool. --- mithril-infra/assets/startup-vm.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mithril-infra/assets/startup-vm.sh b/mithril-infra/assets/startup-vm.sh index 9e66ebaa140..0403128ed0c 100644 --- a/mithril-infra/assets/startup-vm.sh +++ b/mithril-infra/assets/startup-vm.sh @@ -5,7 +5,7 @@ rm -f /startup-ready.txt # Update and install dependencies sudo apt update -y -sudo apt install -y tree ca-certificates curl gnupg lsb-release +sudo apt install -y jq tree ca-certificates curl gnupg lsb-release # Install sqlite3 sudo apt install -y sqlite3