ceramicnetwork / terraform-aws-ceramic Goto Github PK

View Code? Open in Web Editor NEW

13.0 6.0 14.0 103 KB

Deploy a Ceramic daemon to AWS

Home Page: https://registry.terraform.io/modules/ceramicnetwork/ceramic/aws/latest

HCL 82.98% Smarty 17.02%

ceramic ceramic-network terraform terraform-module aws

terraform-aws-ceramic's Introduction

DEPRECATED terraform-aws-ceramic

Please see the ceramic-infra-scripts repo for alternative deployment options.

Usage

There is no root module available for use. Instead use one of the submodules like ECS:

module "ceramic" {
  source  = "ceramicnetwork/ceramic/aws//modules/ecs"
  version = "3.3.0"
  # insert variables here
}

Pre-conditions

Make sure that the following AWS resources exist prior to the application of this Terraform module:

VPC with 2 subnets in 2 AZs, each subnet tagged with Ceramic and the name of your environment, e.g. dev.
S3 bucket for Ceramic/IPFS data store
ECS cluster for Ceramic/IPFS services
SSM parameter for your Infura RPC endpoint
EFS volume for Ceramic logs
ARN of S3 bucket to use as a backup for the IPFS repo (optional)

Also make sure that you add the appropriate CNAME entries to your DNS nameserver for the IPFS endpoints generated through the application of this module.

Development

Start by installing pre-commit

pre-commit install

Known Issues

Region is required When validating submodules you may see error messages like this:

Error: Missing required argument

The argument "region" is required, but was not set.

To suppress these, set an environment variable for AWS_DEFAULT_REGION

export AWS_DEFAULT_REGION=us-east-1

Releases

We are using release-it to do releases and following semver versioning.

Notes:

Releases must be made from the repository root directory to properly update CHANGELOG.md
Release commits must be merged into the main branch

npm install --global release-it
cd terraform-aws-ceramic
release-it --dry-run
release-it

terraform-aws-ceramic's People

Contributors

Stargazers

Watchers

Forkers

tribe-health 0xo0o0 ryanoatz99 ilovelili kitakaze-kan quantum-one-dlt dragonprotocol cyberconnecthq jackieyewang bridgecrew-perf4 photure goldenrecursion cvoxelprotocol cvoxelprotocol

terraform-aws-ceramic's Issues

atest 123

Description

Provide a 2-3 sentence overview of the work to be done.

Technical Information

Provide an explanation of the technical work to be done

Receiving - Error: SSL peer certificate or SSH remote key was not OK - after Terraform deployment

I've been able to run the Terraform build successfully and it deploys all resources to my AWS account, but when I ping the ALB's health check endpoint I continue to receive this error:

Error: SSL peer certificate or SSH remote key was not OK

This is the endpoint I'm calling: ceramic-staging--node-785765069.us-east-2.elb.amazonaws.com/api/v0/node/healthcheck

All the resources instructed to create before deployment have been created.

The only thing I can think that's causing this is something to do with the ACM certificate and/or domain. I own normalapi.com and created a certificate for idk.normalapi.com using ACM to generate the ARN shown below. The certificate is valid and setup correctly. This is the domain I pass for the ipfs_domain_name variable, but I'm really unsure if this is correct.

The documentation here is incredibly hard to follow and has nothing for troubleshooting so I'm posting all this after hours at this.

Here is my current variables.tf where I've set all the values to use as defaults:

variable "acm_certificate_arn" {
  type        = string
  description = "ARN of ACM SSL certificate"
  default = "arn:aws:acm:us-east-2:270757412251:certificate/a2014f69-ff65-4b62-a3de-a70fc6bf7a56"
}

variable "aws_region" {
  type        = string
  description = "AWS region. Must match region of vpc_id and public_subnet_ids."
  default = "us-east-2"
}

variable "base_namespace" {
  type        = string
  description = "Base namespace"
  default = ""
}

variable "default_tags" {
  type        = map(any)
  description = "Tags"
  default = {}
}

variable "ecs_cluster_name" {
  type        = string
  description = "Name of ECS cluster"
  default = "CeramicServices"
}

variable "env" {
  type        = string
  description = "Environment name used for namespacing"
  default = ""
}

variable "image_tag" {
  type        = string
  description = "Image tag"
  default = "latest"
}

variable "private_subnet_ids" {
  type        = list(string)
  description = "List of private subnet ids for the VPC"
  default = ["subnet-0127278d26ffbabb0", "subnet-0e32deefde7511bc7"]
}

variable "public_subnet_ids" {
  type        = list(string)
  description = "List of ALB subnet ids"
  default = ["subnet-09a4d736970e2c9b9", "subnet-077bdccc87f440235"]
}

variable "s3_bucket_name" {
  type        = string
  description = "Name of S3 bucket to use as a backend for Ceramic and IPFS"
  default = "ceramicdatastore"
}

variable "vpc_security_group_id" {
  type        = string
  description = "VPC security group id"
  default = "sg-0ca17e66973d1ab13"
}

variable "vpc_id" {
  type        = string
  description = "Id of VPC"
  default = "vpc-01d5cc98c76743628"
}

variable "vpc_cidr_block" {
  type        = string
  description = "Default CIDR block of the VPC"
  default = "10.2.0.0/16"
}

/* Ceramic */

variable "ceramic_anchor_service_api_url" {
  type        = string
  description = "URL for Ceramic Anchor Service API"
  default = "https://mainnet.infura.io/v3/<apiKey>" 
}

variable "ceramic_cors_allowed_origins" {
  type        = string
  description = "Web browser CORS allowed origins as stringified regex"
  default     = ".*"
}

variable "ceramic_cpu" {
  type        = number
  description = "vCPU units to allocate to the Ceramic daemon ECS task"
  default     = 1024 # 1024 = 1 vCPU
}

variable "ceramic_env" {
  type        = string
  description = "Optional. Environment namespace for Ceramic"
  default = "staging"
}

variable "ceramic_efs_logs_fs_id" {
  type        = string
  description = "ID of EFS volume for Ceramic logs"
  default = "fs-08e8ebc50015e2572"
}

variable "ceramic_efs_logs_fs_name" {
  type        = string
  description = "Name of EFS volume for Ceramic logs"
  default = "CeramicLogs"
}

variable "ceramic_eth_rpc_url" {
  type        = string
  description = "Ethereum RPC URL. Must match anchor service ETH network"
  default = "https://mainnet.infura.io/v3/<apiKey>"
}

variable "ceramic_memory" {
  type        = number
  description = "Memory allocation per Ceramic daemon ECS task"
  default     = 2048
}

variable "ceramic_network" {
  type        = string
  description = "Ceramic network (e.g. testnet-clay)"
  default = "testnet-clay"
}

variable "ceramic_task_count" {
  type        = number
  description = "Number of Ceramic ECS tasks to run in the ECS service"
  default     = 1
}

/* IPFS */

variable "ipfs_cpu" {
  type        = number
  description = "vCPU units to allocate to the IPFS ECS task"
  default     = 1024 # 1024 = 1 vCPU
}

variable "ipfs_default_log_level" {
  type        = string
  description = "IPFS default log level"
  default     = "info"
}

variable "ipfs_domain_name" {
  type        = string
  description = "Domain name, including TLD"
  default = "idk.normalapi.com"
}

variable "ipfs_enable_alb_logging" {
  type        = bool
  description = "True to enable ALB logs (stored in a new S3 bucket)"
  default     = false
}

variable "ipfs_enable_repo_backup_to_s3" {
  type        = bool
  description = "True to backup IPFS repo to S3"
  default     = false
}

variable "ipfs_memory" {
  type        = number
  description = "Memory allocation per IPFS API instance"
  default     = 2048
}

variable "ipfs_task_count" {
  type        = number
  description = "Number of IPFS ECS tasks to run in the ECS service"
  default     = 1
}

variable "ipfs_s3_repo_backup_bucket_arn" {
  type        = string
  description = "ARN of S3 bucket to use as a backup for the IPFS repo"
  default     = "arn:aws:s3:::ceramicdatastore"
}

variable "use_existing_ipfs_peer_identity" {
  type        = string
  description = "Use existing IPFS peer identity"
  default     = false
}

Let me know if posting any additional code/files would be helpful and I can add them.

Thanks!

Josh

Increase availability of Ceramic nodes by adding better DevOps documentation

Background

For individuals involved in the web3 ecosystem for a long time, observations about the state of its infrastructure pointed by @moxie0 are not only valid but legit concerns. Right now, according to the docs, the way to use Ceramic is to use one of the current gateways hosted by 3BoxLabs, which at the time of writing, are currently backed by other 22 nodes, out of which 5 are controlled by Ceramic or 3BoxLabs. Furthermore, there is only the current Terraform template, despite existing projects trying to automate the deployment of Ceramic nodes.

Description

Ideally, I would like to see,

A registry of all the existing Ceramic nodes in the ecosystem, perhaps via an Explorer or similar.
Instructions on how to deploy Ceramic nodes in multiple providers, via Terraform, Puppet, in GCloud, AWS etc.
Have a public-facing website and friendly set up to make this process as transparent as possible.
Ideas on how to incentivize Ceramic nodes that do not involve necessarily a token (e.g. whitelisting node runners).

Technical Information

Due to the number of dependencies Ceramic nodes need, it's not easy to have a "one-click" deployment for most providers. However, it should be possible to create an app that "connect"'s to an IaaS and allow provisioning scripts to work their magic. For most technical users this can be done via simple GCP/AWS keys, but we can probably figure out a way to get them easily.

Additional notes

The Ceramic nodes are not the only moving piece for the network to work properly, a CAS service is also needed, which is also currently only at the discretion and control of Ceramic/3BoxLabs. Ideally, a push to decentralize this service should also be aimed in a separate issue.

Increase the supported terraform version

Description

Running terraform init gives

|   on versions.tf line 2, in terraform:
│    2:   required_version = ">= 0.13, < 0.14"

Technical Information

Is this an error with my setup, or should I downgrade to a lower Terraform version? The current version of Terraform is 1.2.7.

go-ipfs compatibility

Add default regex for CORS allowed origins

".*"

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.