Infrastructure definition for review

passportxyz · Oct 5, 2022 · e96a126 · e96a126
1 parent 3362bf1
commit e96a126
Showing 1 changed file with 201 additions and 31 deletions.
diff --git a/infra/review/index.ts b/infra/review/index.ts
@@ -11,7 +11,7 @@ let dbUsername = `${process.env["DB_USER"]}`;
 let dbPassword = pulumi.secret(`${process.env["DB_PASSWORD"]}`);
 let dbName = `${process.env["DB_NAME"]}`;
 
-export const dockerGtcPassportIamImage = `${process.env["DOCKER_GTC_PASSPORT_SCORER_IMAGE"]}`;
+export const dockerGtcPassportScorerImage = `${process.env["DOCKER_GTC_PASSPORT_SCORER_IMAGE"]}`;
 
 //////////////////////////////////////////////////////////////
 // Set up VPC
@@ -24,6 +24,18 @@ const vpc = new awsx.ec2.Vpc("scorer", {
 export const vpcID = vpc.id;
 export const vpcPrivateSubnetIds = vpc.privateSubnetIds;
 export const vpcPublicSubnetIds = vpc.publicSubnetIds;
+export const vpcPrivateSubnetId1 = vpcPrivateSubnetIds.then(
+  (values) => values[0]
+);
+export const vpcPublicSubnetId1 = vpcPublicSubnetIds.then(
+  (values) => values[0]
+);
+export const vpcPrivateSubnetId2 = vpcPrivateSubnetIds.then(
+  (values) => values[1]
+);
+export const vpcPublicSubnetId2 = vpcPublicSubnetIds.then(
+  (values) => values[1]
+);
 
 export const vpcPublicSubnet1 = vpcPublicSubnetIds.then((subnets) => {
   return subnets[0];
@@ -157,8 +169,6 @@ const www = new aws.route53.Record("scorer", {
   ],
 });
 
-// TODO connect EFS with Fargate containers
-// const ceramicStateStore = new aws.efs.FileSystem("ceramic-statestore");
 
 const dpoppEcsRole = new aws.iam.Role("dpoppEcsRole", {
   assumeRolePolicy: JSON.stringify({
@@ -215,6 +225,34 @@ const dpoppEcsRole = new aws.iam.Role("dpoppEcsRole", {
   },
 });
 
+const secrets = [
+  {
+    name: "SECRET_KEY",
+    valueFrom: `${SCORER_SERVER_SSM_ARN}:SECRET_KEY::`,
+  },
+];
+const environment = [
+  {
+    name: "DEBUG",
+    value: "on",
+  },
+  {
+    name: "DATABASE_URL",
+    value: rdsConnectionUrl,
+  },
+  {
+    name: "ALLOWED_HOSTS",
+    value: JSON.stringify([domain, "*"]),
+  },
+  {
+    name: "CSRF_TRUSTED_ORIGINS",
+    value: JSON.stringify([`https://${domain}`]),
+  },
+];
+
+//////////////////////////////////////////////////////////////
+// Set up the Scorer ECS service
+//////////////////////////////////////////////////////////////
 const service = new awsx.ecs.FargateService("scorer", {
   cluster,
   desiredCount: 1,
@@ -223,7 +261,7 @@ const service = new awsx.ecs.FargateService("scorer", {
     executionRole: dpoppEcsRole,
     containers: {
       scorer: {
-        image: dockerGtcPassportIamImage,
+        image: dockerGtcPassportScorerImage,
         memory: 1024,
         portMappings: [httpsListener],
         command: [
@@ -237,26 +275,8 @@ const service = new awsx.ecs.FargateService("scorer", {
           "0.0.0.0:80",
         ],
         links: [],
-        secrets: [
-          {
-            name: "SECRET_KEY",
-            valueFrom: `${SCORER_SERVER_SSM_ARN}:SECRET_KEY::`,
-          },
-        ],
-        environment: [
-          {
-            name: "DEBUG",
-            value: "on",
-          },
-          {
-            name: "DATABASE_URL",
-            value: rdsConnectionUrl,
-          },
-          {
-            name: "ALLOWED_HOSTS",
-            value: JSON.stringify([domain]),
-          },
-        ],
+        secrets: secrets,
+        environment: environment,
         linuxParameters: {
           initProcessEnabled: true,
         },
@@ -265,10 +285,160 @@ const service = new awsx.ecs.FargateService("scorer", {
   },
 });
 
-// const ecsTarget = new aws.appautoscaling.Target("autoscaling_target", {
-//   maxCapacity: 1,
-//   minCapacity: 1,
-//   resourceId: pulumi.interpolate`service/${cluster.cluster.name}/${service.service.name}`,
-//   scalableDimension: "ecs:service:DesiredCount",
-//   serviceNamespace: "ecs",
-// });
+//////////////////////////////////////////////////////////////
+// Set up task to run migrations
+//////////////////////////////////////////////////////////////
+const taskMigrate = new awsx.ecs.FargateTaskDefinition(`scorer-run-migrate`, {
+  executionRole: dpoppEcsRole,
+  containers: {
+    web: {
+      image: dockerGtcPassportScorerImage,
+      command: ["python", "manage.py", "migrate"],
+      memory: 4096,
+      cpu: 2000,
+      portMappings: [],
+      secrets: secrets.concat([
+        {
+          name: "DJANGO_SUPERUSER_USERNAME",
+          valueFrom: `${SCORER_SERVER_SSM_ARN}:DJANGO_SUPERUSER_USERNAME::`,
+        },
+        {
+          name: "DJANGO_SUPERUSER_EMAIL",
+          valueFrom: `${SCORER_SERVER_SSM_ARN}:DJANGO_SUPERUSER_EMAIL::`,
+        },
+        {
+          name: "DJANGO_SUPERUSER_PASSWORD",
+          valueFrom: `${SCORER_SERVER_SSM_ARN}:DJANGO_SUPERUSER_PASSWORD::`,
+        },
+      ]),
+      environment: environment,
+      dependsOn: [],
+      links: [],
+    },
+  },
+});
+
+export const taskMigrateDefinition = taskMigrate.taskDefinition.id;
+
+//////////////////////////////////////////////////////////////
+// Set up task to create superuser
+//////////////////////////////////////////////////////////////
+const task = new awsx.ecs.FargateTaskDefinition(`scorer-run-createsuperuser`, {
+  executionRole: dpoppEcsRole,
+  containers: {
+    web: {
+      image: dockerGtcPassportScorerImage,
+      command: ["python", "manage.py", "createsuperuser", "--noinput"],
+      memory: 4096,
+      cpu: 2000,
+      portMappings: [],
+      secrets: secrets.concat([
+        {
+          name: "DJANGO_SUPERUSER_USERNAME",
+          valueFrom: `${SCORER_SERVER_SSM_ARN}:DJANGO_SUPERUSER_USERNAME::`,
+        },
+        {
+          name: "DJANGO_SUPERUSER_EMAIL",
+          valueFrom: `${SCORER_SERVER_SSM_ARN}:DJANGO_SUPERUSER_EMAIL::`,
+        },
+        {
+          name: "DJANGO_SUPERUSER_PASSWORD ",
+          valueFrom: `${SCORER_SERVER_SSM_ARN}:DJANGO_SUPERUSER_PASSWORD::`,
+        },
+      ]),
+      environment: environment,
+      dependsOn: [],
+      links: [],
+    },
+  },
+});
+
+export const taskDefinition = task.taskDefinition.id;
+
+const secgrp = new aws.ec2.SecurityGroup(`scorer-run-migrations-task`, {
+  description: "gitcoin-ecs-task",
+  vpcId: vpc.id,
+  ingress: [
+    { protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] },
+    { protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] },
+  ],
+  egress: [
+    {
+      protocol: "-1",
+      fromPort: 0,
+      toPort: 0,
+      cidrBlocks: ["0.0.0.0/0"],
+    },
+  ],
+});
+
+export const securityGroupForTaskDefinition = secgrp.id;
+
+//////////////////////////////////////////////////////////////
+// Set up EC2 instance 
+//      - it is intended to be used for troubleshooting
+//////////////////////////////////////////////////////////////
+
+const ubuntu = aws.ec2.getAmi({
+  mostRecent: true,
+  filters: [
+      {
+          name: "name",
+          values: ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"],
+      },
+      {
+          name: "virtualization-type",
+          values: ["hvm"],
+      },
+  ],
+  owners: ["099720109477"],
+});
+
+// Script to install docker in ec2 instance
+const ec2InitScript = `#!/bin/bash
+
+# Installing docker in ubuntu
+# Instructions taken from here: https://docs.docker.com/engine/install/ubuntu/
+
+mkdir /var/log/gitcoin
+echo $(date) "Starting installation of docker" >> /var/log/gitcoin/init.log
+apt-get remove docker docker-engine docker.io containerd runc
+
+apt-get update
+
+apt-get install -y \
+  ca-certificates \
+  curl \
+  gnupg \
+  lsb-release
+  
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+
+echo \
+"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
+$(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
+
+apt-get update
+apt-get install -y docker-ce docker-ce-cli containerd.io
+mkdir /var/log/gitcoin
+echo $(date) "Finished installation of docker" >> /var/log/gitcoin/init.log
+
+`
+
+const web = new aws.ec2.Instance("Web", {
+  ami: ubuntu.then(ubuntu => ubuntu.id),
+  associatePublicIpAddress: true,
+  instanceType: "t3.medium",
+  subnetId: vpcPublicSubnetId1.then(),
+
+  vpcSecurityGroupIds: [secgrp.id],
+  rootBlockDevice: {
+      volumeSize: 50
+  },
+  tags: {
+      Name: "Troubleshooting instance",
+  },
+  userData: ec2InitScript,
+});
+
+export const ec2PublicIp = web.publicIp;