diff --git a/.github/workflows/deploy-lotus-mainnet.yml b/.github/workflows/deploy-lotus-mainnet.yml deleted file mode 100644 index b438bbd95..000000000 --- a/.github/workflows/deploy-lotus-mainnet.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Lotus Mainnet -concurrency: ci-${{ github.ref }} - -on: - pull_request: - branches: - - main - paths: - - 'terraform/lotus-mainnet/**' - - 'terraform/modules/filecoin_node/**' - push: - branches: - - main - paths: - - 'terraform/lotus-mainnet/**' - - 'terraform/modules/filecoin_node/**' - workflow_dispatch: - -jobs: - deploy-lotus-calibnet: - name: Deploy - runs-on: ubuntu-latest - permissions: write-all - steps: - - name: Checkout the code - uses: actions/checkout@v4 - - # Using Custom Composite action in ./composite-action/terraform folder - - name: Composite Action for Deploying Terraform Resources - uses: ./composite-action/terraform - with: - do_token: ${{ secrets.DO_TOKEN }} - aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }} - working_directory: terraform/lotus-mainnet - environment: Lotus Mainnet - new_relic_account_id: ${{ secrets.NEW_RELIC_ACCOUNT_ID }} - nr_license_key: ${{ secrets.NR_LICENSE_KEY }} - new_relic_api_key: ${{ secrets.NEW_RELIC_API_KEY }} diff --git a/README.md b/README.md index f37c7cba6..fa517f955 100644 --- a/README.md +++ b/README.md @@ -52,16 +52,16 @@ That's it! From now on, every time you commit changes to your project, these hoo ## Overview -The Terraform folder contains terraform scripts to automate the setup of droplets on DigitalOcean. These scripts enable the configuration of essential infrastructure required for running Forest Mainnet, Calibnet, or Lotus Mainnet nodes. The script automates several steps, including: +The Terraform folder contains terraform scripts to automate the setup of droplets on DigitalOcean. These scripts enable the configuration of essential infrastructure required for running Forest Mainnet or Calibnet Filecoin node. The script automates several steps, including: - Booting up a New Droplet: It initializes a new droplet with specified parameters such as image, name, region, and size. -- Volume Attachment (optional): The script can optionally attach a storage volume to the droplet if the user specifies so (attach_volume variable set to true). This feature primarily runs on the Mainnet but can also be applied to the Calibnet if set to true. To ensure compliance with device identifier restrictions on DigitalOcean, any "-" characters in the volume name are automatically replaced with "_" when mounting the volume on the droplet. +- Volume Attachment (optional): The script can optionally attach a storage volume to the droplet if the user specifies so (attach_volume variable set to false). To ensure compliance with device identifier restrictions on DigitalOcean, any "-" characters in the volume name are automatically replaced with "_" when mounting the volume on the droplet. -- Running Initialization Script: The `user-data.sh` or `lotus.sh` script is executed during the droplet's initialization. This script is powered by the Terraform engine and allows dynamic insertion of variables from the `terraform.tfvars` file. It handles crucial tasks such as creating a new user, configuring SSH settings, restricting SSH access, and managing Docker-related setups. Its purpose is to specifically run the Mainnet or Calibnet chain based on the specifications provided in the Terraform script. Additionally, it initializes Watchtower to ensure the Forest images are up to date and configures the New Relic infrastructure agent and Openmetrics New Relic container exclusively on the forest nodes. +- Running Initialization Script: The `user-data.sh` script is executed during the droplet's initialization. This script is powered by the Terraform engine and allows dynamic insertion of variables from the `terraform.tfvars` file. It handles crucial tasks such as creating a new user, configuring SSH settings, restricting SSH access, and managing Docker-related setups. Its purpose is to specifically run the Mainnet or Calibnet chain based on the specifications provided in the Terraform script. Additionally, it initializes Watchtower to ensure the Forest images are up to date and configures the New Relic infrastructure agent and Openmetrics New Relic container exclusively on the forest nodes. ## Requirements -The droplet requirements to run Forest Mainnet, Calibnet or lotus mainnet nodes include: +The droplet requirements to run Forest Mainnet or Calibnet nodes include: - RAM: 8GB - VCPU: 1 - Disk Size: >100 GB @@ -74,7 +74,7 @@ The user's local machine requirements include the following: To implement the infrastructure, run the following: - Create an `ssh-key` to be added to the DigitalOcean list and store the fingerprint for use in the next few steps; you can check more details [here](https://docs.digitalocean.com/products/droplets/how-to/add-ssh-keys/to-team/) -- Create a space on DigitalOcean with any preferred unique name, then add the bucket name and endpoint to the `backend.tf` file located in the `forest-mainnet`, `forest-calibnet` or `lotus-mainnet` directory, depending on which one you plan to run. +- Create a space on DigitalOcean with any preferred unique name, then add the bucket name and endpoint to the `backend.tf` file located in the `forest-mainnet` or `forest-calibnet` directory, depending on which one you plan to run. - Generate `digitalocean_api_token` from DigitalOcean console; you can check [here](https://docs.digitalocean.com/reference/api/create-personal-access-token/) for more details. @@ -95,11 +95,11 @@ export TF_VAR_NR_LICENSE_KEY= ``` Then save the file and restart the terminal for the changes to take effect. -- Navigate to the terraform directory and run `make init_calib` for calibnet, `make init_main` for mainnet, or `make init_lt_main` for lotus mainnet to initialize and verify variables. +- Navigate to the terraform directory and run `make init_calib` for calibnet or `make init_main` for mainnet to initialize and verify variables. -- Run `make plan_calib` for calibnet, `make plan_main` for mainnet, or `make plan_lt_main` for lotus mainnet in the terraform directory to view all the configured resources. +- Run `make plan_calib` for calibnet, or `make plan_main` for mainnet, or `make plan_lt_main` in the terraform directory to view all the configured resources. -- To create the infrastructure, run `make apply_calib` for calibnet, `make apply_main` for mainnet, or `make apply_lt_main` for lotus mainnet in the terraform directory. +- To create the infrastructure, run `make apply_calib` for calibnet, or `make apply_main` for mainnet in the terraform directory. ## Collaborators Feel free to contribute to the codebase by resolving any open issues, refactoring, adding new features, writing test cases, or any other way to make the project better and helpful to the community. Feel free to fork and send pull requests. diff --git a/terraform/Makefile b/terraform/Makefile index 2f992350d..9cd3cf25a 100644 --- a/terraform/Makefile +++ b/terraform/Makefile @@ -2,7 +2,6 @@ TF = terraform TF_MAIN_DIR = forest-mainnet TF_CALIB_DIR = forest-calibnet -TF_LT_MAIN_DIR = lotus-mainnet # Define the default target .DEFAULT_GOAL := help @@ -11,11 +10,11 @@ help: @echo "Usage: make [target]" @echo "" @echo "Targets:" - @echo " init_calib, init_main, or init_lt_main Initialize Terraform for either Forest mainnet, calibnet, or lotus mainnet" - @echo " plan_calib, plan_main, or plan_lt_main Generate and show an execution plan for either Forest mainnet, calibnet, or lotus mainnet" - @echo " apply_main, apply_calib, or apply_lt_main Apply the changes for either Forest mainnet, calibnet, or lotus mainnet" - @echo " destroy_main, destroy_calib or destroy_lt_main Destroy the Terraform-managed infrastructure for either Forest mainnet, calibnet, or lotus mainnet" - @echo " help Shows this help message" + @echo " init_calib or init_main Initialize Terraform for either Forest mainnet or calibnet" + @echo " plan_calib or plan_main Generate and show an execution plan for either Forest mainnet or calibnet" + @echo " apply_main or apply_calib Apply the changes for either Forest mainnet or calibnet" + @echo " destroy_main or destroy_calib Destroy the Terraform-managed infrastructure for either Forest mainnet or calibnet" + @echo " help Shows this help message" init_calib: @cd $(TF_CALIB_DIR) && $(TF) init @@ -40,15 +39,3 @@ apply_main: destroy_main: @cd $(TF_MAIN_DIR) && $(TF) destroy - -init_lt_main: - @cd $(TF_LT_MAIN_DIR) && $(TF) init - -plan_lt_main: - @cd $(TF_LT_MAIN_DIR) && $(TF) plan - -apply_lt_main: - @cd $(TF_LT_MAIN_DIR) && $(TF) apply --auto-approve - -destroy_lt_main: - @cd $(TF_LT_MAIN_DIR) && $(TF) destroy diff --git a/terraform/lotus-mainnet/.terraform.lock.hcl b/terraform/lotus-mainnet/.terraform.lock.hcl deleted file mode 100644 index 77ec27eec..000000000 --- a/terraform/lotus-mainnet/.terraform.lock.hcl +++ /dev/null @@ -1,46 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/digitalocean/digitalocean" { - version = "2.29.0" - constraints = "~> 2.0" - hashes = [ - "h1:KSmD5RdWr/Go4Q5GlY9QsfSm1vtKxBJjJe3M5gaQXjg=", - "zh:0af0a1a2de818c5dc8ee7ad4dc4731452848e84cfa0c1ce514af1c7aad15c53c", - "zh:27229f3162b4142be48554f56227265982f3b74e4c79fa5d2528c8a3912d1e19", - "zh:31d6e73bfe12231fa0ab3bbeef0e4aa9822a2008ae2a1a8b22557bdada4af7a3", - "zh:6e7417413e96b87a11d47e9acbc88e6d707a6ab23a7de6b584fc600d9d3cbf00", - "zh:9faf40798a698b80e8d56e502c220856d2d5f55d5137b9cf5371f2fdaeadd70a", - "zh:b9ab9caf21b3f928fdd891e749fd8d33f6d441b39a08d725edf58cf8027a9b7b", - "zh:be32b3a35474f8acbab4d0ad8676810fa05a87918cc1874b53672159005016c0", - "zh:c2e8f7c08cad44b46e2e5580183e1ef2a4f1803347de136d1a35f333973a25f0", - "zh:cf0aba5b5042c762da489050716815652f809f3ef0ededb0f981f11691dbef03", - "zh:d1c0874c0ae0aa1eae86dbd131978796303599709c35b5dee926887d375f4cc8", - "zh:d4eecb61e763950a5a0f40cddc7a58345419a522b783aae7b0703309a354bb0c", - "zh:d866df86dd78eb2a9e54ebff637301522766710bb6dc7f8e330f1146822b62ee", - "zh:da51541ef96d0a5745740dc623bff3ccfb6b098b548d78cf5e9d95a15c69963a", - "zh:ede343be1528b468feae3a1cbf781e223f63ce33446a008a42f2fb799a23b436", - "zh:f20a60e2cecd29bbcc73d59e95aca368e2c55b7648f1923df2c0f7578026b048", - "zh:fccaf963f2db1e271e9d28276172910ca6b95471b8e0dfac758daf0495ce17f5", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.4.0" - constraints = "~> 2.1" - hashes = [ - "h1:Bs7LAkV/iQTLv72j+cTMrvx2U3KyXrcVHaGbdns1NcE=", - "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9", - "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf", - "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35", - "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04", - "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406", - "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6", - "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7", - "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2", - "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc", - "zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce", - ] -} diff --git a/terraform/lotus-mainnet/main.tf b/terraform/lotus-mainnet/main.tf deleted file mode 100644 index 4cfd5ef3b..000000000 --- a/terraform/lotus-mainnet/main.tf +++ /dev/null @@ -1,37 +0,0 @@ -terraform { - required_version = ">= 1.2" - - backend "s3" { - bucket = "forest-iac" - key = "lotus-mainnet/terraform.tfstate" - region = "us-west-1" - endpoint = "fra1.digitaloceanspaces.com" - skip_credentials_validation = true - skip_metadata_api_check = true - } -} - -module "lotus-mainnet" { - source = "../modules/filecoin_node" - - do_token = var.do_token - name = "lotus-mainnet" - region = "fra1" - image = "docker-20-04" - size = "s-8vcpu-16gb" - source_addresses = ["0.0.0.0/0", "::/0"] - attach_volume = true - destination_addresses = ["0.0.0.0/0", "::/0"] - volume_name = "lotus-mainnet-volume" - initial_filesystem_type = "ext4" - volume_size = "1000" - chain = "mainnet" - project = "Forest-DEV" - fw_name = "lotus-mainnet-fw" - script = "lotus.sh" - forest_user = "forest" - rpc_port = "1234" - NR_LICENSE_KEY = var.NR_LICENSE_KEY - NEW_RELIC_API_KEY = var.NEW_RELIC_API_KEY - NEW_RELIC_ACCOUNT_ID = var.NEW_RELIC_ACCOUNT_ID -} diff --git a/terraform/lotus-mainnet/variables.tf b/terraform/lotus-mainnet/variables.tf deleted file mode 100644 index 16cb13a64..000000000 --- a/terraform/lotus-mainnet/variables.tf +++ /dev/null @@ -1,20 +0,0 @@ - -variable "do_token" { - description = "Token for authentication." - type = string -} - -variable "NR_LICENSE_KEY" { - description = "New Relic Access Token" - type = string -} - -variable "NEW_RELIC_API_KEY" { - description = "New Relic API KEY" - type = string -} - -variable "NEW_RELIC_ACCOUNT_ID" { - description = "The New Relic Account ID" - type = string -} diff --git a/terraform/modules/filecoin_node/lotus.sh b/terraform/modules/filecoin_node/lotus.sh deleted file mode 100644 index f3c7839d8..000000000 --- a/terraform/modules/filecoin_node/lotus.sh +++ /dev/null @@ -1,127 +0,0 @@ -#!/bin/bash - -# This bash script is used to initialize a Lotus Mainnet or Calibnet Droplet. -# It starts the chain (either mainnet or calibnet) as specified in the terraform script. -# The script also runs Watchtower to keep the Lotus Docker images up-to-date, -# and sets up the New Relic agent for system monitoring. - -# The script employs Terraform's templating engine, which uses variables defined in terraform.tfvars. -# therefore, variables like ${NEW_USER} used here are intended for the template engine, not BASH - -set -euxo pipefail - -# Create a new user with a home directory, no password (SSH login only), and no gecos info. -adduser --disabled-password --gecos "" "${NEW_USER}" - -# Set up SSH for the new user. -mkdir --parents -- "/home/${NEW_USER}/.ssh" -chown "${NEW_USER}:${NEW_USER}" "/home/${NEW_USER}/.ssh" -chmod 0700 "/home/${NEW_USER}/.ssh" - -# Inherit authorized_keys from root, if they exist, to allow the same key-based access for the new user. -if [ -f "/root/.ssh/authorized_keys" ]; then - : Allowing those with root ssh keys to log in as "${NEW_USER}" - cp /root/.ssh/authorized_keys "/home/${NEW_USER}/.ssh/authorized_keys" - chown "${NEW_USER}:${NEW_USER}" "/home/${NEW_USER}/.ssh/authorized_keys" - chmod 0600 "/home/${NEW_USER}/.ssh/authorized_keys" -fi - -#install NTP to synchronize the time differences -sudo DEBIAN_FRONTEND=noninteractive apt-get -qqq --yes -o DPkg::Lock::Timeout=-1 install -y ntp - -# Enable passwordless sudo for the new user. This allows the user to run sudo commands without being prompted for a password. -echo "${NEW_USER} ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/"${NEW_USER}" - -# Add new user to "docker" group so they can run docker commands -usermod --append --groups docker "${NEW_USER}" - -# Set up the directory where the lotus container will store its data. -mkdir --parents -- "/home/${NEW_USER}/lotus_data" - -# If a volume name is defined, mount the volume to the lotus_data directory. -if [ -n "${VOLUME_NAME}" ]; then - # discard: notify the volume to free blocks (useful for SSDs) - # defaults: default mount options, including rw - # noatime: don't preserve file access times - : mounting volume at the lotus_data directory - mount --options discard,defaults,noatime /dev/disk/by-id/scsi-0DO_Volume_"${DISK_ID_VOLUME_NAME}" "/home/${NEW_USER}/lotus_data" -fi - -# Change the ownership of the lotus_data directory to the created user. -chown --recursive "${NEW_USER}":"${NEW_USER}" "/home/${NEW_USER}/lotus_data" - -IMAGETAG="stable" - -if [ "${CHAIN}" != "mainnet" ]; then - IMAGETAG="stable-calibnet" -fi - -sudo --user="${NEW_USER}" -- docker network create lotus - -# Run the Lotus Docker container as the created user. -sudo --user="${NEW_USER}" -- \ - docker run \ - --detach \ - --network=lotus \ - --name=lotus-"${CHAIN}" \ - --env LOTUS_CHAIN_BADGERSTORE_DISABLE_FSYNC=true \ - --env LOTUS_CHAINSTORE_SPLITSTORE_COLDSTORETYPE="discard" \ - --env LOTUS_CHAINSTORE_SPLITSTORE_HOTSTOREFULLGCFREQUENCY=1 \ - --volume=parameters:/var/tmp/filecoin-proof-parameters \ - --volume=/home/"${NEW_USER}"/lotus_data:/var/lib/lotus \ - --publish=1234:1234 \ - --restart=always \ - filecoin/lotus-all-in-one:"$IMAGETAG" lotus daemon \ - --import-snapshot https://snapshots."${CHAIN}".filops.net/minimal/latest.zst - -# It monitors running Docker containers and watches for changes to the images that those containers were originally started from. -# If Watchtower detects that an image has changed, it will automatically restart the container using the new image. -# Run the Watchtower Docker container as created user. -sudo --user="${NEW_USER}" -- \ - docker run \ - --detach \ - --network=lotus \ - --name=watchtower \ - --volume=/var/run/docker.sock:/var/run/docker.sock \ - --restart=unless-stopped \ - containrrr/watchtower \ - --include-stopped --revive-stopped --stop-timeout 120s --interval 600 - -# If New Relic license key and API key are provided, -# install the new relic agent and New relic agent and OpenMetrics Prometheus integration. -if [ -n "${NEW_RELIC_API_KEY}" ]; then - curl -Ls https://download.newrelic.com/install/newrelic-cli/scripts/install.sh | bash && \ - sudo NEW_RELIC_API_KEY="${NEW_RELIC_API_KEY}" \ - NEW_RELIC_ACCOUNT_ID="${NEW_RELIC_ACCOUNT_ID}" \ - NEW_RELIC_REGION="${NEW_RELIC_REGION}" \ - /usr/local/bin/newrelic install -y - -# The provided configurations are specific to New Relic. To gain a deeper understanding of these configuration details, you can visit: -# https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/#offline-time-to-reset -cat >> /etc/newrelic-infra.yml <