Synthetix UAT Env (#86)

* Add synthetix UAT deployment config and info on how to deploy
* Fix issue with geth entrypoint.sh that disallowed service discovery DNS name to be used
* Added CD for synthetix-uat branch

.github/workflows/dev-ecr-deploy.yml

@@ -43,10 +43,8 @@ jobs:
           docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
           docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
 
-      # TODO: REMOVE FIRST COMMAND WHEN EPHEMERAL DEV IS COMPLETELY REPLACED BY SHARED DEV.
       - name: Stop existing dev-rollup-full-node ECS task to auto-start task with new image
         run: |
-          ./.github/scripts/stop-ecs-task.sh dev-rollup-full-node rollup-full-node
           ./.github/scripts/stop-ecs-task.sh dev-full-node full-node
 
 

.github/workflows/synthetix-uat-ecr-deploy.yml

@@ -0,0 +1,46 @@
+name: Build & Tag Container, Push to ECR, Deploy to UAT
+
+on:
+  push:
+    branches:
+      - synthetix-uat
+
+jobs:
+  build:
+    name: Build, Tag & push to ECR, Deploy to UAT
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup node
+        uses: actions/setup-node@v1
+
+      - name: Install Dependencies
+        run: yarn install
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_CI_USER_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_CI_USER_SECRET_ACCESS_KEY }}
+          aws-region: us-east-2
+
+      - name: Build, tag, and push Geth to ECR
+        env:
+          AWS_ACCOUNT_NUMBER: ${{ secrets.AWS_CI_AWS_ACCOUNT_ID }}
+        run: ./docker/publish-geth-container.sh synthetix-uat
+
+      - name: Build, tag, and push Full Node to ECR
+        env:
+          AWS_ACCOUNT_NUMBER: ${{ secrets.AWS_CI_AWS_ACCOUNT_ID }}
+        run: ./docker/publish-rollup-fullnode-container.sh synthetix-uat
+
+      - name: Stop existing ECS tasks to auto-start task with new image
+        run: |
+          ./.github/scripts/stop-ecs-task.sh synthetix-uat-web synthetix-uat-web
+          ./.github/scripts/stop-ecs-task.sh synthetix-uat-geth synthetix-uat-geth
+
+
+      - name: Logout of Amazon ECR
+        if: always()
+        run: docker logout ${{ steps.login-ecr.outputs.registry }}

.gitignore

@@ -27,6 +27,9 @@ npm-debug.log
 
 *.bytecode
 
+# security
+*.pem
+
 # docs
 /packages/docs/src/core/_build/
 /packages/docs/src/core/pyvenv.cfg

aws/synthetix/dev/full-node/docker-compose.yml

@@ -0,0 +1,63 @@
+version: "3"
+services:
+  rollup-full-node:
+    image: <aws_account_id>.dkr.ecr.us-east-2.amazonaws.com/optimism/rollup-full-node:latest
+    depends_on: [ "geth_l2" ]
+    volumes:
+      - full-node-data:/mnt/full-node:rw
+      - l1-node-data:/mnt/l1-node:rw
+      - l2-node-data:/mnt/l2-node:rw
+    ports:
+      - 8545:8545
+    environment:
+      - OPCODE_WHITELIST_MASK
+      - L1_SEQUENCER_MNEMONIC
+      - L2_TO_L1_MESSAGE_RECEIVER_ADDRESS
+      - L2_TO_L1_MESSAGE_FINALITY_DELAY_IN_BLOCKS
+      - L2_RPC_SERVER_HOST
+      - L2_RPC_SERVER_PORT
+      - L2_WALLET_MNEMONIC
+      - L2_WALLET_PRIVATE_KEY_PATH=/mnt/l2-node/private_key.txt
+      - LOCAL_L1_NODE_PORT
+      - LOCAL_L1_NODE_PERSISTENT_DB_PATH=/mnt/l1-node
+      - L2_NODE_WEB3_URL=http://0.0.0.0:9545/
+
+    logging:
+      driver: awslogs
+      options:
+        awslogs-group: rollup-full-node
+        awslogs-region: us-east-2
+        awslogs-stream-prefix: l2-rpc-server
+
+  geth_l2:
+    image: <aws_account_id>.dkr.ecr.us-east-2.amazonaws.com/optimism/geth:latest
+    volumes:
+      - l2-node-data:/mnt/l2-node/l2:rw
+    environment:
+      - VOLUME_PATH=/mnt/l2-node/l2
+      - HOSTNAME=0.0.0.0
+      - PORT=9545
+      - NETWORK_ID=108
+      - KEYSTORE_PATH_SUFFIX=/keystore
+      - SEALER_PRIVATE_KEY_PATH_SUFFIX=/sealer_private_key.txt
+      - PRIVATE_KEY_PATH_SUFFIX=/private_key.txt
+      - ADDRESS_PATH_SUFFIX=/address.txt
+      - SEALER_ADDRESS_PATH_SUFFIX=/sealer_address.txt
+      - INITIAL_BALANCE=0x200000000000000000000000000000000000000000000000000000000000000
+      - GENISIS_PATH=etc/rollup-fullnode.json
+      - SETUP_RUN_PATH_SUFFIX=/setup_run.txt
+    ports:
+      - 9545:9545
+
+    logging:
+      driver: awslogs
+      options:
+        awslogs-group: rollup-full-node
+        awslogs-region: us-east-2
+        awslogs-stream-prefix: l2-node
+
+volumes:
+  full-node-data:
+  l1-node-data:
+  l2-node-data:
+

aws/synthetix/dev/full-node/ecs-params.yml

@@ -0,0 +1,25 @@
+version: 1
+task_definition:
+  services:
+    full-node:
+      cpu_shares: 25
+      mem_limit: 524288000
+    geth_l2:
+      cpu_shares: 75
+      mem_limit: 1523288000
+  # This is all local for now -- eventually will change
+  ecs_network_mode: host
+  docker_volumes:
+      - name: l1-node-data
+        scope: shared
+        autoprovision: true
+        driver: 'local'
+      - name: l2-node-data
+        scope: shared
+        autoprovision: true       
+        driver: 'local'
+      - name: full-node-data
+        scope: shared
+        autoprovision: true       
+        driver: 'local'
+

aws/synthetix/uat/geth/README.md

@@ -0,0 +1,33 @@
+# Deploying L2 Geth node to Synthetix UAT
+
+## Prerequisites
+See prerequisites from parent AWS directory.
+
+## Steps
+
+### 1) Configure the Amazon ECS CLI
+1. Create a cluster configuration:
+    ```
+    ecs-cli configure --cluster synthetix-uat-geth --default-launch-type EC2 --config-name synthetix-uat-geth-config --region us-east-2
+    ```
+
+2. Create a profile to use to create the environment
+    ```
+    ecs-cli configure profile --access-key <your access key here> --secret-key <your secret here> --profile-name synthetix-uat-geth-profile
+    ```
+
+### 2) Create the Cluster
+    ```
+    ecs-cli up --keypair synthetix-uat --capability-iam --size 1 --instance-type c5.4xlarge --cluster-config synthetix-uat-geth-config --ecs-profile synthetix-uat-geth-profile --port 9545 --security-group <security group ID> --vpc <vpc ID> --subnets <comma-separated subnet IDs>
+    ```
+
+This may take a few minutes to finish. The result will be a fully provisioned EC2 instance on which your service/task will be deployed.
+
+### 3) Choose the appropriate `docker-compose.yml` and `ecs-params.yml`
+For the rest of the commands, you'll need to be in this directory to use the `docker-compose.yml` and an `ecs-params.yml`.
+Make any necessary changes now.
+
+### 4) Deploy Service & Task to Cluster & register service discovery. 
+    ```
+    ecs-cli compose --project-name synthetix-uat-geth service up --private-dns-namespace synthetix-uat --vpc <vpc ID> --enable-service-discovery --cluster-config synthetix-uat-geth-config --ecs-profile synthetix-uat-geth-profile --create-log-groups
+    ```

aws/synthetix/uat/geth/docker-compose.yml

@@ -0,0 +1,33 @@
+version: "3"
+services:
+  geth_l2:
+    image: <aws_account_id>.dkr.ecr.us-east-2.amazonaws.com/optimism/geth:synthetix-uat
+    volumes:
+      - l2-node-data:/mnt/l2-node/l2:rw
+    environment:
+      - CLEAR_DATA_KEY=aaa
+      - VOLUME_PATH=/mnt/l2-node/l2
+      - HOSTNAME=0.0.0.0
+      - PORT=9545
+      - NETWORK_ID=108
+      - PRIVATE_KEY=0x29f3edee0ad3abf8e2699402e0e28cd6492c9be7eaab00d732a791c33552f797
+      - SEALER_PRIVATE_KEY_PATH_SUFFIX=/sealer_private_key.txt
+      - PRIVATE_KEY_PATH_SUFFIX=/private_key.txt
+      - ADDRESS_PATH_SUFFIX=/address.txt
+      - SEALER_ADDRESS_PATH_SUFFIX=/sealer_address.txt
+      - INITIAL_BALANCE=0x200000000000000000000000000000000000000000000000000000000000000
+      - GENESIS_PATH=etc/rollup-fullnode.json
+      - SETUP_RUN_PATH_SUFFIX=/setup_run.txt
+    ports:
+      - 9545:9545
+
+    logging:
+      driver: awslogs
+      options:
+        awslogs-group: sythetix-uat-geth
+        awslogs-region: us-east-2
+        awslogs-stream-prefix: geth
+
+volumes:
+  l2-node-data:
+

aws/synthetix/uat/geth/ecs-params.yml

@@ -0,0 +1,34 @@
+version: 1
+task_definition:
+  services:
+    geth_l2:
+      essential: true
+#      healthcheck:
+#        test: ["CMD-SHELL", "curl -f -H \"Content-Type: application/json\" -d '{\"jsonrpc\": \"2.0\", \"id\": 9999999, \"method\": \"net_version\"}' http://localhost:9545/ || exit 1"]
+#        interval: 10s
+#        timeout: 5s
+#        retries: 3
+#        start_period: 10s
+      mem_limit: 32889600000
+
+
+  ecs_network_mode: awsvpc
+  docker_volumes:
+      - name: l2-node-data
+        scope: shared
+        autoprovision: true
+        driver: 'local'
+
+run_params:
+  network_configuration:
+    awsvpc_configuration:
+      subnets:
+        - <subnet(s) here>
+      security_groups:
+        - <security group(s) here>
+  service_discovery_service:
+    name: 'geth'
+    description: 'Synthetix UAT Geth Service Discovery'
+    dns_config:
+      type: 'A'
+      ttl: 60

aws/synthetix/uat/web/README.md

@@ -0,0 +1,33 @@
+# Deploying Web RPC Server to Synthetix UAT
+
+## Prerequisites
+See prerequisites from parent AWS directory.
+
+## Steps
+
+### 1) Configure the Amazon ECS CLI
+1. Create a cluster configuration:
+    ```
+    ecs-cli configure --cluster synthetix-uat-web --default-launch-type EC2 --config-name synthetix-uat-web-config --region us-east-2
+    ```
+
+2. Create a profile to use to create the environment
+    ```
+    ecs-cli configure profile --access-key <your access key here> --secret-key <your secret here> --profile-name synthetix-uat-web-profile
+    ```
+
+### 2) Create the Cluster
+    ```
+    ecs-cli up --keypair synthetix-uat --capability-iam --size 1 --instance-type c5.xlarge --cluster-config synthetix-uat-web-config --ecs-profile synthetix-uat-web-profile --port 8545 --security-group <security group ID> --vpc <vpc ID> --subnets <comma-separated subnet IDs>
+    ```
+
+This may take a few minutes to finish. The result will be a fully provisioned EC2 instance on which your service/task will be deployed.
+
+### 3) Choose the appropriate `docker-compose.yml` and `ecs-params.yml`
+For the rest of the commands, you'll need to be in this directory to use the `docker-compose.yml` and an `ecs-params.yml`.
+Make any necessary changes now.
+
+### 4) Deploy Service & Task to Cluster 
+    ```
+    ecs-cli compose --project-name synthetix-uat-web service up --vpc <vpc ID> --cluster-config synthetix-uat-web-config --ecs-profile synthetix-uat-web-profile --create-log-groups
+    ```

aws/synthetix/uat/web/docker-compose.yml

@@ -0,0 +1,29 @@
+version: "3"
+services:
+  rollup-full-node:
+    image: <aws_account_id>.dkr.ecr.us-east-2.amazonaws.com/optimism/rollup-full-node:synthetix-uat
+    volumes:
+      - full-node-data:/mnt/full-node:rw
+      - l1-node-data:/mnt/l1-node:rw
+    ports:
+      - 8545:8545
+    environment:
+      - CLEAR_DATA_KEY=4
+      - STARTUP_WAIT_TIMEOUT=10
+      - LOCAL_L1_NODE_PERSISTENT_DB_PATH=/mnt/l1-node
+      - L2_RPC_SERVER_PERSISTENT_DB_PATH=/mnt/full-node/level
+      - L2_WALLET_PRIVATE_KEY=0x29f3edee0ad3abf8e2699402e0e28cd6492c9be7eaab00d732a791c33552f797
+      - L2_NODE_WEB3_URL=http://synthetix-uat-geth.synthetix-uat:9545
+
+    logging:
+      driver: awslogs
+      options:
+        awslogs-group: synthetix-uat-web
+        awslogs-region: us-east-2
+        awslogs-stream-prefix: web
+
+volumes:
+  full-node-data:
+  l1-node-data:
+  l2-node-data:
+

aws/synthetix/uat/web/ecs-params.yml

@@ -0,0 +1,24 @@
+version: 1
+task_definition:
+  services:
+    rollup-full-node:
+      essential: true
+      healthcheck:
+        test: ["CMD-SHELL", "curl -f -H \"Content-Type: application/json\" -d '{\"jsonrpc\": \"2.0\", \"id\": 9999999, \"method\": \"eth_blockNumber\"}' http://localhost:8545/ || exit 1"]
+        interval: 10s
+        timeout: 5s
+        retries: 3
+        start_period: 5s
+      mem_limit: 7680000000
+
+
+  ecs_network_mode: host
+  docker_volumes:
+      - name: l1-node-data
+        scope: task
+        driver: 'local'
+      - name: full-node-data
+        scope: shared
+        autoprovision: true
+        driver: 'local'
+

docker/geth/entrypoint.sh

@@ -86,4 +86,4 @@ fi
 
 echo "Starting Geth..."
 ## Command to kick off geth
-geth --datadir $VOLUME_PATH --syncmode 'full' --rpc --rpcaddr $HOSTNAME  --rpcvhosts=$HOSTNAME --rpcapi 'eth,net' --rpcport $PORT --networkid $NETWORK_ID --nodiscover --nousb --allow-insecure-unlock -unlock `cat $SEALER_ADDRESS_PATH` --password /dev/null --gasprice '1' --mine
+geth --datadir $VOLUME_PATH --syncmode 'full' --rpc --rpcaddr $HOSTNAME  --rpcvhosts=* --rpcapi 'eth,net' --rpcport $PORT --networkid $NETWORK_ID --nodiscover --nousb --allow-insecure-unlock -unlock `cat $SEALER_ADDRESS_PATH` --password /dev/null --gasprice '1' --mine

docker/publish-geth-container.sh

@@ -21,10 +21,10 @@ echo "\nAuthenticating within ECR...\n"
 aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin "$AWS_ACCOUNT_NUMBER.dkr.ecr.us-east-2.amazonaws.com/optimism/geth"
 
 echo "\nBuilding Geth container...\n"
-docker build -t optimism/geth "$BASE_DIR/geth/."
+docker build -t "optimism/geth:$TAG" "$BASE_DIR/geth/."
 
 echo "\nTagging Geth container as $TAG...\n"
-docker tag optimism/geth:latest "$AWS_ACCOUNT_NUMBER.dkr.ecr.us-east-2.amazonaws.com/optimism/geth:$TAG"
+docker tag "optimism/geth:$TAG" "$AWS_ACCOUNT_NUMBER.dkr.ecr.us-east-2.amazonaws.com/optimism/geth:$TAG"
 
 echo "\nPushing Geth container to ECR...\n"
 docker push "$AWS_ACCOUNT_NUMBER.dkr.ecr.us-east-2.amazonaws.com/optimism/geth:$TAG"

docker/publish-rollup-fullnode-container.sh

@@ -26,10 +26,10 @@ echo "\nAuthenticating within ECR...\n"
 aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin "$AWS_ACCOUNT_NUMBER.dkr.ecr.us-east-2.amazonaws.com/optimism/rollup-full-node"
 
 echo "\nBuilding fullnode container...\n"
-docker build -t optimism/rollup-full-node "$ROOT_DIR"
+docker build -t "optimism/rollup-full-node:$TAG" "$ROOT_DIR"
 
 echo "\nTagging fullnode container as $TAG in ECR...\n"
-docker tag optimism/rollup-full-node:latest "$AWS_ACCOUNT_NUMBER.dkr.ecr.us-east-2.amazonaws.com/optimism/rollup-full-node:$TAG"
+docker tag "optimism/rollup-full-node:$TAG" "$AWS_ACCOUNT_NUMBER.dkr.ecr.us-east-2.amazonaws.com/optimism/rollup-full-node:$TAG"
 
 echo "\nPushing fullnode container to ECR...\n"
 docker push "$AWS_ACCOUNT_NUMBER.dkr.ecr.us-east-2.amazonaws.com/optimism/rollup-full-node:$TAG"