From 18300c7d65be37f17085cbc86dc38a411d4a7c56 Mon Sep 17 00:00:00 2001 From: decfox Date: Wed, 15 May 2024 14:05:18 +0530 Subject: [PATCH 1/6] feat: oonifindings container deployment --- tf/environments/dev/main.tf | 49 +++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index 75ec2c6c..524f9fca 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -406,6 +406,55 @@ module "ooniapi_oonirun" { ) } + +#### OONI Run service + +module "ooniapi_oonifindings_deployer" { + source = "../../modules/ooniapi_service_deployer" + + service_name = "oonifindings" + repo = "ooni/backend" + branch_name = "master" + buildspec_path = "ooniapi/services/oonifindings/buildspec.yml" + codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn + + codepipeline_bucket = aws_s3_bucket.ooniapi_codepipeline_bucket.bucket + + ecs_service_name = module.ooniapi_oonifindings.ecs_service_name + ecs_cluster_name = module.ooniapi_cluster.cluster_name +} + +module "ooniapi_oonifindings" { + source = "../../modules/ooniapi_service" + + vpc_id = module.network.vpc_id + public_subnet_ids = module.network.vpc_subnet_public[*].id + private_subnet_ids = module.network.vpc_subnet_private[*].id + + service_name = "oonifindings" + default_docker_image_url = "ooni/api-oonifindings:latest" + stage = local.environment + dns_zone_ooni_io = local.dns_zone_ooni_io + key_name = module.adm_iam_roles.oonidevops_key_name + ecs_cluster_id = module.ooniapi_cluster.cluster_id + + task_secrets = { + CLICKHOUSE_URL = aws_secretsmanager_secret_version.ooniclickhouse_url.arn + JWT_ENCRYPTION_KEY = aws_secretsmanager_secret_version.jwt_secret.arn + PROMETHEUS_METRICS_PASSWORD = aws_secretsmanager_secret_version.prometheus_metrics_password.arn + } + + ooniapi_service_security_groups = [ + module.ooniapi_cluster.web_security_group_id + ] + + tags = merge( + local.tags, + { Name = "ooni-tier0-oonifindings" } + ) +} + + #### OONI Auth service module "ooniapi_ooniauth_deployer" { From 009595433b8f180715cc8d6555f522487db6866e Mon Sep 17 00:00:00 2001 From: Decfox Date: Fri, 19 Jul 2024 16:24:56 +0530 Subject: [PATCH 2/6] feat: move to oonipg postgres instance --- tf/environments/dev/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index 524f9fca..2deaed96 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -439,7 +439,7 @@ module "ooniapi_oonifindings" { ecs_cluster_id = module.ooniapi_cluster.cluster_id task_secrets = { - CLICKHOUSE_URL = aws_secretsmanager_secret_version.ooniclickhouse_url.arn + POSTGRESQL_URL = aws_secretsmanager_secret_version.oonipg_url.arn JWT_ENCRYPTION_KEY = aws_secretsmanager_secret_version.jwt_secret.arn PROMETHEUS_METRICS_PASSWORD = aws_secretsmanager_secret_version.prometheus_metrics_password.arn } From 84f6c6574cc88382aab9a4380699301881775b5f Mon Sep 17 00:00:00 2001 From: Decfox Date: Sat, 20 Jul 2024 02:44:38 +0530 Subject: [PATCH 3/6] fix: oonifindings comment and frontend proxy --- tf/environments/dev/main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index 2deaed96..8061121e 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -407,7 +407,7 @@ module "ooniapi_oonirun" { } -#### OONI Run service +#### OONI Findings service module "ooniapi_oonifindings_deployer" { source = "../../modules/ooniapi_service_deployer" @@ -533,6 +533,7 @@ module "ooniapi_frontend" { ooniapi_oonirun_target_group_arn = module.ooniapi_oonirun.alb_target_group_id ooniapi_ooniauth_target_group_arn = module.ooniapi_ooniauth.alb_target_group_id ooniapi_ooniprobe_target_group_arn = module.ooniapi_ooniprobe.alb_target_group_id + ooniapi_oonifindings_target_group_arn = module.ooniapi_oonifindings_alb_target_group ooniapi_service_security_groups = [ module.ooniapi_cluster.web_security_group_id From affaf04433d65cbc75374b693135e11e8c06c91b Mon Sep 17 00:00:00 2001 From: Decfox Date: Sat, 20 Jul 2024 03:05:58 +0530 Subject: [PATCH 4/6] feat: add oonifndings target to frontend proxy --- tf/environments/dev/main.tf | 2 +- tf/modules/ooniapi_frontend/main.tf | 13 +++++++++++++ tf/modules/ooniapi_frontend/variables.tf | 4 ++++ 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index 8061121e..7c2eba27 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -533,7 +533,7 @@ module "ooniapi_frontend" { ooniapi_oonirun_target_group_arn = module.ooniapi_oonirun.alb_target_group_id ooniapi_ooniauth_target_group_arn = module.ooniapi_ooniauth.alb_target_group_id ooniapi_ooniprobe_target_group_arn = module.ooniapi_ooniprobe.alb_target_group_id - ooniapi_oonifindings_target_group_arn = module.ooniapi_oonifindings_alb_target_group + ooniapi_oonifindings_target_group_arn = module.ooniapi_oonifindings.alb_target_group_id ooniapi_service_security_groups = [ module.ooniapi_cluster.web_security_group_id diff --git a/tf/modules/ooniapi_frontend/main.tf b/tf/modules/ooniapi_frontend/main.tf index 43fd6525..f43d696a 100644 --- a/tf/modules/ooniapi_frontend/main.tf +++ b/tf/modules/ooniapi_frontend/main.tf @@ -99,8 +99,21 @@ resource "aws_lb_listener_rule" "ooniapi_ooniprobe_rule" { } } +resource "aws_lb_listener_rule" "ooniapi_oonifindings_rule" { + listener_arn = aws_alb_listener.ooniapi_listener_https.arn + priority = 100 + action { + type = "forward" + target_group_arn = var.ooniapi_oonifindings_target_group_arn + } + condition { + path_pattern { + values = ["/api/v1/incidents/*"] + } + } +} ## DNS diff --git a/tf/modules/ooniapi_frontend/variables.tf b/tf/modules/ooniapi_frontend/variables.tf index 9af1c74f..e29568e2 100644 --- a/tf/modules/ooniapi_frontend/variables.tf +++ b/tf/modules/ooniapi_frontend/variables.tf @@ -25,6 +25,10 @@ variable "ooniapi_ooniauth_target_group_arn" { variable "ooniapi_ooniprobe_target_group_arn" { description = "arn for the target group of the ooniprobe service" } +variable "ooniapi_oonifindings_target_group_arn" { + description = "arn for the target group of the oonifindings service" +} + variable "dns_zone_ooni_io" { description = "id of the DNS zone for ooni_io" } From b0f0aad35dbb1e7be4a6f74f79508340224df358 Mon Sep 17 00:00:00 2001 From: decfox Date: Sat, 10 Aug 2024 18:14:43 +0530 Subject: [PATCH 5/6] fix: lb listener priority for oonifindings --- tf/modules/ooniapi_frontend/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf/modules/ooniapi_frontend/main.tf b/tf/modules/ooniapi_frontend/main.tf index f43d696a..465e3ca7 100644 --- a/tf/modules/ooniapi_frontend/main.tf +++ b/tf/modules/ooniapi_frontend/main.tf @@ -101,7 +101,7 @@ resource "aws_lb_listener_rule" "ooniapi_ooniprobe_rule" { resource "aws_lb_listener_rule" "ooniapi_oonifindings_rule" { listener_arn = aws_alb_listener.ooniapi_listener_https.arn - priority = 100 + priority = 103 action { type = "forward" From 960deaf8e4825bf562975e8a232febec926fea80 Mon Sep 17 00:00:00 2001 From: decfox Date: Sat, 10 Aug 2024 18:16:13 +0530 Subject: [PATCH 6/6] refactor: increase ec2 instance capacity --- tf/environments/dev/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index 3b825af2..6c809f9d 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -275,9 +275,9 @@ module "ooniapi_cluster" { vpc_id = module.network.vpc_id subnet_ids = module.network.vpc_subnet_private[*].id - asg_min = 2 + asg_min = 3 asg_max = 6 - asg_desired = 2 + asg_desired = 3 instance_type = "t3.small"