-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaws-validator.yaml
271 lines (242 loc) · 8.69 KB
/
aws-validator.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
AWSTemplateFormatVersion: '2010-09-09'
Description: CloudFormation template for creating an EC2 instance for validator node with S3 access and Elastic IP.
Parameters:
UbuntuAmiId:
Type: String
Description: The AMI ID for the Ubuntu instance
ValidatorPassword01:
Type: String
Description: Password parameter for validator node01 script
ValidatorPassword02:
Type: String
Description: Password parameter for validator node02 script
Domain01:
Type: String
Description: Domain parameter for validator 01
Bootnodes:
Type: String
Description: Bootnodes parameter for validator 02
AvailabilityZone:
Type: String
Description: The Availability Zone where resources will be created.
Resources:
InstanceReachabilityAlarm:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmDescription: "Recover instance upon system status check failure"
Namespace: AWS/EC2
MetricName: StatusCheckFailed_System
Dimensions:
- Name: InstanceId
Value: !Ref ValidatorEC2Instance
Statistic: Maximum
Period: 60
EvaluationPeriods: 2
Threshold: 1
ComparisonOperator: GreaterThanOrEqualToThreshold
AlarmActions:
- !Sub "arn:aws:automate:${AWS::Region}:ec2:recover"
MyTopic:
Type: AWS::SNS::Topic
Properties:
Subscription:
- Endpoint: [email protected]
Protocol: email
HighCPUAlarm:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmDescription: "Alarm when CPU exceeds 70%"
MetricName: CPUUtilization
Namespace: AWS/EC2
Statistic: Average
Period: 300
EvaluationPeriods: 1
Threshold: 70
ComparisonOperator: GreaterThanThreshold
AlarmActions:
- Ref: MyTopic
Dimensions:
- Name: InstanceId
Value: !Ref ValidatorEC2Instance
ValidatorInternetGateway:
Type: AWS::EC2::InternetGateway
ValidatorVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
ValidatorRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref ValidatorVPC
ValidatorVPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref ValidatorVPC
InternetGatewayId: !Ref ValidatorInternetGateway
ValidatorRoute:
Type: AWS::EC2::Route
DependsOn: ValidatorVPCGatewayAttachment
Properties:
RouteTableId: !Ref ValidatorRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref ValidatorInternetGateway
ValidatorSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref ValidatorSubnet
RouteTableId: !Ref ValidatorRouteTable
ValidatorSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref ValidatorVPC
CidrBlock: 10.0.0.0/24
AvailabilityZone:
Ref: AvailabilityZone
ValidatorSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupName: validator-node
GroupDescription: Security Group for Validator Node
VpcId: !Ref ValidatorVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '30334'
ToPort: '30334'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '30335'
ToPort: '30335'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '443'
ToPort: '443'
CidrIp: 0.0.0.0/0
FulaVolume:
Type: AWS::EC2::Volume
Properties:
Size: 2500
AvailabilityZone: !GetAtt ValidatorEC2Instance.AvailabilityZone
VolumeType: gp2
Encrypted: false # Change based on your requirement
FulaVolumeAttachment:
Type: AWS::EC2::VolumeAttachment
Properties:
InstanceId: !Ref ValidatorEC2Instance
VolumeId: !Ref FulaVolume
Device: /dev/sdh
ValidatorInstanceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: ec2.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ValidatorInstancePolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- s3:GetObject
- s3:PutObject
Resource: 'arn:aws:s3:::fula-validator/*'
ValidatorInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Roles:
- !Ref ValidatorInstanceRole
ValidatorEC2Instance:
Type: 'AWS::EC2::Instance'
Properties:
InstanceType: m5.12xlarge
IamInstanceProfile: !Ref ValidatorInstanceProfile
ImageId: !Ref UbuntuAmiId
KeyName: functionland
AvailabilityZone:
Ref: AvailabilityZone
Tags:
- Key: Name
Value: validator-node
- Key: Group
Value: validators
NetworkInterfaces:
- DeviceIndex: '0'
AssociatePublicIpAddress: true
SubnetId: !Ref ValidatorSubnet
GroupSet:
- !Ref ValidatorSecurityGroup
BlockDeviceMappings:
- DeviceName: /dev/sda1
Ebs:
VolumeSize: 30
VolumeType: gp2
DeleteOnTermination: true
UserData:
Fn::Base64: !Sub |
#!/bin/bash
exec > /var/log/user-data-installation.log 2>&1
# Wait for the attached volume to become available
while ! sudo lsblk | grep -q nvme1n1; do
sleep 1
done
echo "EBS volume is attached"
# Create a filesystem on the volume (if it's new)
sudo mkfs -t ext4 /dev/nvme1n1
# Create the mount point directory
sudo mkdir -p /uniondrive
# Mount the volume
sudo mount /dev/nvme1n1 /uniondrive
sudo chown ubuntu:ubuntu /uniondrive
sudo chmod 777 -R /uniondrive
# Add an entry to /etc/fstab to auto-mount the volume on reboot
echo "/dev/nvme1n1 /uniondrive ext4 defaults,nofail 0 2" | sudo tee -a /etc/fstab
# Update and install NTP
sudo apt-get update
sudo apt-get install -y ntp awscli
# Once NTP is installed, query the NTP servers
sudo ntpq -p
# Download keys info files from S3
aws s3 cp s3://fula-validator/keys01.info /home/ubuntu/keys01.info
aws s3 cp s3://fula-validator/keys02.info /home/ubuntu/keys02.info
# Ensure correct ownership and permissions
chown ubuntu:ubuntu /home/ubuntu/keys01.info
chown ubuntu:ubuntu /home/ubuntu/keys02.info
chmod 600 /home/ubuntu/keys01.info
chmod 600 /home/ubuntu/keys02.info
# Script to check docker logs and send email
cat << 'EOF' > /home/ubuntu/check_docker_logs.sh
#!/bin/bash
logs=$(sudo docker logs MyNode01 --tail 5)
best=$(echo "$logs" | grep -oP '(?<=best: #)\d+')
finalized=$(echo "$logs" | grep -oP '(?<=finalized #)\d+')
if (( best - finalized > 20 )); then
aws sns publish --topic-arn "${MyTopic}" --message "Best is greater than finalized by more than 20. Best: $best, Finalized: $finalized"
fi
EOF
chmod +x /home/ubuntu/check_docker_logs.sh
# Setup cron job to run the script every hour
(crontab -l 2>/dev/null; echo "0 * * * * /home/ubuntu/check_docker_logs.sh") | crontab -
# Clone the repository
git clone https://github.com/functionland/automatic-poolnode-creation-script /home/ubuntu/automatic-poolnode-creation-script
# Run the script for validator 01
sudo -u ubuntu bash /home/ubuntu/automatic-poolnode-creation-script/validator_node.sh --user=ubuntu --password='${ValidatorPassword01}' --validator=01 --domain=${Domain01}
PID=$!
wait $PID
echo "Validator node01 is completed. Waiting for 30 sec before installing second validator"
sleep 30
# Run the script for validator 02
sudo -u ubuntu bash /home/ubuntu/automatic-poolnode-creation-script/validator_node.sh --user=ubuntu --password='${ValidatorPassword02}' --validator=02 --bootnodes=${Bootnodes}