WIP

.env.example

@@ -6,18 +6,22 @@ AWS_DEFAULT_REGION='ap-southeast-2'
 AWS_ACCESS_KEY_ID=
 AWS_SECRET_ACCESS_KEY=
 
-
+# Container name
+PK_AWS_ECS_CONTAINER='polykey'
 # Container registry domain
 PK_AWS_ECS_REGISTRY='015248367786.dkr.ecr.ap-southeast-2.amazonaws.com'
 # Container repository
-PK_AWS_ECS_REPOSITORY="$PK_AWS_ECS_REGISTRY/polykey"
-# ECS configuration
+PK_AWS_ECS_REPOSITORY="$PK_AWS_ECS_REGISTRY/$PK_AWS_ECS_CONTAINER"
+# ECS cluster name
 PK_AWS_ECS_CLUSTER='polykey-testnet'
+# ECS service name
 PK_AWS_ECS_SERVICE='polykey-testnet'
+# ECS task definition name
 PK_AWS_ECS_TASK_DEFINITION='polykey-testnet'
 
-# CI_AWS_ECS_WAIT_FOR_ROLLOUT_COMPLETE_DISABLED
-# wait for a rollout
+# Default ports
+PK_PROXY_PORT=1314
+PK_CLIENT_PORT=1315
 
 # Accessing ECR for testnet.polykey.io and mainnet.polykey.io
 # Path to container registry authentication file used by `skopeo`

scripts/deploy-service.sh

@@ -2,29 +2,313 @@
 
 # Deploy container service to ECS cluster
 
-# testnet and mainnet
-# uses aws to do this
+if [ -z "$PK_AWS_ECS_CONTAINER" ]; then
+  printf '%s\n' 'Missing $PK_AWS_ECS_CONTAINER environment variable' >&2
+  exit 1
+fi
 
-# use this to register a new task definition
-aws ecs register-task-definition
+if [ -z "$PK_AWS_ECS_CLUSTER" ]; then
+  printf '%s\n' 'Missing $PK_AWS_ECS_CLUSTER environment variable' >&2
+  exit 1
+fi
 
-# we assume the cluster is already created
-# if the cluster isn't created, then it should be done from scratch too
+if [ -z "$PK_AWS_ECS_REPOSITORY" ]; then
+  printf '%s\n' 'Missing $PK_AWS_ECS_REPOSITORY environment variable' >&2
+  exit 1
+fi
 
-# this  shows the latest task definitions
-aws ecs list-task-definitions \
-  --no-paginate \
-  --family-prefix polykey \
-  --sort DESC \
-  --output json
+if [ -z "$PK_AWS_ECS_TASK_DEFINITION" ]; then
+  printf '%s\n' 'Missing $PK_AWS_ECS_TASK_DEFINITION environment variable' >&2
+  exit 1
+fi
 
-# this gives us the ARN
-# we need to register a task definition if we are not using
-# taskDefinitionArns <- this is what we are looking at
+# Create service, note that this is not stderr, this is the output of the command
 
+# echo "Creating Cluster $PK_AWS_ECS_CLUSTER"
 
-# aws ecs update-service \
-#   --cluster tf_machine-learning-cpu-batch \
-#   --service tf_prism-orchestrator \
-#   --desired-count 1 \
-#   --force-new-deployment
+# aws ecs create-cluster \
+#   --cluster-name "$PK_AWS_ECS_CLUSTER" \
+#   --capacity-providers 'FARGATE' \
+#   --default-capacity-provider-strategy 'capacityProvider=FARGATE' \
+#   --output json
+
+# Registering Task Definition
+
+# aws ecs describe-task-definition --task-definition polykey --output json
+# we want the task definition to be defined here
+# and then you specify it
+# is there a way to specify it
+# `awsvpc` mode means it is given an IP, is it given an EIP? not sure, it needs to be registered, as for NLB, that's a separate issue
+
+# get the role ecsTaskExecutionRole
+
+# maybe that is sufficient to work
+
+# # This gets the role ARN
+# # but it rquires `iam:GetRole` permission, we can use this for the execution-role-arn
+# # if needed, if the name doesn't suffice
+# # plus it needs to exist ahead of time
+# aws --profile=matrix iam get-role --role-name 'ecsTaskExecutionRole' | jq -r '.Role.Arn'
+# # "executionRoleArn": "arn:aws:iam::015248367786:role/ecsTaskExecutionRole",
+
+# we don't just want to do that yet
+# that leave secrest lying around
+
+
+task_definition_path=$(mktemp ${TMPDIR:-/tmp}/polykey-task-definition.XXXXXX)
+
+trap 'rm -f "$task_definition_path"' EXIT
+
+cat > "$task_definition_path" << EOF
+family: "$PK_AWS_ECS_TASK_DEFINITION"
+executionRoleArn: "ecsTaskExecutionRole"
+networkMode: awsvpc
+cpu: "256"
+memory: "512"
+requiresCompatibilities:
+  - FARGATE
+runtimePlatform:
+  cpuArchitecture: "X86_64"
+  operatingSystemFamily: "LINUX"
+ephemeralStorage:
+  sizeInGiB: 21
+containerDefinitions:
+  - name: "$PK_AWS_ECS_CONTAINER"
+    image: "$PK_AWS_ECS_REPOSITORY:latest"
+    essential: true
+    command: [ "/bin/polykey", "agent", "start", "--verbose", "--format=json" ]
+    portMappings:
+      - containerPort: 1314
+        hostPort: 1314
+        protocol: udp
+      - containerPort: 1315
+        hostPort: 1315
+        protocol: tcp
+    environment:
+      - name: "PK_NETWORK"
+        value: testnet
+      - name: "PK_SEED_NODES"
+        value: ""
+      - name: "PK_INGRESS_HOST"
+        value: "0.0.0.0"
+      - name: "PK_INGRESS_PORT"
+        value: "1314"
+      - name: "PK_CLIENT_HOST"
+        value: "0.0.0.0"
+      - name: "PK_CLIENT_PORT"
+        value: "1315"
+      - name: "PK_NODE_PATH"
+        value: /srv
+      - name: "PK_PASSWORD"
+        value: abc123
+    logConfiguration:
+      logDriver: awslogs
+      options:
+        awslogs-group: /ecs/$PK_AWS_ECS_TASK_DEFINITION
+        awslogs-region: $AWS_DEFAULT_REGION
+        awslogs-stream-prefix: ecs
+EOF
+
+# This is not idempotent, this keeps creating new task definitions
+# which is kind of dumb, it should only do this if nothing has changed
+# but yea here we go
+
+aws ecs register-task-definition --output json --no-cli-pager --cli-input-yaml "file://$task_definition_path"
+
+# rm "$task_definition_path"
+
+# # we need to see if this is used properly
+
+# # default entrypoint is /bin/sh
+# # you're going to be using `docker run image /bin/polykey`
+# # so it's not an entrypoint per say
+# # cause we don't have one
+# # so it's better to use the full command /bin/polykey
+
+# # aws ecs register-task-definition
+# #   --family "$PK_AWS_ECS_TASK_DEFINITION" \
+# #   --execution-role-arn "ecsTaskExecutionRole" \
+# #   --network-mode 'awsvpc' \
+# #   --container-
+
+
+# # {
+# #     "taskDefinition": {
+# #         "taskDefinitionArn": "arn:aws:ecs:ap-southeast-2:015248367786:task-definition/polykey:7",
+# #         "containerDefinitions": [
+# #             {
+# #                 "name": "polykey",
+# #                 "image": "015248367786.dkr.ecr.ap-southeast-2.amazonaws.com/polykey:latest",
+# #                 "cpu": 0,
+# #                 "portMappings": [
+# #                     {
+# #                         "containerPort": 1314,
+# #                         "hostPort": 1314,
+# #                         "protocol": "udp"
+# #                     },
+# #                     {
+# #                         "containerPort": 1315,
+# #                         "hostPort": 1315,
+# #                         "protocol": "tcp"
+# #                     }
+# #                 ],
+# #                 "essential": true,
+# #                 "command": [
+# #                     "agent",
+# #                     "start",
+# #                     "--verbose",
+# #                     "--format=json"
+# #                 ],
+# #                 "environment": [
+# #                     {
+# #                         "name": "PK_SEED_NODES",
+# #                         "value": ""
+# #                     },
+# #                     {
+# #                         "name": "PK_INGRESS_HOST",
+# #                         "value": "0.0.0.0"
+# #                     },
+# #                     {
+# #                         "name": "PK_CLIENT_PORT",
+# #                         "value": "1315"
+# #                     },
+# #                     {
+# #                         "name": "PK_INGRESS_PORT",
+# #                         "value": "1314"
+# #                     },
+# #                     {
+# #                         "name": "PK_CLIENT_HOST",
+# #                         "value": "0.0.0.0"
+# #                     },
+# #                     {
+# #                         "name": "PK_NODE_PATH",
+# #                         "value": "/srv"
+# #                     },
+# #                     {
+# #                         "name": "PK_PASSWORD",
+# #                         "value": "abc123"
+# #                     }
+# #                 ],
+# #                 "mountPoints": [],
+# #                 "volumesFrom": [],
+# #                 "logConfiguration": {
+# #                     "logDriver": "awslogs",
+# #                     "options": {
+# #                         "awslogs-group": "/ecs/polykey",
+# #                         "awslogs-region": "ap-southeast-2",
+# #                         "awslogs-stream-prefix": "ecs"
+# #                     }
+# #                 }
+# #             }
+# #         ],
+# #         "family": "polykey",
+# #         "executionRoleArn": "arn:aws:iam::015248367786:role/ecsTaskExecutionRole",
+# #         "networkMode": "awsvpc",
+# #         "revision": 7,
+# #         "volumes": [],
+# #         "status": "ACTIVE",
+# #         "requiresAttributes": [
+# #             {
+# #                 "name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
+# #             },
+# #             {
+# #                 "name": "ecs.capability.execution-role-awslogs"
+# #             },
+# #             {
+# #                 "name": "com.amazonaws.ecs.capability.ecr-auth"
+# #             },
+# #             {
+# #                 "name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
+# #             },
+# #             {
+# #                 "name": "ecs.capability.execution-role-ecr-pull"
+# #             },
+# #             {
+# #                 "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
+# #             },
+# #             {
+# #                 "name": "ecs.capability.task-eni"
+# #             }
+# #         ],
+# #         "placementConstraints": [],
+# #         "compatibilities": [
+# #             "EC2",
+# #             "FARGATE"
+# #         ],
+# #         "runtimePlatform": {
+# #             "operatingSystemFamily": "LINUX"
+# #         },
+# #         "requiresCompatibilities": [
+# #             "FARGATE"
+# #         ],
+# #         "cpu": "256",
+# #         "memory": "512",
+# #         "registeredAt": "2022-02-18T13:13:23.774000+11:00",
+# #         "registeredBy": "arn:aws:iam::015248367786:user/joshua.karp"
+# #     }
+# # }
+
+
+# # testnet and mainnet
+# # uses aws to do this
+
+# # use this to register a new task definition
+# # aws ecs register-task-definition
+
+# # # we assume the cluster is already created
+# # # if the cluster isn't created, then it should be done from scratch too
+
+# # # this  shows the latest task definitions
+# # aws ecs list-task-definitions \
+# #   --no-paginate \
+# #   --family-prefix polykey \
+# #   --sort DESC \
+# #   --output json
+
+# # # this gives us the ARN
+# # # we need to register a task definition if we are not using
+# # # taskDefinitionArns <- this is what we are looking at
+
+# # # checks for the existence of this
+# # # you can also use the revision
+# # # or full arn name
+
+# # aws ecs describe-task-definition --task-definition polykey --output json
+
+# # i think that's why we had to extract the version number
+# # and then get it
+# # and i remeber we had toe xtract some information
+# # and redo it
+# # so things like the port information
+
+# # if it doesn't exist
+# # you would have to get a 254 code and stderr
+# # that would mean it doesn't exist
+# # there's no other one
+# # i guess the erro code couldbe different
+
+# # this is idempotent (but also if you change the operation, it fails)
+# # you get a CreateCluster operation Arguments on this idmepotent request are inconsistent
+# # so if you want to, you would need to know if you must create the cluster from scratch
+# # or is that something that must be setup prior,
+# # and therefore things should just be done
+# # PutClusterCapacityProviders
+
+# # this creates the cluster
+# # if already created, no issue
+# # but would require it
+
+# # if this is done before
+# # it should be done the same as before
+
+
+
+# # can use this to wait for stuff
+# # aws ecs wait
+
+
+# # aws ecs update-service \
+# #   --cluster tf_machine-learning-cpu-batch \
+# #   --service tf_prism-orchestrator \
+# #   --desired-count 1 \
+# #   --force-new-deployment