Exemple #1
0
    def __init__(self, scope: Construct, id: str, *, deployment: Deployment,
                 policy: Policy, cluster: ICluster, **kwargs) -> None:
        super().__init__(scope, id, **kwargs)

        Tags.of(self).add("Application", self.application_name)
        Tags.of(self).add("Deployment", deployment.value)

        policy.add_stack(self)

        if deployment == Deployment.PRODUCTION:
            desired_count = 1  # Currently this pod is stateful, and as such cannot be run more than once
            priority = 46
        else:
            desired_count = 1
            priority = 146

        api_fqdn = dns.subdomain_to_fqdn("api.bananas")
        api_url = f"https://{api_fqdn}"
        frontend_fqdn = dns.subdomain_to_fqdn(self.subdomain_name)
        frontend_url = f"https://{frontend_fqdn}"

        sentry_dsn = parameter_store.add_secure_string(
            f"/BananasFrontendWeb/{deployment.value}/SentryDSN").parameter

        ECSHTTPSContainer(
            self,
            self.application_name,
            subdomain_name=self.subdomain_name,
            deployment=deployment,
            policy=policy,
            application_name=self.application_name,
            image_name="ghcr.io/openttd/bananas-frontend-web",
            port=80,
            memory_limit_mib=64,
            desired_count=desired_count,
            cluster=cluster,
            priority=priority,
            command=[
                "--api-url",
                api_url,
                "--frontend-url",
                frontend_url,
                "run",
                "-p",
                "80",
                "-h",
                "0.0.0.0",
            ],
            environment={
                "WEBCLIENT_SENTRY_ENVIRONMENT": deployment.value.lower(),
            },
            secrets={
                "WEBCLIENT_SENTRY_DSN": Secret.from_ssm_parameter(sentry_dsn),
            },
        )
Exemple #2
0
    def __init__(self, scope: Construct, id: str, *, deployment: Deployment,
                 policy: Policy, cluster: ICluster, **kwargs) -> None:
        super().__init__(scope, id, **kwargs)

        Tags.of(self).add("Application", self.application_name)
        Tags.of(self).add("Deployment", deployment.value)

        policy.add_stack(self)

        if deployment == Deployment.PRODUCTION:
            desired_count = 2
            priority = 62
        else:
            desired_count = 1
            priority = 162

        api_fqdn = dns.subdomain_to_fqdn("api.master")
        api_url = f"https://{api_fqdn}"

        sentry_dsn = parameter_store.add_secure_string(
            f"/MasterServerWeb/{deployment.value}/SentryDSN").parameter

        ECSHTTPSContainer(
            self,
            self.application_name,
            subdomain_name=self.subdomain_name,
            deployment=deployment,
            policy=policy,
            application_name=self.application_name,
            image_name="ghcr.io/openttd/master-server-web",
            port=80,
            memory_limit_mib=96,
            desired_count=desired_count,
            cluster=cluster,
            priority=priority,
            command=[
                "--api-url",
                api_url,
                "run",
                "-p",
                "80",
                "-h",
                "0.0.0.0",
            ],
            environment={
                "WEBCLIENT_SENTRY_ENVIRONMENT": deployment.value.lower(),
            },
            secrets={
                "WEBCLIENT_SENTRY_DSN": Secret.from_ssm_parameter(sentry_dsn),
            },
        )
    def __init__(
        self,
        scope: Construct,
        id: str,
        *,
        deployment: Deployment,
        policy: Policy,
        cluster: ICluster,
        bucket: Bucket,
        **kwargs,
    ) -> None:
        super().__init__(scope, id, **kwargs)

        Tags.of(self).add("Application", self.application_name)
        Tags.of(self).add("Deployment", deployment.value)

        policy.add_stack(self)

        if deployment == Deployment.PRODUCTION:
            desired_count = 2
            priority = 44
            memory = 256
            github_url = "https://github.com/OpenTTD/BaNaNaS"
            content_port = 3978
            bootstrap_command = ["--bootstrap-unique-id", "4f474658"]
        else:
            desired_count = 1
            priority = 144
            memory = 128
            github_url = "https://github.com/OpenTTD/BaNaNaS-staging"
            content_port = 4978
            bootstrap_command = []

        cdn_fqdn = dns.subdomain_to_fqdn("bananas.cdn")
        cdn_url = f"http://{cdn_fqdn}"

        sentry_dsn = parameter_store.add_secure_string(f"/BananasServer/{deployment.value}/SentryDSN").parameter
        reload_secret = parameter_store.add_secure_string(f"/BananasServer/{deployment.value}/ReloadSecret").parameter

        command = [
            "--storage",
            "s3",
            "--storage-s3-bucket",
            bucket.bucket_name,
            "--index",
            "github",
            "--index-github-url",
            github_url,
            "--cdn-url",
            cdn_url,
            "--bind",
            "0.0.0.0",
            "--content-port",
            str(content_port),
            "--proxy-protocol",
        ]
        command.extend(bootstrap_command)

        self.container = ECSHTTPSContainer(
            self,
            self.application_name,
            subdomain_name=self.subdomain_name,
            path_pattern=self.path_pattern,
            allow_via_http=True,
            deployment=deployment,
            policy=policy,
            application_name=self.application_name,
            image_name="ghcr.io/openttd/bananas-server",
            port=80,
            memory_limit_mib=memory,
            desired_count=desired_count,
            cluster=cluster,
            priority=priority,
            command=command,
            environment={
                "BANANAS_SERVER_SENTRY_ENVIRONMENT": deployment.value.lower(),
            },
            secrets={
                "BANANAS_SERVER_SENTRY_DSN": Secret.from_ssm_parameter(sentry_dsn),
                "BANANAS_SERVER_RELOAD_SECRET": Secret.from_ssm_parameter(reload_secret),
            },
        )

        self.container.add_port(content_port)
        nlb.add_nlb(self, self.container.service, Port.tcp(content_port), self.nlb_subdomain_name, "BaNaNaS Server")

        self.container.task_role.add_to_policy(
            PolicyStatement(
                actions=[
                    "s3:GetObject",
                    "s3:ListBucket",
                ],
                resources=[
                    bucket.bucket_arn,
                    StringConcat().join(bucket.bucket_arn, "/*"),
                ],
            )
        )
    def __init__(
        self,
        scope: Construct,
        id: str,
        *,
        deployment: Deployment,
        policy: Policy,
        cluster: ICluster,
        bucket: Bucket,
        **kwargs,
    ) -> None:
        super().__init__(scope, id, **kwargs)

        Tags.of(self).add("Application", self.application_name)
        Tags.of(self).add("Deployment", deployment.value)

        policy.add_stack(self)

        if deployment == Deployment.PRODUCTION:
            desired_count = 1  # Currently this pod is stateful, and as such cannot be run more than once
            tus_priority = 40
            priority = 42
            memory = 256
            github_url = "[email protected]:OpenTTD/BaNaNaS.git"
            client_file = "clients-production.yaml"
        else:
            desired_count = 1
            tus_priority = 140
            priority = 142
            memory = 96
            github_url = "[email protected]:OpenTTD/BaNaNaS-staging.git"
            client_file = "clients-staging.yaml"

        sentry_dsn = parameter_store.add_secure_string(f"/BananasApi/{deployment.value}/SentryDSN").parameter
        user_github_client_id = parameter_store.add_secure_string(f"/BananasApi/{deployment.value}/UserGithubClientId").parameter
        user_github_client_secret = parameter_store.add_secure_string(f"/BananasApi/{deployment.value}/UserGithubClientSecret").parameter
        index_github_private_key = parameter_store.add_secure_string(f"/BananasApi/{deployment.value}/IndexGithubPrivateKey").parameter
        reload_secret = parameter_store.add_secure_string(f"/BananasApi/{deployment.value}/ReloadSecret").parameter

        self.container = ECSHTTPSContainer(
            self,
            self.application_name,
            subdomain_name=self.subdomain_name,
            deployment=deployment,
            policy=policy,
            application_name=self.application_name,
            image_name="ghcr.io/openttd/bananas-api",
            port=80,
            memory_limit_mib=memory,
            desired_count=desired_count,
            cluster=cluster,
            priority=priority,
            command=[
                "--storage",
                "s3",
                "--storage-s3-bucket",
                bucket.bucket_name,
                "--index",
                "github",
                "--index-github-url",
                github_url,
                "--client-file",
                client_file,
                "--user",
                "github",
                "--bind",
                "0.0.0.0",
                "--behind-proxy",
            ],
            environment={
                "BANANAS_API_SENTRY_ENVIRONMENT": deployment.value.lower(),
            },
            secrets={
                "BANANAS_API_SENTRY_DSN": Secret.from_ssm_parameter(sentry_dsn),
                "BANANAS_API_USER_GITHUB_CLIENT_ID": Secret.from_ssm_parameter(user_github_client_id),
                "BANANAS_API_USER_GITHUB_CLIENT_SECRET": Secret.from_ssm_parameter(user_github_client_secret),
                "BANANAS_API_INDEX_GITHUB_PRIVATE_KEY": Secret.from_ssm_parameter(index_github_private_key),
                "BANANAS_API_RELOAD_SECRET": Secret.from_ssm_parameter(reload_secret),
            },
        )
        self.container.add_port(1080)
        self.container.add_target(
            subdomain_name=self.subdomain_name,
            port=1080,
            priority=tus_priority,
            path_pattern="/new-package/tus/*",
        )

        self.container.task_role.add_to_policy(
            PolicyStatement(
                actions=[
                    "s3:PutObject",
                    "s3:PutObjectAcl",
                ],
                resources=[
                    StringConcat().join(bucket.bucket_arn, "/*"),
                ],
            )
        )
Exemple #5
0
    def __init__(
        self,
        scope: Construct,
        id: str,
        *,
        deployment: Deployment,
        policy: Policy,
        cluster: ICluster,
        vpc: IVpc,
        **kwargs,
    ) -> None:
        super().__init__(scope, id, **kwargs)

        Tags.of(self).add("Application", self.application_name)
        Tags.of(self).add("Deployment", deployment.value)

        policy.add_stack(self)

        efs_cache = FileSystem(
            self,
            "WikiCacheEFS",
            vpc=vpc,
        )
        efs_cache.connections.allow_default_port_from(cluster)

        if deployment == Deployment.PRODUCTION:
            desired_count = 1  # Currently this pod is stateful, and as such cannot be run more than once
            priority = 80
            memory = 384
            github_url = "[email protected]:OpenTTD/wiki-data.git"
            github_history_url = "https://github.com/OpenTTD/wiki-data"
            frontend_url = "https://wiki.openttd.org"
        else:
            desired_count = 1
            priority = 180
            memory = 128
            github_url = "[email protected]:OpenTTD/wiki-data-staging.git"
            github_history_url = "https://github.com/OpenTTD/wiki-data-staging"
            frontend_url = "https://wiki.staging.openttd.org"

        sentry_dsn = parameter_store.add_secure_string(f"/Wiki/{deployment.value}/SentryDSN").parameter
        user_github_client_id = parameter_store.add_secure_string(f"/Wiki/{deployment.value}/UserGithubClientId").parameter
        user_github_client_secret = parameter_store.add_secure_string(f"/Wiki/{deployment.value}/UserGithubClientSecret").parameter
        storage_github_private_key = parameter_store.add_secure_string(f"/Wiki/{deployment.value}/StorageGithubPrivateKey").parameter
        reload_secret = parameter_store.add_secure_string(f"/Wiki/{deployment.value}/ReloadSecret").parameter

        self.container = ECSHTTPSContainer(
            self,
            self.application_name,
            subdomain_name=self.subdomain_name,
            deployment=deployment,
            policy=policy,
            application_name=self.application_name,
            image_name="ghcr.io/truebrain/truewiki",
            port=80,
            memory_limit_mib=memory,
            desired_count=desired_count,
            cluster=cluster,
            priority=priority,
            command=[
                "--storage",
                "github",
                "--storage-github-url",
                github_url,
                "--storage-github-history-url",
                github_history_url,
                "--storage-folder",
                "/data",
                "--user",
                "github",
                "--frontend-url",
                frontend_url,
                "--cache-metadata-file",
                "/cache/metadata.json",
                "--cache-page-folder",
                "/cache-pages",
                "--bind",
                "0.0.0.0",
            ],
            environment={
                "TRUEWIKI_SENTRY_ENVIRONMENT": deployment.value.lower(),
            },
            secrets={
                "TRUEWIKI_SENTRY_DSN": Secret.from_ssm_parameter(sentry_dsn),
                "TRUEWIKI_USER_GITHUB_CLIENT_ID": Secret.from_ssm_parameter(user_github_client_id),
                "TRUEWIKI_USER_GITHUB_CLIENT_SECRET": Secret.from_ssm_parameter(user_github_client_secret),
                "TRUEWIKI_STORAGE_GITHUB_PRIVATE_KEY": Secret.from_ssm_parameter(storage_github_private_key),
                "TRUEWIKI_RELOAD_SECRET": Secret.from_ssm_parameter(reload_secret),
            },
            volumes={
                "/cache": Volume(
                    name="cache",
                    efs_volume_configuration=EfsVolumeConfiguration(
                        file_system_id=efs_cache.file_system_id,
                    ),
                ),
            },
        )
Exemple #6
0
    def __init__(
        self,
        scope: Construct,
        id: str,
        *,
        deployment: Deployment,
        policy: Policy,
        cluster: ICluster,
        vpc: IVpc,
        **kwargs,
    ) -> None:
        super().__init__(scope, id, **kwargs)

        Tags.of(self).add("Application", self.application_name)
        Tags.of(self).add("Deployment", deployment.value)

        policy.add_stack(self)

        efs = FileSystem(
            self,
            "EintsEFS",
            vpc=vpc,
        )
        efs.connections.allow_default_port_from(cluster)

        if deployment == Deployment.PRODUCTION:
            desired_count = 1  # Currently this pod is stateful, and as such cannot be run more than once
            priority = 70
            memory = 512
        else:
            desired_count = 1
            priority = 170
            memory = 128

        github_org_api_token = parameter_store.add_secure_string(
            f"/Eints/{deployment.value}/GithubOrgApiToken").parameter
        github_oauth2_client_id = parameter_store.add_secure_string(
            f"/Eints/{deployment.value}/GithubOauth2ClientId").parameter
        github_oauth2_client_secret = parameter_store.add_secure_string(
            f"/Eints/{deployment.value}/GithubOauth2ClientSecret").parameter
        translators_password = parameter_store.add_secure_string(
            f"/Eints/{deployment.value}/TranslatorsPassword").parameter
        sentry_dsn = parameter_store.add_secure_string(
            f"/Eints/{deployment.value}/SentryDSN").parameter

        ECSHTTPSContainer(
            self,
            self.application_name,
            subdomain_name=self.subdomain_name,
            deployment=deployment,
            policy=policy,
            application_name=self.application_name,
            image_name="ghcr.io/openttd/eints-openttd-github",
            port=80,
            memory_limit_mib=memory,
            desired_count=desired_count,
            cluster=cluster,
            priority=priority,
            command=[
                "--server-host",
                "0.0.0.0",
                "--server-port",
                "80",
                "--server-mode",
                "production",
                "--authentication",
                "github",
                "--stable-languages",
                "stable_languages",
                "--unstable-languages",
                "unstable_languages",
                "--project-cache",
                "1",
                "--project-types",
                "openttd",
                "--storage-format",
                "split-languages",
                "--data-format",
                "json",
                "--language-file-size",
                "10000000",
                "--num-backup-files",
                "1",
                "--max-num-changes",
                "5",
                "--min-num-changes",
                "2",
                "--change-stable-age",
                "600",
                "--github-organization",
                "OpenTTD",
            ],
            environment={
                "EINTS_SENTRY_ENVIRONMENT": deployment.value.lower(),
            },
            secrets={
                "EINTS_GITHUB_ORG_API_TOKEN":
                Secret.from_ssm_parameter(github_org_api_token),
                "EINTS_GITHUB_OAUTH2_CLIENT_ID":
                Secret.from_ssm_parameter(github_oauth2_client_id),
                "EINTS_GITHUB_OAUTH2_CLIENT_SECRET":
                Secret.from_ssm_parameter(github_oauth2_client_secret),
                "EINTS_TRANSLATORS_PASSWORD":
                Secret.from_ssm_parameter(translators_password),
                "EINTS_SENTRY_DSN":
                Secret.from_ssm_parameter(sentry_dsn),
            },
            volumes={
                "/data":
                Volume(
                    name="data",
                    efs_volume_configuration=EfsVolumeConfiguration(
                        file_system_id=efs.file_system_id, ),
                )
            },
        )
Exemple #7
0
    def __init__(
        self,
        scope: Construct,
        id: str,
        *,
        deployment: Deployment,
        policy: Policy,
        cluster: ICluster,
        vpc: IVpc,
        **kwargs,
    ) -> None:
        super().__init__(scope, id, **kwargs)

        Tags.of(self).add("Application", self.application_name)
        Tags.of(self).add("Deployment", deployment.value)

        policy.add_stack(self)

        efs_seen = FileSystem(
            self,
            "DorpsGekSeenEFS",
            vpc=vpc,
        )
        efs_seen.connections.allow_default_port_from(cluster)
        efs_logs = FileSystem(
            self,
            "DorpsGekLogsEFS",
            vpc=vpc,
        )
        efs_logs.connections.allow_default_port_from(cluster)

        if deployment == Deployment.PRODUCTION:
            desired_count = 1
            priority = 30
            addressed_by = "@"
            irc_username = "******"
            channels = [
                "--channel",
                "dorpsgek",
                "--channel",
                "openttd,public",
                "--channel",
                "openttd.dev,public",
                "--channel",
                "openttd.notice",
                "--channel",
                "openttd.tgp",
                "--channel",
                "opendune,public",
            ]
        else:
            desired_count = 1
            priority = 130
            addressed_by = "%"
            irc_username = "******"
            channels = [
                "--channel",
                "dorpsgek",
                "--channel",
                "dorpsgek-test,public",
            ]

        sentry_dsn = parameter_store.add_secure_string(
            f"/Dorpsgek/{deployment.value}/SentryDSN").parameter
        github_app_id = parameter_store.add_secure_string(
            f"/Dorpsgek/{deployment.value}/GithubAppId").parameter
        github_app_private_key = parameter_store.add_secure_string(
            f"/Dorpsgek/{deployment.value}/GithubAppPrivateKey").parameter
        github_app_secret = parameter_store.add_secure_string(
            f"/Dorpsgek/{deployment.value}/GithubAppSecret").parameter
        nickserv_password = parameter_store.add_secure_string(
            f"/Dorpsgek/{deployment.value}/NickservPassword").parameter

        ECSHTTPSContainer(
            self,
            self.application_name,
            subdomain_name=self.subdomain_name,
            deployment=deployment,
            policy=policy,
            application_name=self.application_name,
            image_name="ghcr.io/openttd/dorpsgek",
            port=80,
            memory_limit_mib=96,
            desired_count=desired_count,
            cluster=cluster,
            priority=priority,
            command=[
                "--irc-username",
                irc_username,
                "--nickserv-username",
                irc_username,
                "--addressed-by",
                addressed_by,
            ] + channels,
            environment={
                "DORPSGEK_SENTRY_ENVIRONMENT": deployment.value.lower(),
            },
            secrets={
                "DORPSGEK_SENTRY_DSN":
                Secret.from_ssm_parameter(sentry_dsn),
                "DORPSGEK_GITHUB_APP_ID":
                Secret.from_ssm_parameter(github_app_id),
                "DORPSGEK_GITHUB_APP_PRIVATE_KEY":
                Secret.from_ssm_parameter(github_app_private_key),
                "DORPSGEK_GITHUB_APP_SECRET":
                Secret.from_ssm_parameter(github_app_secret),
                "DORPSGEK_NICKSERV_PASSWORD":
                Secret.from_ssm_parameter(nickserv_password),
            },
            volumes={
                "/code/data":
                Volume(
                    name="data",
                    efs_volume_configuration=EfsVolumeConfiguration(
                        file_system_id=efs_seen.file_system_id, ),
                ),
                "/code/logs/ChannelLogger":
                Volume(
                    name="logs",
                    efs_volume_configuration=EfsVolumeConfiguration(
                        file_system_id=efs_logs.file_system_id, ),
                ),
            },
        )
Exemple #8
0
    def __init__(self, scope: Construct, id: str, *, deployment: Deployment,
                 policy: Policy, cluster: ICluster, **kwargs) -> None:
        super().__init__(scope, id, **kwargs)

        Tags.of(self).add("Application", self.application_name)
        Tags.of(self).add("Deployment", deployment.value)

        policy.add_stack(self)

        if deployment == Deployment.PRODUCTION:
            desired_count = 2
            priority = 60
            dynamodb_prefix = "P-"
        else:
            desired_count = 1
            priority = 160
            dynamodb_prefix = "S-"

        sentry_dsn = parameter_store.add_secure_string(
            f"/MasterServerApi/{deployment.value}/SentryDSN").parameter

        self.container = ECSHTTPSContainer(
            self,
            self.application_name,
            subdomain_name=self.subdomain_name,
            deployment=deployment,
            policy=policy,
            application_name=self.application_name,
            image_name="ghcr.io/openttd/master-server",
            port=80,
            memory_limit_mib=96,
            desired_count=desired_count,
            cluster=cluster,
            priority=priority,
            command=[
                "--app",
                "web_api",
                "--bind",
                "0.0.0.0",
                "--db",
                "dynamodb",
                "--dynamodb-region",
                "eu-central-1",
                "--dynamodb-prefix",
                dynamodb_prefix,
            ],
            environment={
                "MASTER_SERVER_SENTRY_ENVIRONMENT": deployment.value.lower(),
            },
            secrets={
                "MASTER_SERVER_SENTRY_DSN":
                Secret.from_ssm_parameter(sentry_dsn),
            },
        )

        table_and_index = []
        for table in ("S-MSU-ip-port", "S-MSU-server", "P-MSU-ip-port",
                      "P-MSU-server"):
            table_and_index.extend([
                f"arn:aws:dynamodb:{self.region}:{self.account}:table/{table}",
                f"arn:aws:dynamodb:{self.region}:{self.account}:table/{table}/index/online_view",
                f"arn:aws:dynamodb:{self.region}:{self.account}:table/{table}/index/time_last_seen_view",
            ])

        self.container.task_role.add_to_policy(
            PolicyStatement(
                actions=[
                    "dynamodb:CreateTable",
                    "dynamodb:UpdateTimeToLive",
                    "dynamodb:PutItem",
                    "dynamodb:DescribeTable",
                    "dynamodb:ListTables",
                    "dynamodb:GetItem",
                    "dynamodb:Query",
                    "dynamodb:UpdateItem",
                ],
                resources=table_and_index,
            ))