diff --git a/.github/workflows/blueprints-unit-tests.yml b/.github/workflows/blueprints-unit-tests.yml new file mode 100644 index 00000000..64249b35 --- /dev/null +++ b/.github/workflows/blueprints-unit-tests.yml @@ -0,0 +1,27 @@ +name: blueprints-cdk-tests + +on: + pull_request: + branches: + - main + +jobs: + blueprints-cdk-tests: + name: Run CDK tests for all blueprints + runs-on: ubuntu-latest + defaults: + run: + shell: bash + working-directory: scripts + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-node@v3 + with: + node-version: 19 + cache: npm + cache-dependency-path: package-lock.json + + - name: Install dependencies + run: npm ci + - name: Run unit tests + run: ./run-all-cdk-tests.sh diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 00000000..a71108d9 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,6 @@ +{ + "cSpell.words": [ + "bcuser", + "usermod" + ] +} \ No newline at end of file diff --git a/lib/constructs/ha-rpc-nodes-with-alb.ts b/lib/constructs/ha-rpc-nodes-with-alb.ts index e4b6bd2a..085f23bf 100644 --- a/lib/constructs/ha-rpc-nodes-with-alb.ts +++ b/lib/constructs/ha-rpc-nodes-with-alb.ts @@ -75,18 +75,22 @@ export class HANodesConstruct extends cdkContructs.Construct { } if (dataVolume.type !== constants.InstanceStoreageDeviceVolumeType){ - blockDevices.push( - { - deviceName: constants.VolumeDeviceNames[arrayIndex], - volume: autoscaling.BlockDeviceVolume.ebs(dataVolume.sizeGiB, { - deleteOnTermination: true, - throughput: dataVolume.throughput, - encrypted: true, - iops: dataVolume.iops, - volumeType: autoscaling.EbsDeviceVolumeType[dataVolume.type.toUpperCase() as keyof typeof autoscaling.EbsDeviceVolumeType], - }), - } - ) + const volumeType = dataVolume.type.toUpperCase(); + const ebsConfig: any = { + deleteOnTermination: true, + encrypted: true, + iops: dataVolume.iops, + volumeType: autoscaling.EbsDeviceVolumeType[dataVolume.type.toUpperCase() as keyof typeof autoscaling.EbsDeviceVolumeType], + }; + + if (volumeType == 'GP3'){ + ebsConfig.throughput = dataVolume.throughput; + } + + blockDevices.push({ + deviceName: constants.VolumeDeviceNames[arrayIndex], + volume: autoscaling.BlockDeviceVolume.ebs(dataVolume.sizeGiB, ebsConfig) + }) } }); diff --git a/lib/fantom/test/ha-nodes-stack.test.ts b/lib/fantom/test/ha-nodes-stack.test.ts index da218b72..3c2b5a6b 100644 --- a/lib/fantom/test/ha-nodes-stack.test.ts +++ b/lib/fantom/test/ha-nodes-stack.test.ts @@ -173,9 +173,9 @@ describe("FantomHANodesStack", () => { { "CidrIp": "1.2.3.4/5", "Description": "Blockchain Node RPC", - "FromPort": 8545, + "FromPort": 18545, "IpProtocol": "tcp", - "ToPort": 8545 + "ToPort": 18545 } ], VpcId: Match.anyValue(), @@ -221,7 +221,7 @@ describe("FantomHANodesStack", () => { } ], LoadBalancerArn: Match.anyValue(), - Port: 8545, + Port: 18545, Protocol: "HTTP" }) @@ -230,12 +230,12 @@ describe("FantomHANodesStack", () => { HealthCheckEnabled: true, HealthCheckIntervalSeconds: 30, HealthCheckPath: "/", - HealthCheckPort: "8545", + HealthCheckPort: "18545", HealthyThresholdCount: 3, Matcher: { HttpCode: "200-299" }, - Port: 8545, + Port: 18545, Protocol: "HTTP", TargetGroupAttributes: [ { diff --git a/lib/solana/lib/assets/instance/storage/setup.sh b/lib/solana/lib/assets/instance/storage/setup.sh index e07797e6..e0adaaa9 100755 --- a/lib/solana/lib/assets/instance/storage/setup.sh +++ b/lib/solana/lib/assets/instance/storage/setup.sh @@ -32,7 +32,8 @@ get_all_empty_nvme_disks () { local unmounted_nvme_disks=() local sorted_unmounted_nvme_disks - all_not_mounted_nvme_disks=$(lsblk -lnb | awk '{if ($7=="") {print $1}}' | grep nvme) + #The disk will only be mounted when the nvme disk is larger than 100GB to avoid storing blockchain node data directly on the root EBS disk (which is 46GB by default) + all_not_mounted_nvme_disks=$(lsblk -lnb | awk '{if ($7 == "" && $4 > 100000000) {print $1}}' | grep nvme) all_mounted_nvme_partitions=$(mount | awk '{print $1}' | grep /dev/nvme) for disk in ${all_not_mounted_nvme_disks[*]}; do if [[ ! "${all_mounted_nvme_partitions[*]}" =~ $disk ]]; then diff --git a/lib/solana/lib/assets/user-data-ubuntu.sh b/lib/solana/lib/assets/user-data-ubuntu.sh index 560b7566..6264d15c 100644 --- a/lib/solana/lib/assets/user-data-ubuntu.sh +++ b/lib/solana/lib/assets/user-data-ubuntu.sh @@ -31,22 +31,18 @@ INSTANCE_ID=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.2 apt-get -yqq update apt-get -yqq install jq unzip python3-pip chrony +ARCH=$(uname -m) + if [ "$ARCH" == "x86_64" ]; then CW_AGENT_BINARY_URI=https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb - AWS_CLI_BINARY_URI=https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip else CW_AGENT_BINARY_URI=https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/arm64/latest/amazon-cloudwatch-agent.deb - AWS_CLI_BINARY_URI=https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip fi cd /opt || exit 1 -ARCH=$(uname -m) - echo "Intalling AWS CLI" -curl "$AWS_CLI_BINARY_URI" -o "awscliv2.zip" -unzip awscliv2.zip -/opt/aws/install +snap install aws-cli --classic echo "Downloading assets zip file" aws s3 cp $ASSETS_S3_PATH ./assets.zip --region $AWS_REGION diff --git a/lib/stacks/sample-configs/.env-sample-follower b/lib/stacks/sample-configs/.env-sample-follower index d4bfa579..04589e73 100644 --- a/lib/stacks/sample-configs/.env-sample-follower +++ b/lib/stacks/sample-configs/.env-sample-follower @@ -34,8 +34,8 @@ STACKS_NETWORK="mainnet" # Network onto whi # # Storage configuration # STACKS_DATA_VOL_SIZE=512 # Volume size in GB for node data storage -# STACKS_DATA_VOL_TYPE="gp3" # EBS volume type. Example: "gp2", "io1" for high-performance needs -# STACKS_DATA_VOL_IOPS=12000 # IOPS for "io1" volume type. IMPORTANT: Adjust based on performance needs +# STACKS_DATA_VOL_TYPE="gp3" # EBS volume type. Example: "gp2", "io2" for high-performance needs +# STACKS_DATA_VOL_IOPS=12000 # IOPS for "io2" volume type. IMPORTANT: Adjust based on performance needs # STACKS_DATA_VOL_THROUGHPUT=700 # Throughput in MB/s for "gp3" volume type. Check compatibility with chosen volume type # # High Availability (HA) configuration diff --git a/lib/stacks/test/.env-test b/lib/stacks/test/.env-test index 84c05e19..968af956 100644 --- a/lib/stacks/test/.env-test +++ b/lib/stacks/test/.env-test @@ -32,9 +32,9 @@ STACKS_MINER_SECRET_ARN="none" # Optional. ARN for # Storage configuration STACKS_DATA_VOL_SIZE=128 # Volume size in GB for node data storage -STACKS_DATA_VOL_TYPE="io1" # EBS volume type. Example: "gp2", "io1" for high-performance needs -STACKS_DATA_VOL_IOPS=500 # IOPS for "io1" volume type. IMPORTANT: Adjust based on performance needs -STACKS_DATA_VOL_THROUGHPUT=600 # Throughput in MB/s for "gp3" volume type. Check compatibility with chosen volume type +STACKS_DATA_VOL_TYPE="gp3" # EBS volume type. Example: "gp2", "io2" for high-performance needs +STACKS_DATA_VOL_IOPS=12000 # IOPS for "io2" volume type. IMPORTANT: Adjust based on performance needs +STACKS_DATA_VOL_THROUGHPUT=700 # Throughput in MB/s for "gp3" volume type. Check compatibility with chosen volume type # High Availability (HA) configuration STACKS_HA_ALB_HEALTHCHECK_GRACE_PERIOD_MIN=75 # Grace period in minutes for ALB health checks diff --git a/lib/stacks/test/ha-nodes-stack.test.ts b/lib/stacks/test/ha-nodes-stack.test.ts index 872b83f5..c869e0d6 100644 --- a/lib/stacks/test/ha-nodes-stack.test.ts +++ b/lib/stacks/test/ha-nodes-stack.test.ts @@ -98,7 +98,6 @@ describe("StacksHANodesStack", () => { "DeleteOnTermination": true, "Encrypted": true, "Iops": TEST_STACKS_DATA_VOL_IOPS, - "Throughput": TEST_STACKS_DATA_VOL_THROUGHPUT, "VolumeSize": TEST_STACKS_DATA_VOL_SIZE, "VolumeType": TEST_STACKS_DATA_VOL_TYPE } diff --git a/lib/stacks/test/test-constants.ts b/lib/stacks/test/test-constants.ts index b07124de..8da3a65c 100644 --- a/lib/stacks/test/test-constants.ts +++ b/lib/stacks/test/test-constants.ts @@ -16,9 +16,9 @@ export const TEST_BITCOIN_P2P_PORT: number = 1234 export const TEST_STACKS_SIGNER_SECRET_ARN: string = "none" export const TEST_STACKS_MINER_SECRET_ARN: string = "none" export const TEST_STACKS_DATA_VOL_SIZE: number = 128 -export const TEST_STACKS_DATA_VOL_TYPE: string = "io1" -export const TEST_STACKS_DATA_VOL_IOPS: number = 500 -export const TEST_STACKS_DATA_VOL_THROUGHPUT: number = 600 +export const TEST_STACKS_DATA_VOL_TYPE: string = "gp3" +export const TEST_STACKS_DATA_VOL_IOPS: number = 12000 +export const TEST_STACKS_DATA_VOL_THROUGHPUT: number = 700 export const TEST_STACKS_HA_ALB_HEALTHCHECK_GRACE_PERIOD_MIN: number = 75 export const TEST_STACKS_HA_NODES_HEARTBEAT_DELAY_MIN: number = 12 export const TEST_STACKS_HA_NUMBER_OF_NODES: number = 3 diff --git a/lib/sui/app.ts b/lib/sui/app.ts index 1cbc3a60..84c83d9e 100644 --- a/lib/sui/app.ts +++ b/lib/sui/app.ts @@ -3,7 +3,7 @@ import "dotenv/config" import "source-map-support/register"; import * as cdk from "aws-cdk-lib"; import * as nag from "cdk-nag"; -import * as config from "./lib/config/suiConfig"; +import * as config from "./lib/config/node-config"; import {SuiCommonStack} from "./lib/common-stack"; import {SuiSingleNodeStack} from "./lib/single-node-stack"; diff --git a/lib/sui/lib/config/suiConfig.interface.ts b/lib/sui/lib/config/node-config.interface.ts similarity index 100% rename from lib/sui/lib/config/suiConfig.interface.ts rename to lib/sui/lib/config/node-config.interface.ts diff --git a/lib/sui/lib/config/suiConfig.ts b/lib/sui/lib/config/node-config.ts similarity index 96% rename from lib/sui/lib/config/suiConfig.ts rename to lib/sui/lib/config/node-config.ts index 88bd2e23..b04bc3a0 100644 --- a/lib/sui/lib/config/suiConfig.ts +++ b/lib/sui/lib/config/node-config.ts @@ -1,5 +1,5 @@ import * as ec2 from "aws-cdk-lib/aws-ec2"; -import * as configTypes from "./suiConfig.interface"; +import * as configTypes from "./node-config.interface"; import * as constants from "../../../constructs/constants"; diff --git a/lib/sui/lib/constructs/sui-node-security-group.ts b/lib/sui/lib/constructs/sui-node-security-group.ts index 4b57153d..4642e55f 100644 --- a/lib/sui/lib/constructs/sui-node-security-group.ts +++ b/lib/sui/lib/constructs/sui-node-security-group.ts @@ -27,7 +27,6 @@ export class SuiNodeSecurityGroupConstruct extends cdkConstructs.Construct { sg.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.udp(8084), "Sui P2P"); sg.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(9184), "Sui Metrics"); sg.addIngressRule(ec2.Peer.ipv4(vpc.vpcCidrBlock), ec2.Port.tcp(9000), "JSON-RPC"); - sg.addIngressRule(ec2.Peer.ipv4(vpc.vpcCidrBlock), ec2.Port.tcp(22), "SSH"); this.securityGroup = sg diff --git a/lib/sui/lib/single-node-stack.ts b/lib/sui/lib/single-node-stack.ts index a31d8fa1..9bfa53ba 100644 --- a/lib/sui/lib/single-node-stack.ts +++ b/lib/sui/lib/single-node-stack.ts @@ -9,7 +9,7 @@ import * as nodeCwDashboard from "./constructs/node-cw-dashboard" import * as cw from 'aws-cdk-lib/aws-cloudwatch'; import * as nag from "cdk-nag"; import { SingleNodeConstruct } from "../../constructs/single-node" -import * as configTypes from "./config/suiConfig.interface"; +import * as configTypes from "./config/node-config.interface"; import * as constants from "../../constructs/constants"; import { SuiNodeSecurityGroupConstruct } from "./constructs/sui-node-security-group"; @@ -113,7 +113,7 @@ export class SuiSingleNodeStack extends cdk.Stack { }) new cw.CfnDashboard(this, 'sui-cw-dashboard', { - dashboardName: STACK_NAME, + dashboardName: `${STACK_NAME}-${node.instanceId}`, dashboardBody: dashboardString, }); diff --git a/lib/sui/test/.env-test b/lib/sui/test/.env-test index 5ca8cf77..782e70ed 100644 --- a/lib/sui/test/.env-test +++ b/lib/sui/test/.env-test @@ -1,19 +1,16 @@ ############################################################# -# Example configuration for Starknet nodes runner app on AWS # +# Example configuration for Sui Node Runner app on AWS # ############################################################# - ## Set the AWS account is and region for your environment ## -AWS_ACCOUNT_ID="xxxxxxxxxxx" -AWS_REGION="us-east-1" # Regions supported by Amazon Managed Blockchain Access Ethereum: https://docs.aws.amazon.com/general/latest/gr/managedblockchain.html#managedblockchain-access +AWS_ACCOUNT_ID="xxxxxxxx" +AWS_REGION="us-east-1" # your region of choice -## Common configuration parameters ## -STARKNET_L1_ENDPOINT="wss://ethereum-rpc.publicnode.com" -STARKNET_NETWORK_ID="mainnet" # All options: "mainnet", "sepolia", "sepolia-integration" -STARKNET_NODE_VERSION="v0.11.7" # Current required version of Starknet +## Common configuration parameters # +SUI_NETWORK_ID="testnet" # All options: "mainnet", "testnet" , "devnet" +SUI_INSTANCE_TYPE="m6i.4xlarge" -STARKNET_INSTANCE_TYPE="m6a.2xlarge" # Data volume configuration -STARKNET_DATA_VOL_TYPE="gp3" # Other options: "io1" | "io2" | "gp3" | "instance-store" . IMPORTANT: Use "instance-store" option only with instance types that support that feature, like popular for node im4gn, d3, i3en, and i4i instance families -STARKNET_DATA_VOL_SIZE="250" # Current required data size to keep both smapshot archive and unarchived version of it -STARKNET_DATA_VOL_IOPS="3000" # Max IOPS for EBS volumes (not applicable for "instance-store") -STARKNET_DATA_VOL_THROUGHPUT="700" # Max throughput for EBS gp3 volumes (not applicable for "io1" | "io2" | "instance-store") +SUI_DATA_VOL_TYPE="gp3" # Other options: "io1" | "io2" | "gp3" +SUI_DATA_VOL_SIZE="4000" # Current required data size to keep both snapshot archive and unarchived version of it +SUI_DATA_VOL_IOPS="3000" # Max IOPS for EBS volumes +SUI_DATA_VOL_THROUGHPUT="700" # Max throughput for EBS gp3 volumes (not applicable for "io1" | "io2") diff --git a/lib/sui/test/common-stack.test.ts b/lib/sui/test/common-stack.test.ts new file mode 100644 index 00000000..bd6434da --- /dev/null +++ b/lib/sui/test/common-stack.test.ts @@ -0,0 +1,63 @@ +import { Match, Template } from "aws-cdk-lib/assertions"; +import * as cdk from "aws-cdk-lib"; +import * as dotenv from 'dotenv'; +dotenv.config({ path: './test/.env-test' }); +import * as config from "../lib/config/node-config"; +import { SuiCommonStack } from "../lib/common-stack"; + +describe("SuiCommonStack", () => { + test("synthesizes the way we expect", () => { + const app = new cdk.App(); + + // Create the SuiCommonStack. + const suiCommonStack = new SuiCommonStack(app, "sui-common", { + env: { account: config.baseConfig.accountId, region: config.baseConfig.region }, + stackName: `sui-nodes-common`, + }); + + // Prepare the stack for assertions. + const template = Template.fromStack(suiCommonStack); + + // Has EC2 instance role. + template.hasResourceProperties("AWS::IAM::Role", { + AssumeRolePolicyDocument: { + Statement: [ + { + Action: "sts:AssumeRole", + Effect: "Allow", + Principal: { + Service: "ec2.amazonaws.com" + } + } + ] + }, + ManagedPolicyArns: [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + Ref: "AWS::Partition" + }, + ":iam::aws:policy/AmazonSSMManagedInstanceCore" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/CloudWatchAgentServerPolicy" + ] + ] + } + ] + }) + + }); +}); diff --git a/lib/sui/test/single-node-stack.test.ts b/lib/sui/test/single-node-stack.test.ts new file mode 100644 index 00000000..af731944 --- /dev/null +++ b/lib/sui/test/single-node-stack.test.ts @@ -0,0 +1,129 @@ +import { Match, Template } from "aws-cdk-lib/assertions"; +import * as cdk from "aws-cdk-lib"; +import * as dotenv from 'dotenv'; +dotenv.config({ path: './test/.env-test' }); +import * as config from "../lib/config/node-config"; +import { SuiSingleNodeStack } from "../lib/single-node-stack"; + +describe("SuiSingleNodeStack", () => { + test("synthesizes the way we expect", () => { + const app = new cdk.App(); + + // Create the SuiSingleNodeStack. + const suiSingleNodeStack = new SuiSingleNodeStack(app, "sui-single-node", { + stackName: `sui-single-node-${config.baseNodeConfig.suiNetworkId}`, + env: { account: config.baseConfig.accountId, region: config.baseConfig.region }, + instanceType: config.baseNodeConfig.instanceType, + instanceCpuType: config.baseNodeConfig.instanceCpuType, + dataVolume: config.baseNodeConfig.dataVolume, + suiNetworkId: config.baseNodeConfig.suiNetworkId, + }); + + // Prepare the stack for assertions. + const template = Template.fromStack(suiSingleNodeStack); + + // Has EC2 instance security group. + template.hasResourceProperties("AWS::EC2::SecurityGroup", { + GroupDescription: Match.anyValue(), + VpcId: Match.anyValue(), + SecurityGroupEgress: [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + SecurityGroupIngress: [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Sui P2P", + "FromPort": 8084, + "IpProtocol": "udp", + "ToPort": 8084 + }, + { + "CidrIp": "0.0.0.0/0", + "Description": "Sui Metrics", + "FromPort": 9184, + "IpProtocol": "tcp", + "ToPort": 9184 + }, + { + "CidrIp": "1.2.3.4/5", + "Description": "JSON-RPC", + "FromPort": 9000, + "IpProtocol": "tcp", + "ToPort": 9000 + } + ] + }) + + // Has EC2 instance with node configuration + template.hasResourceProperties("AWS::EC2::Instance", { + AvailabilityZone: Match.anyValue(), + UserData: Match.anyValue(), + BlockDeviceMappings: [ + { + DeviceName: "/dev/sda1", + Ebs: { + DeleteOnTermination: true, + Encrypted: true, + Iops: 3000, + VolumeSize: 46, + VolumeType: "gp3" + } + } + ], + IamInstanceProfile: Match.anyValue(), + ImageId: Match.anyValue(), + InstanceType: "m6i.4xlarge", + Monitoring: true, + PropagateTagsToVolumeOnCreation: true, + SecurityGroupIds: Match.anyValue(), + SubnetId: Match.anyValue(), + }) + + // Has EBS data volume. + template.hasResourceProperties("AWS::EC2::Volume", { + AvailabilityZone: Match.anyValue(), + Encrypted: true, + Iops: 3000, + MultiAttachEnabled: false, + Size: 4000, + Throughput: 700, + VolumeType: "gp3" + }) + + // Has EBS data volume attachment. + template.hasResourceProperties("AWS::EC2::VolumeAttachment", { + Device: "/dev/sdf", + InstanceId: Match.anyValue(), + VolumeId: Match.anyValue(), + }) + + // Has EBS accounts volume. + template.hasResourceProperties("AWS::EC2::Volume", { + AvailabilityZone: Match.anyValue(), + Encrypted: true, + Iops: 3000, + MultiAttachEnabled: false, + Size: 4000, + Throughput: 700, + VolumeType: "gp3" + }) + + // Has EBS accounts volume attachment. + template.hasResourceProperties("AWS::EC2::VolumeAttachment", { + Device: "/dev/sdf", + InstanceId: Match.anyValue(), + VolumeId: Match.anyValue(), + }) + + // Has CloudWatch dashboard. + template.hasResourceProperties("AWS::CloudWatch::Dashboard", { + DashboardBody: Match.anyValue(), + DashboardName: {"Fn::Join": ["", ["sui-single-node-testnet-",{ "Ref": Match.anyValue() }]]} + }) + + }); +}); diff --git a/scripts/run-all-cdk-tests.sh b/scripts/run-all-cdk-tests.sh new file mode 100755 index 00000000..2de07889 --- /dev/null +++ b/scripts/run-all-cdk-tests.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +cd ../lib || exit 1 + +run_test(){ + if [ -z "$1" ]; then + echo "Please provide blueprint directory name" + exit 1 + fi + local workdir=$1 + cd "$workdir" || exit 1 + echo "Running tests for $workdir" + npm run test + if [ $? -ne 0 ]; then + echo "Tests failed for $workdir" + exit 1 + fi + echo "Tests successful for $workdir" + cd ../ || exit 1 +} + +# Run tests for each blueprint +excluded_directories=("besu-private" "constructs" "wax" "polygon") +for dir in */; do + # If dir is not in the array of excluded_directories, run test + if [[ "${excluded_directories[*]}" =~ ${dir%/} ]]; then + echo "Skipping $dir" + else + run_test "$dir" + fi +done \ No newline at end of file