Merge pull request #5152 from connext/add-lighthouse-key

feat: add lighthouse web3signer for LH propose
connext · Nov 10, 2023 · 1b39a1b · 1b39a1b
2 parents 32c8281 + 0a706aa
commit 1b39a1b
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 3 deletions.
diff --git a/ops/env/testnet/core/secrets.staging.json b/ops/env/testnet/core/secrets.staging.json
@@ -21,6 +21,7 @@
 	"betteruptime_api_key": "ENC[AES256_GCM,data:xJ/0QQozmfVedcNK2ZDmgjyVWQ+HDT1b,iv:wa4oOgvLeHi8C0X6vNIhhQuqDS8r1R9wRPMxWhKTscg=,tag:7BdsxpKjtoByUv/LTslDMQ==,type:str]",
 	"relayer_web3_signer_private_key": "ENC[AES256_GCM,data:wRSzd7JmCfXc6925dQjqyjXEIi2yACitVxKAdtNoK1vmties3LZ/7VQgHSngfneLmFDpbV43A5buU4wVnAFkTwMC,iv:OwPp02yQr3WCMGCp5fK0ksWXg8U6YmATapH529lDurA=,tag:gLg2gmT5G91325oug/nkvA==,type:str]",
 	"watcher_web3_signer_private_key": "ENC[AES256_GCM,data:g/8wZFvwuZeCq8pnnhNVt/UTNe5Fcnf2of7Ts8yEvRwR8AgVT5sR1GIpB1XrTqsHqSN8XOOyurLvwJXyFGkpUGMY,iv:9Qbxq6FJMbJIy9BAW2pA7GRq/nq1+YCVi+v90b0+/84=,tag:xD1AuxLPSEONP5gvfTOHJQ==,type:str]",
+	"lighthouse_web3_signer_private_key": "ENC[AES256_GCM,data:iV6Uqks0ni3B0SVHRm62xutl6kGL/Jc9zVn7Edi+l+ErRqBaqwhZ/sSg/BBo9YbwrEvnXDZi5IygWHLlhnVEzrzO,iv:YPOKuu41oy4tAcpBXmxldS6dFfHyn7XAI3UFFTDYqxY=,tag:dWYwP8Avb1rmvJ5VCzqlSg==,type:str]",
 	"sops": {
 		"kms": [
 			{
@@ -34,8 +35,8 @@
 		"azure_kv": null,
 		"hc_vault": null,
 		"age": null,
-		"lastmodified": "2023-11-06T22:28:36Z",
-		"mac": "ENC[AES256_GCM,data:W97+QVH+OzcFrB0Rt6JInLwK1rEZ6wCB+kc5PgVuJEUHjtO2z6peGXIEl2px5rLj6rkwaDKOZ+fDNOGoWJGwK+/wNo1mX937HlUG5NpOL/MiBVTQay9z09FQ8hEebg45cxxaVAXt3d6ngrfsaXaU0Rohh6RB6NjhgW84vT5MxXg=,iv:WBl4hU0izk569tece2rXkmrdoDOmH0Iir9yS+V8+IlE=,tag:3CC8FNR97n6qgHIELj9e2A==,type:str]",
+		"lastmodified": "2023-11-10T14:28:20Z",
+		"mac": "ENC[AES256_GCM,data:qote2lbuBDXglqWO8sHV9+9o3FwKvSooQkZtbtYvBQ+RI15xSEpqlG4lzZloH+peCCoZ8t/O62aeWY35BJ45ZDJCTc0CkaBibMdniSetelYiQZw3ejDfmFZwhEn1FFEYuWoBMh9Pm6hDvYemBFxinOZBgE2YGAr3RPDlujKXkHo=,iv:fIhbdOm+dqDnTaxQcUMS01WC+QX52KuTR233UoPOQqU=,tag:yhAmIzY367MkDVa46XkJBg==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.7.3"

diff --git a/ops/testnet/staging/core/config.tf b/ops/testnet/staging/core/config.tf
@@ -39,6 +39,13 @@ locals {
     { name = "DD_PROFILING_ENABLED", value = "true" },
     { name = "DD_ENV", value = "${var.environment}-${var.stage}" },
   ]
+  lighthouse_web3signer_env_vars = [
+    { name = "WEB3_SIGNER_PRIVATE_KEY", value = var.lighthouse_web3_signer_private_key },
+    { name = "WEB3SIGNER_HTTP_HOST_ALLOWLIST", value = "*" },
+    { name = "ENVIRONMENT", value = var.environment },
+    { name = "STAGE", value = var.stage },
+    { name = "DD_ENV", value = "${var.environment}-${var.stage}" },
+  ]
   router_web3signer_env_vars = [
     { name = "WEB3_SIGNER_PRIVATE_KEY", value = var.router_web3_signer_private_key },
     { name = "WEB3SIGNER_HTTP_HOST_ALLOWLIST", value = "*" },
@@ -326,6 +333,7 @@ locals {
       }
       prefetchSize = 1
     }
+    web3SignerUrl   = "https://${module.lighthouse_web3signer.service_endpoint}"
   })
 
   local_relayer_config = jsonencode({

diff --git a/ops/testnet/staging/core/main.tf b/ops/testnet/staging/core/main.tf
@@ -389,6 +389,34 @@ module "lighthouse_sendoutboundroot_cron" {
   memory_size         = 2048
 }
 
+module "lighthouse_web3signer" {
+  source                   = "../../../modules/service"
+  stage                    = var.stage
+  environment              = var.environment
+  domain                   = var.domain
+  region                   = var.region
+  dd_api_key               = var.dd_api_key
+  zone_id                  = data.aws_route53_zone.primary.zone_id
+  execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
+  cluster_id               = module.ecs.ecs_cluster_id
+  vpc_id                   = module.network.vpc_id
+  lb_subnets               = module.network.private_subnets
+  docker_image             = "ghcr.io/connext/web3signer:latest"
+  container_family         = "lighthouse-web3signer"
+  health_check_path        = "/upcheck"
+  container_port           = 9000
+  loadbalancer_port        = 80
+  cpu                      = 256
+  memory                   = 512
+  instance_count           = 1
+  timeout                  = 180
+  internal_lb              = true
+  ingress_cdir_blocks      = [module.network.vpc_cdir_block]
+  ingress_ipv6_cdir_blocks = []
+  service_security_groups  = flatten([module.network.allow_all_sg, module.network.ecs_task_sg])
+  cert_arn                 = var.certificate_arn_testnet
+  container_env_vars       = local.lighthouse_web3signer_env_vars
+}
 
 module "lighthouse_propose_cron" {
   source              = "../../../modules/lambda"

diff --git a/ops/testnet/staging/core/variables.tf b/ops/testnet/staging/core/variables.tf
@@ -206,3 +206,7 @@ variable "betteruptime_requester_email" {
   type    = string
   default = "[email protected]"
 }
+
+variable "lighthouse_web3_signer_private_key" {
+  type    = string
+}
diff --git a/packages/deployments/contracts/src/cli/init/config/testnet/staging.ts b/packages/deployments/contracts/src/cli/init/config/testnet/staging.ts
@@ -95,7 +95,7 @@ export const TESTNET_STAGING_INIT_CONFIG: InitConfig = {
       ],
     },
     proposers: {
-      allowlist: ["0xa2Ee8DCd2A8A3A54Cf37F6590E5108BbE502B006"],
+      allowlist: ["0xa2Ee8DCd2A8A3A54Cf37F6590E5108BbE502B006", "0xD29f9168004a13e2266eFE450D2d60eBEE8adAA1"],
     },
   },
 };