remove jumpbox

README.md

@@ -103,9 +103,6 @@ Run `terraform destroy` when cleaning up all resources.
 | <a name="environment"></a> [environment](#environment) | The environment for deployment for this particular deployment | `string` | `"devnet"` | no |
 | <a name="fullnode_count"></a> [fullnode_count](#fullnode_count) | The number of full nodes that we're going to deploy | `number` | `0` | no |
 | <a name="http_rpc_port"></a> [http_rpc_port](#http_rpc_port) | The TCP port that will be used for http rpc | `number` | `10002` | no |
-| <a name="jumpbox_count"></a> [jumpbox_count](#jumpbox_count) | The number of jump boxes that we're going to deploy". | `number` | `0` | no |
-| <a name="jumpbox_instance_type"></a> [jumpbox_instance_type](#jumpbox_instance_type) | The type of instance that we're going to use for the jumpbox". | `string` | `"c6a.large"` | no |
-| <a name="jumpbox_ssh_access"></a> [jumpbox_ssh_access](#jumpbox_ssh_access) | Set the epoch size | `string` | `["0.0.0.0/0"]` | no |
 | <a name="network_acl"></a> [network_acl](#network_acl) | Which CIDRs should be allowed to access the explorer and RPC. | `list(string)` | `["0.0.0.0/0"]` | no |
 | <a name="node_storage"></a> [node_storage](#node_storage) | The size of the storage disk attached to full nodes and validators | `number` | `10` | no |
 | <a name="owner"></a> [owner](#owner) | The main point of contact for this particular deployment. | `string` |  | yes |

ansible/roles/edge/templates/edge.service

@@ -21,6 +21,10 @@ ExecStart=polygon-edge server --data-dir {{ edge_home_dir }} \
     --log-level INFO \
     --block-gas-target {{ block_gas_limit }} \
     --block-time {{ block_time }} \
+    --num-block-confirmations 2 \
+    {% if (hostvars[inventory_hostname].tags.Hostname == "validator-001") %}
+    --relayer \
+    {% endif %}
     {% if is_validator %}
     --seal
     {% endif %}

ansible/site.yml

@@ -35,13 +35,6 @@
   roles:
     - prometheus.prometheus.node_exporter
 
-- hosts: jumpbox:&{{ current_deploy_inventory }}
-  become: true
-  tags:
-    - jumpbox
-  roles:
-    - role: jumpbox
-
 - hosts: fullnode:validator:&{{ current_deploy_inventory }}
   become: true
   tags:

main.tf

@@ -51,14 +51,12 @@ module "ec2" {
   base_ami              = local.base_ami
   fullnode_count        = var.fullnode_count
   validator_count       = var.validator_count
-  jumpbox_count         = var.jumpbox_count
   base_devnet_key_name  = format("%s_ssh_key", var.deployment_name)
   private_network_mode  = var.private_network_mode
   network_type          = local.network_type
   deployment_name       = var.deployment_name
   create_ssh_key        = var.create_ssh_key
   devnet_key_value      = var.devnet_key_value
-  jumpbox_instance_type = var.jumpbox_instance_type
 
   devnet_private_subnet_ids = module.networking.devnet_private_subnet_ids
   devnet_public_subnet_ids  = module.networking.devnet_public_subnet_ids
@@ -95,23 +93,19 @@ module "securitygroups" {
   depends_on = [
     module.networking
   ]
-  jumpbox_count      = var.jumpbox_count
   network_type       = local.network_type
   deployment_name    = var.deployment_name
-  jumpbox_ssh_access = var.jumpbox_ssh_access
   network_acl        = var.network_acl
   http_rpc_port      = var.http_rpc_port
 
   devnet_id                               = module.networking.devnet_id
   validator_primary_network_interface_ids = module.ec2.validator_primary_network_interface_ids
   fullnode_primary_network_interface_ids  = module.ec2.fullnode_primary_network_interface_ids
-  jumpbox_primary_network_interface_ids   = module.ec2.jumpbox_primary_network_interface_ids
 }
 
 module "ssm" {
   source             = "./modules/ssm"
   base_dn            = local.base_dn
-  jumpbox_ssh_access = var.jumpbox_ssh_access
   deployment_name    = var.deployment_name
   network_type       = local.network_type
 }

modules/ec2/main.tf

@@ -80,25 +80,4 @@ resource "aws_instance" "fullnode" {
     Hostname = format("fullnode-%03d", count.index + 1)
     Role     = "fullnode"
   }
-}
-
-resource "aws_instance" "jumpbox" {
-  ami                  = var.base_ami
-  instance_type        = var.jumpbox_instance_type
-  count                = var.jumpbox_count
-  key_name             = aws_key_pair.devnet.key_name
-  subnet_id            = element(var.devnet_public_subnet_ids, count.index)
-  iam_instance_profile = var.ec2_profile_name
-
-  root_block_device {
-    delete_on_termination = true
-    volume_size           = 30
-    volume_type           = "gp2"
-  }
-
-  tags = {
-    Name     = format("jumpbox-%03d.%s", count.index + 1, var.base_dn)
-    Hostname = format("jumpbox-%03d", count.index + 1)
-    Role     = "jumpbox"
-  }
 }

modules/ec2/outputs.tf

@@ -23,7 +23,4 @@ output "validator_primary_network_interface_ids" {
 }
 output "fullnode_primary_network_interface_ids" {
   value = aws_instance.fullnode.*.primary_network_interface_id
-}
-output "jumpbox_primary_network_interface_ids" {
-  value = aws_instance.jumpbox.*.primary_network_interface_id
 }

modules/ec2/variables.tf

@@ -19,11 +19,6 @@ variable "validator_count" {
   description = "The number of validators that we're going to deploy"
   type        = number
 }
-
-variable "jumpbox_count" {
-  description = "The number of jump boxes that we're going to deploy"
-  type        = number
-}
 variable "private_network_mode" {
   description = "True if vms should bey default run in the private subnets"
   type        = bool
@@ -58,8 +53,4 @@ variable "devnet_public_subnet_ids" {
 
 variable "ec2_profile_name" {
   type = string
-}
-variable "jumpbox_instance_type" {
-  description = "The type of instance that we're going to use for the jumpbox"
-  type        = string
-}
+}

modules/securitygroups/main.tf

@@ -32,7 +32,7 @@ resource "aws_security_group_rule" "all_node_instances" {
 }
 
 locals {
-  all_primary_network_interface_ids = concat(var.validator_primary_network_interface_ids, var.fullnode_primary_network_interface_ids, var.jumpbox_primary_network_interface_ids)
+  all_primary_network_interface_ids = concat(var.validator_primary_network_interface_ids, var.fullnode_primary_network_interface_ids)
   p2p_primary_network_interface_ids = concat(var.validator_primary_network_interface_ids, var.fullnode_primary_network_interface_ids)
 }
 
@@ -42,25 +42,6 @@ resource "aws_network_interface_sg_attachment" "all_node_instances" {
   network_interface_id = local.all_primary_network_interface_ids[count.index]
 }
 
-resource "aws_security_group" "open_ssh" {
-  name        = "open-ssh-access"
-  description = "configuration for open ssh access"
-  vpc_id      = var.devnet_id
-}
-resource "aws_security_group_rule" "open_ssh" {
-  type              = "ingress"
-  from_port         = 22
-  to_port           = 22
-  protocol          = "TCP"
-  cidr_blocks       = var.jumpbox_ssh_access
-  security_group_id = aws_security_group.open_ssh.id
-}
-resource "aws_network_interface_sg_attachment" "open_ssh" {
-  count                = var.jumpbox_count
-  security_group_id    = aws_security_group.open_ssh.id
-  network_interface_id = element(var.jumpbox_primary_network_interface_ids, count.index)
-}
-
 resource "aws_security_group" "open_rpc" {
   name        = "internal-rpc-access"
   description = "Allowing internal rpc"

modules/securitygroups/variables.tf

@@ -1,8 +1,3 @@
-variable "jumpbox_count" {
-  description = "The number of jump boxes that we're going to deploy"
-  type        = number
-  default     = 1
-}
 variable "network_type" {
   description = "An identifier to indicate what type of network this is"
   type        = string
@@ -11,10 +6,6 @@ variable "deployment_name" {
   description = "The unique name for this particular deployment"
   type        = string
 }
-variable "jumpbox_ssh_access" {
-  description = "Which CIDRs should be allow to SSH into the jumpbox"
-  type        = list(string)
-}
 variable "network_acl" {
   description = "Which CIDRs should be allowed to access the explorer and RPC"
   type        = list(string)
@@ -33,7 +24,4 @@ variable "validator_primary_network_interface_ids" {
 }
 variable "fullnode_primary_network_interface_ids" {
   type = list(string)
-}
-variable "jumpbox_primary_network_interface_ids" {
-  type = list(string)
 }

modules/ssm/variables.tf

@@ -2,10 +2,6 @@ variable "base_dn" {
   description = "Value of the base domain name to identify the resources"
   type        = string
 }
-variable "jumpbox_ssh_access" {
-  description = "Which CIDRs should be allow to SSH into the jumpbox"
-  type        = list(string)
-}
 variable "deployment_name" {
   description = "The unique name for this particular deployment"
   type        = string

variables.tf

@@ -68,24 +68,6 @@ variable "http_rpc_port" {
   default     = 10002
 }
 
-variable "jumpbox_count" {
-  description = "The number of jump boxes that we're going to deploy"
-  type        = number
-  default     = 0
-}
-
-variable "jumpbox_instance_type" {
-  description = "The type of instance that we're going to use for the jumpbox"
-  type        = string
-  default     = "c6a.large"
-}
-
-variable "jumpbox_ssh_access" {
-  description = "Which CIDRs should be allow to SSH into the jumpbox"
-  type        = list(string)
-  default     = ["0.0.0.0/0"]
-}
-
 variable "network_acl" {
   description = "Which CIDRs should be allowed to access the explorer and RPC"
   type        = list(string)