Testnet Prod sync (#5038)

* fix: networking mainnet fixes and ecr lcps (#5015) * fix: improve ecp to remove any tagged images * Radar token update (#4892) * Radar token update * update address for xerc20 * xRADAR added --------- Co-authored-by: Prathmesh <[email protected]> * feat: 5033 working linea connector (#5037) * fix: rename consensys to linea * fix: rename consensys to linea * fix: rename and verify * feat: enable linea goerli ops * chore: delete linea hub connector * chore: recreate linea hub connector --------- Co-authored-by: Carlo Mazzaferro <[email protected]> Co-authored-by: Sonmezturk <[email protected]> Co-authored-by: Prathmesh <[email protected]>
connext · Oct 20, 2023 · e7e5273 · e7e5273
1 parent 157702c
commit e7e5273
Show file tree

Hide file tree

Showing 104 changed files with 7,838 additions and 3,069 deletions.
diff --git a/ops/mainnet/prod/backend/main.tf b/ops/mainnet/prod/backend/main.tf
@@ -121,7 +121,6 @@ module "postgrest" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = "postgrest/postgrest:v10.0.0.20221011"
@@ -150,7 +149,6 @@ module "sdk-server" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_sdk_server
@@ -304,7 +302,4 @@ module "ecs" {
   environment             = var.environment
   domain                  = var.domain
   ecs_cluster_name_prefix = "nxtp-ecs"
-  vpc_id                  = module.network.vpc_id
-  private_subnets         = module.network.private_subnets
-  public_subnets          = module.network.public_subnets
 }
diff --git a/ops/mainnet/prod/core/main.tf b/ops/mainnet/prod/core/main.tf
@@ -34,7 +34,6 @@ module "router_subscriber" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_router_subscriber
@@ -64,7 +63,6 @@ module "router_publisher" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_router_publisher
@@ -94,7 +92,6 @@ module "router_executor" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_router_executor
@@ -124,8 +121,7 @@ module "router_web3signer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
-  lb_subnets               = module.network.public_subnets
+  lb_subnets               = module.network.private_subnets
   docker_image             = "ghcr.io/connext/web3signer:latest"
   container_family         = "router-web3signer"
   health_check_path        = "/upcheck"
@@ -167,7 +163,6 @@ module "sequencer_server" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   docker_image             = var.full_image_name_sequencer_server
   container_family         = "sequencer"
@@ -196,7 +191,6 @@ module "sequencer_publisher" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   docker_image             = var.full_image_name_sequencer_publisher
   container_family         = "sequencer-publisher"
@@ -236,7 +230,6 @@ module "sequencer_subscriber" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_sequencer_subscriber
@@ -278,8 +271,7 @@ module "sequencer_web3signer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
-  lb_subnets               = module.network.public_subnets
+  lb_subnets               = module.network.private_subnets
   docker_image             = "ghcr.io/connext/web3signer:latest"
   container_family         = "sequencer-web3signer"
   health_check_path        = "/upcheck"
@@ -311,7 +303,7 @@ module "lighthouse_prover_cron" {
   timeout                = 300
   memory_size            = 10240
   lambda_in_vpc          = true
-  private_subnets        = module.network.private_subnets
+  subnet_ids             = module.network.private_subnets
   lambda_security_groups = flatten([module.network.allow_all_sg, module.network.ecs_task_sg])
 
 }
@@ -327,7 +319,6 @@ module "lighthouse_prover_subscriber" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   internal_lb              = false
   docker_image             = var.full_image_name_lighthouse_prover_subscriber
@@ -407,7 +398,6 @@ module "relayer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   docker_image             = var.full_image_name_relayer
   container_family         = "relayer"
@@ -437,8 +427,7 @@ module "relayer_web3signer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
-  lb_subnets               = module.network.public_subnets
+  lb_subnets               = module.network.private_subnets
   docker_image             = "ghcr.io/connext/web3signer:latest"
   container_family         = "relayer-web3signer"
   health_check_path        = "/upcheck"
@@ -467,7 +456,6 @@ module "watcher" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
   lb_subnets               = module.network.public_subnets
   docker_image             = var.full_image_name_watcher
   container_family         = "watcher"
@@ -497,8 +485,7 @@ module "watcher_web3signer" {
   execution_role_arn       = data.aws_iam_role.ecr_admin_role.arn
   cluster_id               = module.ecs.ecs_cluster_id
   vpc_id                   = module.network.vpc_id
-  private_subnets          = module.network.private_subnets
-  lb_subnets               = module.network.public_subnets
+  lb_subnets               = module.network.private_subnets
   docker_image             = "ghcr.io/connext/web3signer:latest"
   container_family         = "watcher-web3signer"
   health_check_path        = "/upcheck"
@@ -542,9 +529,6 @@ module "ecs" {
   environment             = var.environment
   domain                  = var.domain
   ecs_cluster_name_prefix = "nxtp-ecs"
-  vpc_id                  = module.network.vpc_id
-  private_subnets         = module.network.private_subnets
-  public_subnets          = module.network.public_subnets
 }
 
 module "sequencer_cache" {
@@ -593,3 +577,8 @@ module "lighthouse_cache" {
   cache_subnet_group_subnet_ids = module.network.public_subnets
   node_type                     = "cache.r4.large"
 }
+
+module "ecr-lcp" {
+  source           = "../../../modules/ecr-lcp"
+  repository_names = ["nxtp-cartographer", "nxtp-lighthouse", "postgrest"]
+}
diff --git a/ops/modules/ecr-lcp/main.tf b/ops/modules/ecr-lcp/main.tf
@@ -0,0 +1,76 @@
+resource "aws_ecr_lifecycle_policy" "remove_old_images" {
+  for_each   = toset(var.repository_names)
+  repository = each.value
+
+  policy = <<EOF
+{
+    "rules": [
+        {
+            "rulePriority": 1,
+            "description": "Expire main images that are not the last 50",
+            "selection": {
+                "tagStatus": "tagged",
+                "tagPrefixList": ["main-"],
+                "countType": "imageCountMoreThan",
+                "countNumber": 50
+            },
+            "action": {
+                "type": "expire"
+            }
+        },
+        {
+            "rulePriority": 2,
+            "description": "Expire staging images that are not the last 20",
+            "selection": {
+                "tagStatus": "tagged",
+                "tagPrefixList": ["staging-"],
+                "countType": "imageCountMoreThan",
+                "countNumber": 20
+            },
+            "action": {
+                "type": "expire"
+            }
+        },
+        {
+            "rulePriority": 3,
+            "description": "Expire testnet-prod images that are not the last 10",
+            "selection": {
+                "tagStatus": "tagged",
+                "tagPrefixList": ["testnet-prod-"],
+                "countType": "imageCountMoreThan",
+                "countNumber": 10
+            },
+            "action": {
+                "type": "expire"
+            }
+        },
+        {
+            "rulePriority": 4,
+            "description": "Expire prod images that are not the last 5",
+            "selection": {
+                "tagStatus": "tagged",
+                "tagPrefixList": ["prod-"],
+                "countType": "imageCountMoreThan",
+                "countNumber": 5
+            },
+            "action": {
+                "type": "expire"
+            }
+        },
+        {   
+            "rulePriority": 6,
+            "description": "remove old images",
+            "selection": {
+                "tagStatus": "any",
+                "countType": "sinceImagePushed",
+                "countUnit": "days",
+                "countNumber": 180
+            },
+            "action": {
+                "type": "expire"
+            }
+        }
+    ]
+}
+EOF
+}
diff --git a/ops/modules/ecr-lcp/variables.tf b/ops/modules/ecr-lcp/variables.tf
@@ -0,0 +1,4 @@
+variable "repository_names" {
+  description = "ECR repository names"
+  type        = list(string)
+}
diff --git a/ops/modules/ecr/main.tf b/ops/modules/ecr/main.tf
@@ -3,85 +3,6 @@ resource "aws_ecr_repository" "name" {
   name     = each.value
 }
 
-resource "aws_ecr_lifecycle_policy" "remove_old_images" {
-  for_each   = aws_ecr_repository.name
-  repository = each.value.name
-
-  policy = <<EOF
-{
-    "rules": [
-        {
-            "rulePriority": 1,
-            "description": "Expire main images that are not the last 50",
-            "selection": {
-                "tagStatus": "tagged",
-                "tagPrefixList": ["main-"],
-                "countType": "imageCountMoreThan",
-                "countNumber": 50
-            },
-            "action": {
-                "type": "expire"
-            }
-        },
-        {
-            "rulePriority": 2,
-            "description": "Expire staging images that are not the last 20",
-            "selection": {
-                "tagStatus": "tagged",
-                "tagPrefixList": ["staging-"],
-                "countType": "imageCountMoreThan",
-                "countNumber": 20
-            },
-            "action": {
-                "type": "expire"
-            }
-        },
-        {
-            "rulePriority": 3,
-            "description": "Expire testnet-prod images that are not the last 10",
-            "selection": {
-                "tagStatus": "tagged",
-                "tagPrefixList": ["testnet-prod-"],
-                "countType": "imageCountMoreThan",
-                "countNumber": 10
-            },
-            "action": {
-                "type": "expire"
-            }
-        },
-        {
-            "rulePriority": 4,
-            "description": "Expire prod images that are not the last 5",
-            "selection": {
-                "tagStatus": "tagged",
-                "tagPrefixList": ["prod-"],
-                "countType": "imageCountMoreThan",
-                "countNumber": 5
-            },
-            "action": {
-                "type": "expire"
-            }
-        },
-        {
-            "rulePriority": 6,
-            "description": "Expire images older than 60 days",
-            "selection": {
-                "tagStatus": "tagged",
-                "tagPrefixList": ["main-", "staging-", "testnet-prod", "prod-"],
-                "countType": "sinceImagePushed",
-                "countUnit": "days",
-                "countNumber": 180
-            },
-            "action": {
-                "type": "expire"
-            }
-        }
-    ]
-}
-EOF
-}
-
-
 resource "aws_ecr_replication_configuration" "this" {
   replication_configuration {
 

diff --git a/ops/testnet/prod/backend/config.tf b/ops/testnet/prod/backend/config.tf
@@ -40,6 +40,9 @@ locals {
       "9991" = {
         providers = ["https://rpc.ankr.com/polygon_mumbai"]
       }
+      "1668247156" = {
+        providers = ["https://rpc.goerli.linea.build"]
+      }
     }
 
     # The following are defined in variables.tf and don't map to the
@@ -68,8 +71,7 @@ locals {
       "1735353714" = { confirmations = 10 }
       "9991"       = { confirmations = 200 }
       "1734439522" = { confirmations = 1 }
-      # "2053862260" = { confirmations = 1 }
-      # "1668247156" = { confirmations = 1 }
+      "1668247156" = { confirmations = 1 }
     }
     environment = var.stage
     healthUrls = {