-
Notifications
You must be signed in to change notification settings - Fork 39
223 lines (204 loc) · 10.1 KB
/
manual-deploy-testnet-l1.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
# Deploys a L1 network on Azure for Testnet / Dev-Testnet
# Builds the l1 network image, kills any running VM, pushes the image to dockerhub and starts the l1 network on azure
#
# The L1 network is a docker container that runs 1 x (eth node + prysm beacon + prysm validator)
# It exposes the following ports:
# HTTP: 8025, 8026
# WebSocket: 9000, 9001
#
# Exposes the following addresses: (only accessible internally)
# uat-testnet-eth2network-DEPLOYNUMBER.uksouth.azurecontainer.io
# or
# dev-testnet-eth2network-DEPLOYNUMBER.uksouth.azurecontainer.io
#
# The scheduled deployment runs at 03:05 on every day-of-week from Tuesday through Saturday, for dev-testnet only.
name: '[M] Deploy Testnet L1'
run-name: '[M] Deploy Testnet L1 ( ${{ github.event.inputs.testnet_type }} )'
on:
workflow_dispatch:
inputs:
testnet_type:
description: 'Testnet Type'
required: true
default: 'dev-testnet'
type: choice
options:
- 'dev-testnet'
- 'uat-testnet'
jobs:
build-and-deploy:
runs-on: ubuntu-latest
environment:
name: ${{ github.event.inputs.testnet_type }}
steps:
- name: 'Print GitHub variables'
# This is a useful record of what the environment variables were at the time the job ran, for debugging and reference
run: |
echo "GitHub Variables = ${{ toJSON(vars) }}"
- uses: actions/checkout@v4
- name: 'Set up Docker'
uses: docker/setup-buildx-action@v1
- name: 'Login via Azure CLI'
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: 'Login to Azure docker registry'
uses: azure/docker-login@v1
with:
login-server: testnetobscuronet.azurecr.io
username: testnetobscuronet
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: 'Build and push image'
# DOCKER_BUILDKIT=1 will enable the new docker build kit that allows us to use build only caches on RUN commands.
# Tag the same image with 2 tags and push with the -a flag which pushes all images
run: |
DOCKER_BUILDKIT=1 docker build -t ${{ vars.DOCKER_BUILD_TAG_ETH2NETWORK }} -f testnet/eth2network.Dockerfile .
docker push ${{ vars.DOCKER_BUILD_TAG_ETH2NETWORK }}
# This will fail some deletions due to resource dependencies ( ie. you must first delete the vm before deleting the disk)
- name: 'Delete deployed VMs'
uses: azure/CLI@v1
with:
inlineScript: |
$(az resource list --tag ${{ vars.AZURE_DEPLOY_GROUP_L1 }}=true --query '[]."id"' -o tsv | xargs -n1 az resource delete --verbose -g Testnet --ids) || true
# This will clean up any lingering dependencies - might fail if there are no resources to cleanup
- name: 'Delete VMs dependencies'
uses: azure/CLI@v1
with:
inlineScript: |
$(az resource list --tag ${{ vars.AZURE_DEPLOY_GROUP_L1 }}=true --query '[]."id"' -o tsv | xargs -n1 az resource delete --verbose -g Testnet --ids) || true
- name: 'Create VM for "${{ github.event.inputs.testnet_type }}-eth2network-${{ GITHUB.RUN_NUMBER }}" on Azure'
uses: azure/CLI@v1
with:
inlineScript: |
az vm create -g Testnet -n "${{ github.event.inputs.testnet_type }}-eth2network-${{ GITHUB.RUN_NUMBER }}" \
--admin-username obscurouser --admin-password "${{ secrets.OBSCURO_NODE_VM_PWD }}" \
--public-ip-address-dns-name "${{ github.event.inputs.testnet_type }}-eth2network" \
--tags ${{ vars.AZURE_DEPLOY_GROUP_L1 }}=true \
--vnet-name ${{ github.event.inputs.testnet_type }}-eth2network-01VNET --subnet ${{ github.event.inputs.testnet_type }}-eth2network-01Subnet \
--size Standard_D3_v2 --image Canonical:0001-com-ubuntu-server-jammy:22_04-lts:latest \
--public-ip-sku Basic --authentication-type password
- name: 'Open Obscuro node-${{ matrix.host_id }} ports on Azure'
uses: azure/CLI@v1
with:
inlineScript: |
az vm open-port -g Testnet -n "${{ github.event.inputs.testnet_type }}-eth2network-${{ GITHUB.RUN_NUMBER }}" --port 8025,8026,9000,9001,12600
# To overcome issues with critical VM resources being unavailable, we need to wait for the VM to be ready
- name: 'Allow time for VM initialization'
shell: bash
run: sleep 60
- name: 'Start l1 ${{ github.event.inputs.testnet_type }}-eth2network-${{ GITHUB.RUN_NUMBER }} on Azure'
uses: azure/CLI@v1
with:
inlineScript: |
az vm run-command invoke -g Testnet -n "${{ github.event.inputs.testnet_type }}-eth2network-${{ GITHUB.RUN_NUMBER }}" \
--command-id RunShellScript \
--scripts 'mkdir -p /home/obscuro \
&& sudo apt-get update \
&& sudo apt-get install -y gcc \
&& sudo snap refresh \
&& curl -fsSL https://get.docker.com -o get-docker.sh && sh ./get-docker.sh \
&& docker network create --driver bridge l1_network || true \
&& mkdir -p /home/obscuro/metrics \
&& echo "
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
clients:
- url: ${{ vars.LOKI_URI }}
batchwait: 3s
batchsize: 1048576
tls_config:
insecure_skip_verify: true
basic_auth:
username: ${{ secrets.LOKI_USER }}
password: ${{ secrets.LOKI_PASSWORD }}
scrape_configs:
- job_name: flog_scrape
docker_sd_configs:
- host: unix:///var/run/docker.sock
refresh_interval: 5s
relabel_configs:
- source_labels: [\"__meta_docker_container_name\"]
regex: \"/(.*)\"
target_label: \"container\"
- source_labels: [\"__meta_docker_container_log_stream\"]
target_label: \"logstream\"
- source_labels: [\"__meta_docker_container_label_logging_jobname\"]
target_label: \"job\"
- replacement: ${{ github.event.inputs.testnet_type }}-eth2network-${{ GITHUB.RUN_NUMBER }}
target_label: "node_name"
" > /home/obscuro/metrics/promtail-config.yaml \
&& echo "
global:
scrape_interval: 15s
evaluation_interval: 15s
remote_write:
- url: ${{ vars.PROMETHEUS_URI }}
tls_config:
insecure_skip_verify: true
basic_auth:
username: ${{ secrets.LOKI_USER }}
password: ${{ secrets.LOKI_PASSWORD }}
scrape_configs:
# Node metrics
- job_name: node-${{ github.event.inputs.testnet_type }}-eth2network-${{ GITHUB.RUN_NUMBER }}
scrape_interval: 5s # Frequent scrapes for node metrics
static_configs:
- targets:
- node_exporter:9100 # Node Exporter instance
relabel_configs:
- source_labels: [job]
target_label: 'node'
replacement: ${{ github.event.inputs.testnet_type }}-eth2network-${{ GITHUB.RUN_NUMBER }}
# Container metrics
- job_name: container-${{ github.event.inputs.testnet_type }}-eth2network-${{ GITHUB.RUN_NUMBER }}
scrape_interval: 5s
static_configs:
- targets:
- cadvisor:8080 # cAdvisor instance for container metrics
relabel_configs:
- source_labels: [job]
target_label: 'node'
replacement: ${{ github.event.inputs.testnet_type }}-eth2network-${{ GITHUB.RUN_NUMBER }}
" > /home/obscuro/metrics/prometheus.yaml \
&& docker run -d --name promtail \
--network l1_network \
-e HOSTNAME=${{ github.event.inputs.testnet_type }}-eth2network-${{ GITHUB.RUN_NUMBER }} \
-v /var/log:/var/log \
-v /home/obscuro/metrics:/etc/promtail \
-v /var/lib/docker/containers:/var/lib/docker/containers:ro \
-v /var/run/docker.sock:/var/run/docker.sock \
grafana/promtail:latest \
-config.file=/etc/promtail/promtail-config.yaml -config.expand-env=true \
&& docker volume create prometheus-data \
&& docker run -d --name prometheus \
--network l1_network \
-p 9090:9090 \
-v /home/obscuro/metrics/prometheus.yaml:/etc/prometheus/prometheus.yml \
-v prometheus-data:/prometheus \
prom/prometheus:latest \
--config.file=/etc/prometheus/prometheus.yml \
&& docker run -d --name node_exporter \
--network l1_network \
-p 9100:9100 \
--pid="host" \
-v /:/host:ro \
quay.io/prometheus/node-exporter:latest \
--path.rootfs=/host \
&& docker run -d --name cadvisor \
--network l1_network \
-p 8080:8080 \
--privileged \
-v /:/rootfs:ro \
-v /var/run:/var/run:ro \
-v /sys:/sys:ro \
-v /var/lib/docker/:/var/lib/docker:ro \
-v /dev/disk/:/dev/disk:ro \
gcr.io/cadvisor/cadvisor:latest \
&& docker run -d \
-p 8025:8025 -p 8026:8026 -p 9000:9000 -p 9001:9001 -p 12600:12600 \
--entrypoint /home/obscuro/go-obscuro/integration/eth2network/main/main ${{ vars.DOCKER_BUILD_TAG_ETH2NETWORK }} \
--gethHTTPStartPort=8025 --gethWSStartPort=9000 --prysmBeaconGatewayStartPort=12600 \
--prefundedAddrs="${{ vars.ACCOUNT_ADDR_WORKER }},${{ vars.ACCOUNT_ADDR_NODE_0 }},${{ vars.ACCOUNT_ADDR_NODE_1 }},${{ vars.ACCOUNT_ADDR_NODE_2 }},${{ vars.ACCOUNT_ADDR_L1_BRIDGE_TEST }}"'