diff --git a/Dockerfiles/Dockerfile.agent-provisioning b/Dockerfiles/Dockerfile.agent-provisioning index 4b827611b..3df1af321 100644 --- a/Dockerfiles/Dockerfile.agent-provisioning +++ b/Dockerfiles/Dockerfile.agent-provisioning @@ -9,6 +9,7 @@ RUN set -eux \ aws-cli \ docker \ docker-compose \ + jq \ && npm install -g pnpm --ignore-scripts \ && export PATH=$PATH:/usr/lib/node_modules/pnpm/bin \ && rm -rf /var/cache/apk/* @@ -46,6 +47,7 @@ RUN set -eux \ aws-cli \ docker \ docker-compose \ + jq \ && npm install -g pnpm --ignore-scripts \ && export PATH=$PATH:/usr/lib/node_modules/pnpm/bin \ && rm -rf /var/cache/apk/* diff --git a/apps/agent-provisioning/AFJ/scripts/fargate.sh b/apps/agent-provisioning/AFJ/scripts/fargate.sh index 6c43ca208..bb8ea9b66 100644 --- a/apps/agent-provisioning/AFJ/scripts/fargate.sh +++ b/apps/agent-provisioning/AFJ/scripts/fargate.sh @@ -1,4 +1,3 @@ - #!/bin/sh START_TIME=$(date +%s) @@ -19,62 +18,17 @@ TENANT=${13} AFJ_VERSION=${14} INDY_LEDGER=${15} INBOUND_ENDPOINT=${16} -AWS_ACCOUNT_ID=${17} -S3_BUCKET_ARN=${18} -CLUSTER_NAME=${19} -FILESYSTEMID=${20} -ACCESSPOINTID=${21} -VPC_ID=${22} -ECS_SUBNET_ID=${23} -ALB_SUBNET_ID_ONE=${24} -ALB_SUBNET_ID_TWO=${25} -EFS_SECURITY_GROUP_ID=${26} -AWS_PUBLIC_REGION=${27} -STAGE=${28} -AGENT_WEBSOCKET_PROTOCOL=${29} -DB_SECURITY_GROUP_ID=${30} -TESKDEFINITION_FAMILY="${STAGE}_${CONTAINER_NAME}_TASKDEFITION" - - -echo "START_TIME: $START_TIME" -echo "AGENCY: $AGENCY" -echo "EXTERNAL_IP: $EXTERNAL_IP" -echo "WALLET_NAME: $WALLET_NAME" -echo "WALLET_PASSWORD: $WALLET_PASSWORD" -echo "RANDOM_SEED: $RANDOM_SEED" -echo "WEBHOOK_HOST: $WEBHOOK_HOST" -echo "WALLET_STORAGE_HOST: $WALLET_STORAGE_HOST" -echo "WALLET_STORAGE_PORT: $WALLET_STORAGE_PORT" -echo "WALLET_STORAGE_USER: $WALLET_STORAGE_USER" -echo "WALLET_STORAGE_PASSWORD: $WALLET_STORAGE_PASSWORD" -echo "CONTAINER_NAME: $CONTAINER_NAME" -echo "PROTOCOL: $PROTOCOL" -echo "TENANT: $TENANT" -echo "AFJ_VERSION: $AFJ_VERSION" -echo "INDY_LEDGER: $INDY_LEDGER" -echo "INBOUND_ENDPOINT: $INBOUND_ENDPOINT" -echo "AWS_ACCOUNT_ID: $AWS_ACCOUNT_ID" -echo "S3_BUCKET_ARN: $S3_BUCKET_ARN" -echo "CLUSTER_NAME: $CLUSTER_NAME" -echo "TESKDEFINITION_FAMILY: $TESKDEFINITION_FAMILY" -echo "FILESYSTEMID: $FILESYSTEMID" -echo "ACCESSPOINTID: $ACCESSPOINTID" -echo "VPC_ID: $VPC_ID" -echo "ECS_SUBNET_ID: $ECS_SUBNET_ID" -echo "ALB_SUBNET_ID_ONE: $ALB_SUBNET_ID_ONE" -echo "ALB_SUBNET_ID_TWO: $ALB_SUBNET_ID_TWO" -echo "SSL_CRTS: $SSL_CRTS" -echo "EFS_SECURITY_GROUP_ID: $EFS_SECURITY_GROUP_ID" -echo "AGENT_URL: $AGENT_URL" -echo "AWS_PUBLIC_REGION: $AWS_PUBLIC_REGION" -echo "STAGE: $STAGE" -echo "AGENT_WEBSOCKET_PROTOCOL: $AGENT_WEBSOCKET_PROTOCOL" -echo "ALB_SECURITY_GROUP_ID: $ALB_SECURITY_GROUP_ID" -echo "ADMIN_TG_ARN: $ADMIN_TG_ARN" -echo "INBOUND_TG_ARN: $INBOUND_TG_ARN" -echo "AGENT_INBOUND_URL: $AGENT_INBOUND_URL" -echo "DB_SECURITY_GROUP_ID: $DB_SECURITY_GROUP_ID" - +SCHEMA_FILE_SERVER_URL=${17} +AGENT_API_KEY=${18} +AWS_ACCOUNT_ID=${19} +S3_BUCKET_ARN=${20} +CLUSTER_NAME=${21} +TASKDEFINITION_FAMILY=${22} +ADMIN_TG_ARN=${23} +INBOUND_TG_ARN=${24} +FILESYSTEMID=${25} +ECS_SUBNET_ID=${26} +ECS_SECURITY_GROUP_ID=${27} DESIRED_COUNT=1 @@ -88,12 +42,10 @@ random_string=$(generate_random_string) # Print the generated random string echo "Random String: $random_string" -SERVICE_NAME="${AGENCY}-${CONTAINER_NAME}-service-${random_string}" +SERVICE_NAME="${CONTAINER_NAME}-service" EXTERNAL_IP=$(echo "$2" | tr -d '[:space:]') ADMIN_PORT_FILE="$PWD/agent-provisioning/AFJ/port-file/last-admin-port.txt" INBOUND_PORT_FILE="$PWD/agent-provisioning/AFJ/port-file/last-inbound-port.txt" -echo "AGENCY: $SERVICE_NAME" -echo "EXTERNAL_IP: $EXTERNAL_IP" ADMIN_PORT=8001 INBOUND_PORT=9001 @@ -144,209 +96,24 @@ echo "Last used admin port: $ADMIN_PORT" echo "Last used inbound port: $INBOUND_PORT" echo "AGENT SPIN-UP STARTED" +# Define a regular expression pattern for IP address +IP_REGEX="^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$" -#CLUSTER_NAME=$(aws ecs create-cluster --cluster-name ${CONTAINER_NAME}) - -# Create security groups -ALB_SECURITY_GROUP_ID=$(aws ec2 create-security-group --group-name "${STAGE}-${AGENCY}-${random_string}-alb-sg" --description "Security group for ALB" --vpc-id $VPC_ID --output text) -ECS_SECURITY_GROUP_ID=$(aws ec2 create-security-group --group-name "${STAGE}-${AGENCY}-${random_string}-ecs-sg" --description "Security group for ECS Fargate service" --vpc-id $VPC_ID --output text) - -echo "ALB_SECURITY_GROUP_ID:$ALB_SECURITY_GROUP_ID" -echo "ECS_SECURITY_GROUP_ID:$ECS_SECURITY_GROUP_ID" -echo "EFS_SECURITY_GROUP_ID:$SECURITY_GROUP_ID" - -# Allow inbound traffic from the ECS Fargate security group to the EFS security group on NFS port -aws ec2 authorize-security-group-ingress \ - --group-id "$EFS_SECURITY_GROUP_ID" \ - --protocol tcp \ - --port 2049 \ - --source-group "$ECS_SECURITY_GROUP_ID" \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=${STAGE}-${AGENCY}-${CONTAINER_NAME}-allow},{Key=ENV,Value=test}]" \ - --region $AWS_PUBLIC_REGION - -# Authorize inbound traffic for ALB security group from ECS security group -aws ec2 authorize-security-group-ingress \ - --group-id "$ECS_SECURITY_GROUP_ID" \ - --protocol tcp \ - --port "$ADMIN_PORT" \ - --source-group "$ALB_SECURITY_GROUP_ID" \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=${STAGE}-${AGENCY}-${CONTAINER_NAME}-alb-sg},{Key=ENV,Value=test}]" \ - --region $AWS_PUBLIC_REGION - - -# Authorize outbound traffic for ALB security group from ECS security group -aws ec2 authorize-security-group-egress \ - --group-id "$ECS_SECURITY_GROUP_ID" \ - --protocol tcp \ - --port "$ADMIN_PORT" \ - --source-group "$ALB_SECURITY_GROUP_ID" \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=${STAGE}-${AGENCY}-${CONTAINER_NAME}-alb-sg},{Key=ENV,Value=test}]" \ - --region $AWS_PUBLIC_REGION - - -# Authorize inbound traffic for ALB security group from ECS security group -aws ec2 authorize-security-group-ingress \ - --group-id "$ECS_SECURITY_GROUP_ID" \ - --protocol tcp \ - --port "$INBOUND_PORT" \ - --source-group "$ALB_SECURITY_GROUP_ID" \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=${STAGE}-${AGENCY}-${CONTAINER_NAME}-alb-sg},{Key=ENV,Value=test}]" \ - --region $AWS_PUBLIC_REGION - -# Authorize outbound traffic for ALB security group from ECS security group -aws ec2 authorize-security-group-egress \ - --group-id "$ECS_SECURITY_GROUP_ID" \ - --protocol tcp \ - --port "$INBOUND_PORT" \ - --source-group "$ALB_SECURITY_GROUP_ID" \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=${STAGE}-${AGENCY}-${CONTAINER_NAME}-alb-sg},{Key=ENV,Value=test}]" \ - --region $AWS_PUBLIC_REGION - -# Authorize inbound traffic for ECS security group from DB security group -aws ec2 authorize-security-group-ingress \ - --group-id "$DB_SECURITY_GROUP_ID" \ - --protocol tcp \ - --port "$WALLET_STORAGE_PORT" \ - --source-group "$ECS_SECURITY_GROUP_ID" \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=${STAGE}-${AGENCY}-${CONTAINER_NAME}-ecs-sg},{Key=ENV,Value=test}]" \ - --region $AWS_PUBLIC_REGION - -# Authorize outbound traffic for ECS security group from DB security group -aws ec2 authorize-security-group-egress \ - --group-id "$DB_SECURITY_GROUP_ID" \ - --protocol tcp \ - --port "$WALLET_STORAGE_PORT" \ - --source-group "$ECS_SECURITY_GROUP_ID" \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=${STAGE}-${AGENCY}-${CONTAINER_NAME}-ecs-sg},{Key=ENV,Value=test}]" \ - --region $AWS_PUBLIC_REGION - -# Authorize inbound traffic for ALB security group from ECS security group -aws ec2 authorize-security-group-ingress \ - --group-id "$ALB_SECURITY_GROUP_ID" \ - --ip-permissions IpProtocol=tcp,FromPort=443,ToPort=443,IpRanges='[{CidrIp=0.0.0.0/0,Description="Allowing 0.0.0.0/0 to the LB port"}]' \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=allow-the-world}]" \ - --region $AWS_PUBLIC_REGION - -# Authorize outbound traffic for ALB security group from ECS security group -aws ec2 authorize-security-group-egress \ - --group-id "$ALB_SECURITY_GROUP_ID" \ - --protocol tcp \ - --port "$ADMIN_PORT" \ - --source-group "$ECS_SECURITY_GROUP_ID" \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=${STAGE}-${AGENCY}-${CONTAINER_NAME}-adminalb-sg},{Key=ENV,Value=test}]" \ - --region $AWS_PUBLIC_REGION - -# Authorize inbound traffic for ALB security group from ECS security group -aws ec2 authorize-security-group-ingress \ - --group-id "$ALB_SECURITY_GROUP_ID" \ - --ip-permissions IpProtocol=tcp,FromPort=80,ToPort=80,IpRanges='[{CidrIp=0.0.0.0/0,Description="Allowing 0.0.0.0/0 to the LB port"}]' \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=allow-the-world}]" \ - --region $AWS_PUBLIC_REGION - -# Authorize outbound traffic of ALB security group for ECS security group -aws ec2 authorize-security-group-egress \ - --group-id "$ALB_SECURITY_GROUP_ID" \ - --protocol tcp \ - --port "$INBOUND_PORT" \ - --source-group "$ECS_SECURITY_GROUP_ID" \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=${STAGE}-${AGENCY}-${CONTAINER_NAME}-inboundalb-sg},{Key=ENV,Value=test}]" \ - --region $AWS_PUBLIC_REGION - - -# Create Target Groups for admin port -ADMIN_TG_ARN=$(aws elbv2 create-target-group \ - --name "${STAGE}-${ADMIN_PORT}-tg" \ - --protocol HTTP \ - --port 80 \ - --target-type ip \ - --vpc-id $VPC_ID \ - --health-check-protocol HTTP \ - --health-check-port $ADMIN_PORT \ - --health-check-path /agent \ - --health-check-interval-seconds 120 \ - --query 'TargetGroups[0].TargetGroupArn' \ - --output text) - - -echo "admin-tg-arm: $ADMIN_TG_ARN" - -# Create Target Groups for inbound port -INBOUND_TG_ARN=$(aws elbv2 create-target-group --name "${STAGE}-${INBOUND_PORT}-tg" --protocol HTTP --port 80 --target-type ip --vpc-id $VPC_ID --query 'TargetGroups[0].TargetGroupArn' --output text) - -echo "admin-tg-arm: $INBOUND_TG_ARN" - - -# Create Application Load Balancer -ADMIN_ALB_ARN=$(aws elbv2 create-load-balancer \ ---name $STAGE-$CONTAINER_NAME-${ADMIN_PORT}-alb \ ---subnets $ALB_SUBNET_ID_ONE $ALB_SUBNET_ID_TWO \ ---tags "[{\"Key\":\"Name\", \"Value\":\"${CONTAINER_NAME}-alb\"}]" \ ---type application \ ---scheme internet-facing \ ---security-groups $ALB_SECURITY_GROUP_ID \ ---region $AWS_PUBLIC_REGION \ ---query "LoadBalancers[0].LoadBalancerArn" \ ---output text) - -# Describe the ALB to retrieve its DNS name -ADMIN_ALB_DNS=$(aws elbv2 describe-load-balancers \ ---load-balancer-arns $ADMIN_ALB_ARN \ ---query "LoadBalancers[0].DNSName" \ ---output text) - -echo "ALB DNS: $ADMIN_ALB_DNS" - -# Create HTTP listener -aws elbv2 create-listener \ - --load-balancer-arn "$ADMIN_ALB_ARN" \ - --protocol HTTP \ - --port 80 \ - --default-actions Type=forward,TargetGroupArn="$ADMIN_TG_ARN" \ - --region "$AWS_PUBLIC_REGION" - - - -# Create Application Load Balancer -INBOUND_ALB_ARN=$(aws elbv2 create-load-balancer \ ---name $STAGE-$CONTAINER_NAME-${INBOUND_PORT}-alb \ ---subnets $ALB_SUBNET_ID_ONE $ALB_SUBNET_ID_TWO \ ---tags "[{\"Key\":\"Name\", \"Value\":\"${CONTAINER_NAME}-alb\"}]" \ ---type application \ ---scheme internet-facing \ ---security-groups $ALB_SECURITY_GROUP_ID \ ---region $AWS_PUBLIC_REGION \ ---query "LoadBalancers[0].LoadBalancerArn" \ ---output text) - -# Describe the ALB to retrieve its DNS name -INBOUND_ALB_DNS=$(aws elbv2 describe-load-balancers \ ---load-balancer-arns $INBOUND_ALB_ARN \ ---query "LoadBalancers[0].DNSName" \ ---output text) - -echo "INBOUND_ALB DNS: $INBOUND_ALB_DNS" - -#add listner to inbound -aws elbv2 create-listener \ - --load-balancer-arn $INBOUND_ALB_ARN \ - --protocol HTTP \ - --port 80 \ - --default-actions Type=forward,TargetGroupArn=$INBOUND_TG_ARN \ - --region $AWS_PUBLIC_REGION - - -# modify health check of inboud tg -aws elbv2 modify-target-group \ - --target-group-arn $INBOUND_TG_ARN \ - --health-check-protocol HTTP \ - --health-check-port "traffic-port" \ - --health-check-path "/" \ - --health-check-interval-seconds 30 \ - --healthy-threshold-count 3 \ - --unhealthy-threshold-count 3 \ - --matcher "HttpCode=404" \ - --region $AWS_PUBLIC_REGION - +# Check if INBOUND_ENDPOINT is a domain or IP address +if [[ $INBOUND_ENDPOINT =~ ^https?://[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then + echo "INBOUND_ENDPOINT is a domain: $INBOUND_ENDPOINT" + # Extracting the domain name without the protocol + AGENT_ENDPOINT=$(echo "$INBOUND_ENDPOINT" | sed 's/^https\?:\/\///') +else + # Check if the input is an IP address + if [[ $INBOUND_ENDPOINT =~ $IP_REGEX ]]; then + echo "INBOUND_ENDPOINT is an IP address: $INBOUND_ENDPOINT" + # Adding the protocol to the IP address + AGENT_ENDPOINT="${PROTOCOL}://${INBOUND_ENDPOINT}:${INBOUND_PORT}" + else + echo "Invalid input for INBOUND_ENDPOINT: $INBOUND_ENDPOINT" + fi +fi # Generate the agent config JSON cat <$PWD/agent-provisioning/AFJ/agent-config/${AGENCY}_${CONTAINER_NAME}.json @@ -363,7 +130,7 @@ cat <$PWD/agent-provisioning/AFJ/agent-config/${AGENCY}_${CONTAINER_NAME}. "walletScheme": "DatabasePerWallet", "indyLedger": $INDY_LEDGER, "endpoint": [ - "http://$INBOUND_ALB_DNS" + "$INBOUND_ENDPOINT" ], "autoAcceptConnections": true, "autoAcceptCredentials": "contentApproved", @@ -371,16 +138,18 @@ cat <$PWD/agent-provisioning/AFJ/agent-config/${AGENCY}_${CONTAINER_NAME}. "logLevel": 5, "inboundTransport": [ { - "transport": "$AGENT_WEBSOCKET_PROTOCOL", - "port": "$INBOUND_PORT" + "transport": "$PROTOCOL", + "port": $INBOUND_PORT } ], "outboundTransport": [ - "$AGENT_WEBSOCKET_PROTOCOL" + "$PROTOCOL" ], "webhookUrl": "$WEBHOOK_HOST/wh/$AGENCY", "adminPort": $ADMIN_PORT, - "tenancy": $TENANT + "tenancy": $TENANT, + "schemaFileServerURL": "$SCHEMA_FILE_SERVER_URL", + "apiKey": "$AGENT_API_KEY" } EOF @@ -390,9 +159,9 @@ CONTAINER_DEFINITIONS=$( [ { "name": "$CONTAINER_NAME", - "image": "${AFJ_IMAGE_URL}", - "cpu": 256, - "memory": 512, + "image": "${AFJ_VERSION}", + "cpu": 307, + "memory": 358, "portMappings": [ { "containerPort": $ADMIN_PORT, @@ -425,7 +194,7 @@ CONTAINER_DEFINITIONS=$( ], "mountPoints": [ { - "sourceVolume": "AGENT-CONFIG", + "sourceVolume": "config", "containerPath": "/config", "readOnly": true } @@ -434,16 +203,16 @@ CONTAINER_DEFINITIONS=$( "volumesFrom": [], "ulimits": [], "logConfiguration": { - "logDriver": "awslogs", - "options": { - "awslogs-create-group": "true", - "awslogs-group": "/ecs/$TESKDEFINITION_FAMILY", - "awslogs-region": "$AWS_PUBLIC_REGION", - "awslogs-stream-prefix": "ecs" - }, - "secretOptions": [] - } - } + "logDriver": "awslogs", + "options": { + "awslogs-create-group": "true", + "awslogs-group": "/ecs/$TASKDEFINITION_FAMILY", + "awslogs-region": "$AWS_PUBLIC_REGION", + "awslogs-stream-prefix": "ecs" +} + }, + "ulimits": [] +} ] EOF ) @@ -451,28 +220,27 @@ EOF # Define the task definition JSON TASK_DEFINITION=$(cat < task_definition.json TASK_DEFINITION_ARN=$(aws ecs register-task-definition --cli-input-json file://task_definition.json --query 'taskDefinition.taskDefinitionArn' --output text) -SERVICE=$(cat < service.json +echo "$SERVICE_JSON" > service.json # Check if the service file was created successfully -if [ -f "$SERVICE_FILE" ]; then - echo "Service file created successfully: $SERVICE_FILE" +if [ -f "service.json" ]; then + echo "Service file created successfully: service.json" else - echo "Failed to create service file: $SERVICE_FILE" + echo "Failed to create service file: service.json" fi # Create the service aws ecs create-service \ ---service-name $SERVICE_NAME \ ---cli-input-json file://service.json \ ---region $AWS_PUBLIC_REGION + --cli-input-json file://service.json \ + --region $AWS_PUBLIC_REGION # Describe the ECS service and filter by service name service_description=$(aws ecs describe-services --service $SERVICE_NAME --cluster $CLUSTER_NAME --region $AWS_PUBLIC_REGION) @@ -552,26 +312,28 @@ else exit 1 fi -# Wait for the agent to become ready -# You may need to adjust the number of attempts and sleep time according to your requirements -n=0 -max_attempts=15 -sleep_time=10 -AGENT_HEALTHCHECK_URL="http://$ADMIN_ALB_DNS/agent" -echo "--------AGENT_HEALTHCHECK_URL-----$AGENT_URL" -until [ "$n" -ge "$max_attempts" ]; do - agentResponse=$(curl -s -o /dev/null -w "%{http_code}" "$AGENT_HEALTHCHECK_URL") - if [ "$agentResponse" = "200" ]; then - echo "Agent is running" - break - else +if [ $? -eq 0 ]; then + + n=0 + until [ "$n" -ge 6 ]; do + if netstat -tln | grep ${ADMIN_PORT} >/dev/null; then + + AGENTURL="http://${EXTERNAL_IP}:${ADMIN_PORT}/agent" + agentResponse=$(curl -s -o /dev/null -w "%{http_code}" $AGENTURL) + + if [ "$agentResponse" = "200" ]; then + echo "Agent is running" && break + else echo "Agent is not running" n=$((n + 1)) - sleep "$sleep_time" + sleep 10 + fi + else + echo "No response from agent" + n=$((n + 1)) + sleep 10 fi -done - - + done # Describe the ECS service and filter by service name service_description=$(aws ecs describe-services --service $SERVICE_NAME --cluster $CLUSTER_NAME --region $AWS_PUBLIC_REGION) @@ -579,12 +341,16 @@ echo "service_description=$service_description" # Extract Task ID from the service description events -task_id=$(echo "$service_description" | jq -r '.services[0].events[] | select(.message | test("has started 1 tasks")) | .message | capture("\\(task (?[^)]+)\\)") | .id') -#echo "task_id=$task_id" +task_id=$(echo "$service_description" | jq -r ' + .services[0].events[] + | select(.message | test("has started 1 tasks")) + | .message + | capture("\\(task (?[^)]+)\\)") + | .id +') # to fetch log group of container -............................................................. -log_group=/ecs/$TESKDEFINITION_FAMILY +log_group=/ecs/$TASKDEFINITION_FAMILY echo "log_group=$log_group" # Get Log Stream Name @@ -592,10 +358,6 @@ log_stream=ecs/$CONTAINER_NAME/$task_id echo "logstrem=$log_stream" - -# Fetch logs -#echo "$(aws logs get-log-events --log-group-name "/ecs/$TESKDEFINITION_FAMILY/$CONTAINER_NAME" --log-stream-name "$log_stream" --region $AWS_PUBLIC_REGION)" - # Check if the token folder exists, and create it if it doesn't token_folder="$PWD/agent-provisioning/AFJ/token" if [ ! -d "$token_folder" ]; then @@ -605,7 +367,6 @@ fi # Set maximum retry attempts RETRIES=3 -# Loop to attempt retrieving token from logs # Loop to attempt retrieving token from logs for attempt in $(seq 1 $RETRIES); do echo "Attempt $attempt: Checking service logs for token..." @@ -614,9 +375,13 @@ for attempt in $(seq 1 $RETRIES); do token=$(aws logs get-log-events \ --log-group-name "$log_group" \ --log-stream-name "$log_stream" \ - --region ap-southeast-1 \ - | grep -o 'API Token: [^ ]*' \ - | cut -d ' ' -f 3 + --region $AWS_PUBLIC_REGION \ + --query 'events[*].message' \ + --output text \ + | tr -d '\033' \ + | grep 'API Key:' \ + | sed -E 's/.*API Key:[[:space:]]*([a-zA-Z0-9._:-]*).*/\1/' \ + | head -n 1 ) # echo "token=$token" if [ -n "$token" ]; then @@ -634,44 +399,23 @@ for attempt in $(seq 1 $RETRIES); do sleep 10 done + echo "Creating agent config" + cat <${PWD}/agent-provisioning/AFJ/endpoints/${AGENCY}_${CONTAINER_NAME}.json + { + "CONTROLLER_ENDPOINT":"$EXTERNAL_IP" + } +EOF -# Print variable values for debugging -echo "AGENCY: $AGENCY" -echo "CONTAINER_NAME: $CONTAINER_NAME" -echo "AGENT_URL: $AGENT_URL" -echo "AGENT_INBOUND_URL: $AGENT_INBOUND_URL" - -## Construct file path for agent config -config_file="${PWD}/agent-provisioning/AFJ/endpoints/${AGENCY}_${CONTAINER_NAME}.json" - -# Check if the directory exists and create it if it doesn't -config_dir=$(dirname "$config_file") -if [ ! -d "$config_dir" ]; then - mkdir -p "$config_dir" -fi - -# Create agent config -echo "Creating agent config" -cat <"$config_file" -{ - "CONTROLLER_ENDPOINT": "$ADMIN_ALB_DNS", - "AGENT_ENDPOINT": "$INBOUND_ALB_DNS" -} + cat <${PWD}/agent-provisioning/AFJ/token/${AGENCY}_${CONTAINER_NAME}.json + { + "token" : "$token" + } EOF -# Check if the file was created successfully -if [ -f "$config_file" ]; then - echo "Agent config created successfully: $config_file" + echo "Agent config created" else - echo "Failed to create agent config: $config_file" + echo "===============" + echo "ERROR : Failed to spin up the agent!" + echo "===============" && exit 125 fi - -# Print available folders in the AFJ directory -echo "Available folders in the AFJ directory:" -ls -d "${PWD}/agent-provisioning/AFJ/"*/ - -# Print the content of the JSON files -echo "Content of endpoint JSON file:" -cat "$config_file" -echo "Content of token JSON file:" - +echo "Total time elapsed: $(date -ud "@$(($(date +%s) - $START_TIME))" +%T) (HH:MM:SS)" \ No newline at end of file diff --git a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh index a26a68845..3bedb6f36 100644 --- a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh +++ b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh @@ -20,11 +20,13 @@ INDY_LEDGER=${15} INBOUND_ENDPOINT=${16} SCHEMA_FILE_SERVER_URL=${17} AGENT_API_KEY=${18} -AGENT_HOST=${19} -AWS_ACCOUNT_ID=${20} -S3_BUCKET_ARN=${21} -CLUSTER_NAME=${22} -TASKDEFINITION_FAMILY=${23} +AWS_ACCOUNT_ID=${19} +S3_BUCKET_ARN=${20} +CLUSTER_NAME=${21} +TASKDEFINITION_FAMILY=${22} +ADMIN_TG_ARN=${23} +INBOUND_TG_ARN=${24} +FILESYSTEMID=${25} DESIRED_COUNT=1 @@ -125,7 +127,7 @@ cat </app/agent-provisioning/AFJ/agent-config/${AGENCY}_${CONTAINER_NAME}. "walletScheme": "DatabasePerWallet", "indyLedger": $INDY_LEDGER, "endpoint": [ - "$AGENT_ENDPOINT" + "$INBOUND_ENDPOINT" ], "autoAcceptConnections": true, "autoAcceptCredentials": "contentApproved", @@ -143,10 +145,10 @@ cat </app/agent-provisioning/AFJ/agent-config/${AGENCY}_${CONTAINER_NAME}. "webhookUrl": "$WEBHOOK_HOST/wh/$AGENCY", "adminPort": $ADMIN_PORT, "tenancy": $TENANT, - "schemaFileServerURL": "$SCHEMA_FILE_SERVER_URL" + "schemaFileServerURL": "$SCHEMA_FILE_SERVER_URL", + "apiKey": "$AGENT_API_KEY" } EOF -# scp ${PWD}/agent-provisioning/AFJ/agent-config/${AGENCY}_${CONTAINER_NAME}.json ${AGENT_HOST}:/home/ec2-user/config/ # Construct the container definitions dynamically CONTAINER_DEFINITIONS=$( @@ -155,8 +157,8 @@ CONTAINER_DEFINITIONS=$( { "name": "$CONTAINER_NAME", "image": "${AFJ_VERSION}", - "cpu": 154, - "memory": 307, + "cpu": 307, + "memory": 358, "portMappings": [ { "containerPort": $ADMIN_PORT, @@ -173,7 +175,7 @@ CONTAINER_DEFINITIONS=$( "command": [ "--auto-accept-connections", "--config", - "/config.json" + "/config/${AGENCY}_${CONTAINER_NAME}.json" ], "environment": [ { @@ -190,21 +192,22 @@ CONTAINER_DEFINITIONS=$( "mountPoints": [ { "sourceVolume": "config", - "containerPath": "/config.json", + "containerPath": "/config", "readOnly": true } ], "volumesFrom": [], "logConfiguration": { - "logDriver": "awslogs", - "options": { - "awslogs-group": "/ecs/$TASKDEFINITION_FAMILY", - "awslogs-create-group": "true", - "awslogs-region": "$AWS_PUBLIC_REGION", - "awslogs-stream-prefix": "ecs" - }, - "ulimits": [] - } + "logDriver": "awslogs", + "options": { + "awslogs-group": "/ecs/$TASKDEFINITION_FAMILY", + "awslogs-create-group": "true", + "awslogs-region": "$AWS_PUBLIC_REGION", + "awslogs-stream-prefix": "ecs" + } + }, + "ulimits": [] +} ] EOF ) @@ -218,18 +221,22 @@ TASK_DEFINITION=$( "executionRoleArn": "arn:aws:iam::${AWS_ACCOUNT_ID}:role/ecsTaskExecutionRole", "volumes": [ { - "name": "config", - "host": { - "sourcePath": "/home/ec2-user/config/${AGENCY}_${CONTAINER_NAME}.json" - } - } + "efsVolumeConfiguration": { + "fileSystemId": "$FILESYSTEMID", + "rootDirectory": "/" + }, + "name": "config" + } ], - "networkMode": "host", "requiresCompatibilities": [ "EC2" ], - "cpu": "154", - "memory": "307" + "runtimePlatform": { + "cpuArchitecture": "ARM64", + "operatingSystemFamily": "LINUX" + }, + "cpu": "307", + "memory": "358" } EOF ) @@ -240,14 +247,56 @@ echo "$TASK_DEFINITION" >task_definition.json # Register the task definition and retrieve the ARN TASK_DEFINITION_ARN=$(aws ecs register-task-definition --cli-input-json file://task_definition.json --query 'taskDefinition.taskDefinitionArn' --output text) +SERVICE_JSON=$( + cat < service.json + +# Check if the service file was created successfully +if [ -f "service.json" ]; then + echo "Service file created successfully: service.json" +else + echo "Failed to create service file: service.json" +fi + # Create the service aws ecs create-service \ - --cluster $CLUSTER_NAME \ - --service-name $SERVICE_NAME \ - --task-definition $TASK_DEFINITION_ARN \ - --desired-count $DESIRED_COUNT \ - --launch-type EC2 \ - --deployment-configuration "maximumPercent=200,minimumHealthyPercent=100" + --cli-input-json file://service.json \ + --region $AWS_PUBLIC_REGION + +# Describe the ECS service and filter by service name +service_description=$(aws ecs describe-services --service $SERVICE_NAME --cluster $CLUSTER_NAME --region $AWS_PUBLIC_REGION) + +# Check if the service creation was successful +if [ $? -eq 0 ]; then + echo "Service creation successful" +else + echo "Failed to create service" + exit 1 +fi if [ $? -eq 0 ]; then @@ -271,17 +320,22 @@ if [ $? -eq 0 ]; then sleep 10 fi done + # Describe the ECS service and filter by service name service_description=$(aws ecs describe-services --service $SERVICE_NAME --cluster $CLUSTER_NAME --region $AWS_PUBLIC_REGION) echo "service_description=$service_description" # Extract Task ID from the service description events -task_id=$(echo "$service_description" | jq -r '.services[0].events[] | select(.message | test("has started 1 tasks")) | .message | capture("\\(task (?[^)]+)\\)") | .id') -#echo "task_id=$task_id" +task_id=$(echo "$service_description" | jq -r ' + .services[0].events[] + | select(.message | test("has started 1 tasks")) + | .message + | capture("\\(task (?[^)]+)\\)") + | .id +') # to fetch log group of container -............................................................. log_group=/ecs/$TASKDEFINITION_FAMILY echo "log_group=$log_group" @@ -299,7 +353,6 @@ fi # Set maximum retry attempts RETRIES=3 -# Loop to attempt retrieving token from logs # Loop to attempt retrieving token from logs for attempt in $(seq 1 $RETRIES); do echo "Attempt $attempt: Checking service logs for token..." @@ -309,8 +362,12 @@ for attempt in $(seq 1 $RETRIES); do --log-group-name "$log_group" \ --log-stream-name "$log_stream" \ --region $AWS_PUBLIC_REGION \ - | grep -o '*** API Key: [^ ]*' \ - | cut -d ' ' -f 3 + --query 'events[*].message' \ + --output text \ + | tr -d '\033' \ + | grep 'API Key:' \ + | sed -E 's/.*API Key:[[:space:]]*([a-zA-Z0-9._:-]*).*/\1/' \ + | head -n 1 ) # echo "token=$token" if [ -n "$token" ]; then @@ -332,8 +389,7 @@ done echo "Creating agent config" cat <${PWD}/agent-provisioning/AFJ/endpoints/${AGENCY}_${CONTAINER_NAME}.json { - "CONTROLLER_ENDPOINT":"${EXTERNAL_IP}:${ADMIN_PORT}", - "AGENT_ENDPOINT" : "${INTERNAL_IP}:${ADMIN_PORT}" + "CONTROLLER_ENDPOINT":"$EXTERNAL_IP" } EOF diff --git a/apps/agent-provisioning/src/agent-provisioning.service.ts b/apps/agent-provisioning/src/agent-provisioning.service.ts index 5cbda9e51..2f2cc5b2e 100644 --- a/apps/agent-provisioning/src/agent-provisioning.service.ts +++ b/apps/agent-provisioning/src/agent-provisioning.service.ts @@ -39,7 +39,7 @@ export class AgentProvisioningService { } = payload; if (agentType === AgentType.AFJ) { // The wallet provision command is used to invoke a shell script - const walletProvision = `${process.cwd() + process.env.AFJ_AGENT_SPIN_UP} ${orgId} "${externalIp}" "${walletName}" "${walletPassword}" ${seed} ${webhookEndpoint} ${walletStorageHost} ${walletStoragePort} ${walletStorageUser} ${walletStoragePassword} ${containerName} ${protocol} ${tenant} ${credoImage} "${indyLedger}" ${inboundEndpoint} ${process.env.SCHEMA_FILE_SERVER_URL} ${process.env.AGENT_API_KEY} ${process.env.AGENT_HOST} ${process.env.AWS_ACCOUNT_ID} ${process.env.S3_BUCKET_ARN} ${process.env.CLUSTER_NAME} ${process.env.TASKDEFINITION_FAMILY}`; + const walletProvision = `${process.cwd() + process.env.AFJ_AGENT_SPIN_UP} ${orgId} "${externalIp}" "${walletName}" "${walletPassword}" ${seed} ${webhookEndpoint} ${walletStorageHost} ${walletStoragePort} ${walletStorageUser} ${walletStoragePassword} ${containerName} ${protocol} ${tenant} ${credoImage} "${indyLedger}" ${inboundEndpoint} ${process.env.SCHEMA_FILE_SERVER_URL} ${process.env.AGENT_API_KEY} ${process.env.AWS_ACCOUNT_ID} ${process.env.S3_BUCKET_ARN} ${process.env.CLUSTER_NAME} ${process.env.TASKDEFINITION_FAMILY} ${process.env.ADMIN_TG_ARN} ${process.env.INBOUND_TG_ARN} ${process.env.FILESYSTEMID} ${process.env.ECS_SUBNET_ID} ${process.env.ECS_SECURITY_GROUP_ID}`; const spinUpResponse: object = new Promise(async (resolve) => { await exec(walletProvision, async (err, stdout, stderr) => { this.logger.log(`shell script output: ${stdout}`);