From af7d268ad3081d75d4e840e0876f0a40e649ffa8 Mon Sep 17 00:00:00 2001 From: Sahil Kamble Date: Mon, 1 Sep 2025 19:40:51 +0530 Subject: [PATCH 01/15] fix:credo-controller service spin up ECS ec2 Signed-off-by: Sahil Kamble --- .../agent-provisioning/AFJ/scripts/fargate.sh | 8 +- .../AFJ/scripts/start_agent_ecs.sh | 80 +++++++++++++++---- .../src/agent-provisioning.service.ts | 2 +- 3 files changed, 68 insertions(+), 22 deletions(-) diff --git a/apps/agent-provisioning/AFJ/scripts/fargate.sh b/apps/agent-provisioning/AFJ/scripts/fargate.sh index 6c43ca208..39df7c08b 100644 --- a/apps/agent-provisioning/AFJ/scripts/fargate.sh +++ b/apps/agent-provisioning/AFJ/scripts/fargate.sh @@ -33,7 +33,7 @@ AWS_PUBLIC_REGION=${27} STAGE=${28} AGENT_WEBSOCKET_PROTOCOL=${29} DB_SECURITY_GROUP_ID=${30} -TESKDEFINITION_FAMILY="${STAGE}_${CONTAINER_NAME}_TASKDEFITION" +TESKDEFINITION_FAMILY="${CONTAINER_NAME}_TASKDEFITION" echo "START_TIME: $START_TIME" @@ -537,9 +537,9 @@ fi # Create the service aws ecs create-service \ ---service-name $SERVICE_NAME \ ---cli-input-json file://service.json \ ---region $AWS_PUBLIC_REGION + --service-name $SERVICE_NAME \ + --cli-input-json file://service.json \ + --region $AWS_PUBLIC_REGION # Describe the ECS service and filter by service name service_description=$(aws ecs describe-services --service $SERVICE_NAME --cluster $CLUSTER_NAME --region $AWS_PUBLIC_REGION) diff --git a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh index a26a68845..141d290a7 100644 --- a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh +++ b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh @@ -25,6 +25,8 @@ AWS_ACCOUNT_ID=${20} S3_BUCKET_ARN=${21} CLUSTER_NAME=${22} TASKDEFINITION_FAMILY=${23} +ADMIN_TG_ARN=${24} +INBOUND_TG_ARN=${25} DESIRED_COUNT=1 @@ -155,7 +157,7 @@ CONTAINER_DEFINITIONS=$( { "name": "$CONTAINER_NAME", "image": "${AFJ_VERSION}", - "cpu": 154, + "cpu": 307, "memory": 307, "portMappings": [ { @@ -196,15 +198,16 @@ CONTAINER_DEFINITIONS=$( ], "volumesFrom": [], "logConfiguration": { - "logDriver": "awslogs", - "options": { - "awslogs-group": "/ecs/$TASKDEFINITION_FAMILY", - "awslogs-create-group": "true", - "awslogs-region": "$AWS_PUBLIC_REGION", - "awslogs-stream-prefix": "ecs" - }, - "ulimits": [] - } + "logDriver": "awslogs", + "options": { + "awslogs-group": "/ecs/$TASKDEFINITION_FAMILY", + "awslogs-create-group": "true", + "awslogs-region": "$AWS_PUBLIC_REGION", + "awslogs-stream-prefix": "ecs" + } + }, + "ulimits": [] +} ] EOF ) @@ -228,7 +231,7 @@ TASK_DEFINITION=$( "requiresCompatibilities": [ "EC2" ], - "cpu": "154", + "cpu": "307", "memory": "307" } EOF @@ -240,14 +243,57 @@ echo "$TASK_DEFINITION" >task_definition.json # Register the task definition and retrieve the ARN TASK_DEFINITION_ARN=$(aws ecs register-task-definition --cli-input-json file://task_definition.json --query 'taskDefinition.taskDefinitionArn' --output text) +SERVICE_JSON=$( + cat < service.json + +# Check if the service file was created successfully +if [ -f "service.json" ]; then + echo "Service file created successfully: service.json" +else + echo "Failed to create service file: service.json" +fi + # Create the service aws ecs create-service \ - --cluster $CLUSTER_NAME \ - --service-name $SERVICE_NAME \ - --task-definition $TASK_DEFINITION_ARN \ - --desired-count $DESIRED_COUNT \ - --launch-type EC2 \ - --deployment-configuration "maximumPercent=200,minimumHealthyPercent=100" + --cli-input-json file://service.json \ + --deployment-configuration "maximumPercent=200,minimumHealthyPercent=100" \ + --region $AWS_PUBLIC_REGION + +# Describe the ECS service and filter by service name +service_description=$(aws ecs describe-services --service $SERVICE_NAME --cluster $CLUSTER_NAME --region $AWS_PUBLIC_REGION) + +# Check if the service creation was successful +if [ $? -eq 0 ]; then + echo "Service creation successful" +else + echo "Failed to create service" + exit 1 +fi if [ $? -eq 0 ]; then diff --git a/apps/agent-provisioning/src/agent-provisioning.service.ts b/apps/agent-provisioning/src/agent-provisioning.service.ts index 5cbda9e51..ed20d63c6 100644 --- a/apps/agent-provisioning/src/agent-provisioning.service.ts +++ b/apps/agent-provisioning/src/agent-provisioning.service.ts @@ -39,7 +39,7 @@ export class AgentProvisioningService { } = payload; if (agentType === AgentType.AFJ) { // The wallet provision command is used to invoke a shell script - const walletProvision = `${process.cwd() + process.env.AFJ_AGENT_SPIN_UP} ${orgId} "${externalIp}" "${walletName}" "${walletPassword}" ${seed} ${webhookEndpoint} ${walletStorageHost} ${walletStoragePort} ${walletStorageUser} ${walletStoragePassword} ${containerName} ${protocol} ${tenant} ${credoImage} "${indyLedger}" ${inboundEndpoint} ${process.env.SCHEMA_FILE_SERVER_URL} ${process.env.AGENT_API_KEY} ${process.env.AGENT_HOST} ${process.env.AWS_ACCOUNT_ID} ${process.env.S3_BUCKET_ARN} ${process.env.CLUSTER_NAME} ${process.env.TASKDEFINITION_FAMILY}`; + const walletProvision = `${process.cwd() + process.env.AFJ_AGENT_SPIN_UP} ${orgId} "${externalIp}" "${walletName}" "${walletPassword}" ${seed} ${webhookEndpoint} ${walletStorageHost} ${walletStoragePort} ${walletStorageUser} ${walletStoragePassword} ${containerName} ${protocol} ${tenant} ${credoImage} "${indyLedger}" ${inboundEndpoint} ${process.env.SCHEMA_FILE_SERVER_URL} ${process.env.AGENT_API_KEY} ${process.env.AGENT_HOST} ${process.env.AWS_ACCOUNT_ID} ${process.env.S3_BUCKET_ARN} ${process.env.CLUSTER_NAME} ${process.env.TASKDEFINITION_FAMILY} ${process.env.ADMIN_TG_ARN} ${process.env.INBOUND_TG_ARN}`; const spinUpResponse: object = new Promise(async (resolve) => { await exec(walletProvision, async (err, stdout, stderr) => { this.logger.log(`shell script output: ${stdout}`); From 0c7d10cd1552925e67dca7a2748217dfa6148bbb Mon Sep 17 00:00:00 2001 From: Sahil Kamble Date: Tue, 2 Sep 2025 15:57:53 +0530 Subject: [PATCH 02/15] WIP: invalid json issue for ecs.sh Signed-off-by: Sahil Kamble --- .../AFJ/scripts/start_agent_ecs.sh | 16 +++++++--------- .../src/agent-provisioning.service.ts | 2 +- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh index 141d290a7..280f7f637 100644 --- a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh +++ b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh @@ -20,13 +20,12 @@ INDY_LEDGER=${15} INBOUND_ENDPOINT=${16} SCHEMA_FILE_SERVER_URL=${17} AGENT_API_KEY=${18} -AGENT_HOST=${19} -AWS_ACCOUNT_ID=${20} -S3_BUCKET_ARN=${21} -CLUSTER_NAME=${22} -TASKDEFINITION_FAMILY=${23} -ADMIN_TG_ARN=${24} -INBOUND_TG_ARN=${25} +AWS_ACCOUNT_ID=${19} +S3_BUCKET_ARN=${20} +CLUSTER_NAME=${21} +TASKDEFINITION_FAMILY=${22} +ADMIN_TG_ARN=${23} +INBOUND_TG_ARN=${24} DESIRED_COUNT=1 @@ -148,7 +147,6 @@ cat </app/agent-provisioning/AFJ/agent-config/${AGENCY}_${CONTAINER_NAME}. "schemaFileServerURL": "$SCHEMA_FILE_SERVER_URL" } EOF -# scp ${PWD}/agent-provisioning/AFJ/agent-config/${AGENCY}_${CONTAINER_NAME}.json ${AGENT_HOST}:/home/ec2-user/config/ # Construct the container definitions dynamically CONTAINER_DEFINITIONS=$( @@ -263,7 +261,7 @@ SERVICE_JSON=$( } ], "desiredCount": $DESIRED_COUNT, - "healthCheckGracePeriodSeconds": 300, + "healthCheckGracePeriodSeconds": 300 } EOF ) diff --git a/apps/agent-provisioning/src/agent-provisioning.service.ts b/apps/agent-provisioning/src/agent-provisioning.service.ts index ed20d63c6..ab5a04c62 100644 --- a/apps/agent-provisioning/src/agent-provisioning.service.ts +++ b/apps/agent-provisioning/src/agent-provisioning.service.ts @@ -39,7 +39,7 @@ export class AgentProvisioningService { } = payload; if (agentType === AgentType.AFJ) { // The wallet provision command is used to invoke a shell script - const walletProvision = `${process.cwd() + process.env.AFJ_AGENT_SPIN_UP} ${orgId} "${externalIp}" "${walletName}" "${walletPassword}" ${seed} ${webhookEndpoint} ${walletStorageHost} ${walletStoragePort} ${walletStorageUser} ${walletStoragePassword} ${containerName} ${protocol} ${tenant} ${credoImage} "${indyLedger}" ${inboundEndpoint} ${process.env.SCHEMA_FILE_SERVER_URL} ${process.env.AGENT_API_KEY} ${process.env.AGENT_HOST} ${process.env.AWS_ACCOUNT_ID} ${process.env.S3_BUCKET_ARN} ${process.env.CLUSTER_NAME} ${process.env.TASKDEFINITION_FAMILY} ${process.env.ADMIN_TG_ARN} ${process.env.INBOUND_TG_ARN}`; + const walletProvision = `${process.cwd() + process.env.AFJ_AGENT_SPIN_UP} ${orgId} "${externalIp}" "${walletName}" "${walletPassword}" ${seed} ${webhookEndpoint} ${walletStorageHost} ${walletStoragePort} ${walletStorageUser} ${walletStoragePassword} ${containerName} ${protocol} ${tenant} ${credoImage} "${indyLedger}" ${inboundEndpoint} ${process.env.SCHEMA_FILE_SERVER_URL} ${process.env.AGENT_API_KEY} ${process.env.AWS_ACCOUNT_ID} ${process.env.S3_BUCKET_ARN} ${process.env.CLUSTER_NAME} ${process.env.TASKDEFINITION_FAMILY} ${process.env.ADMIN_TG_ARN} ${process.env.INBOUND_TG_ARN}`; const spinUpResponse: object = new Promise(async (resolve) => { await exec(walletProvision, async (err, stdout, stderr) => { this.logger.log(`shell script output: ${stdout}`); From 7116d85673fae0bb08e14aab39beb3501dcf83fd Mon Sep 17 00:00:00 2001 From: Sahil Kamble Date: Tue, 2 Sep 2025 15:59:52 +0530 Subject: [PATCH 03/15] WIP: testing changes ecs.sh Signed-off-by: Sahil Kamble --- .../AFJ/scripts/start_agent_ecs.sh | 28 ++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh index 280f7f637..e9e3b4a55 100644 --- a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh +++ b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh @@ -29,6 +29,32 @@ INBOUND_TG_ARN=${24} DESIRED_COUNT=1 +echo "AGENCY=$AGENCY" +echo "EXTERNAL_IP=$EXTERNAL_IP" +echo "WALLET_NAME=$WALLET_NAME" +echo "WALLET_PASSWORD=$WALLET_PASSWORD" +echo "RANDOM_SEED=$RANDOM_SEED" +echo "WEBHOOK_HOST=$WEBHOOK_HOST" +echo "WALLET_STORAGE_HOST=$WALLET_STORAGE_HOST" +echo "WALLET_STORAGE_PORT=$WALLET_STORAGE_PORT" +echo "WALLET_STORAGE_USER=$WALLET_STORAGE_USER" +echo "WALLET_STORAGE_PASSWORD=$WALLET_STORAGE_PASSWORD" +echo "CONTAINER_NAME=$CONTAINER_NAME" +echo "PROTOCOL=$PROTOCOL" +echo "TENANT=$TENANT" +echo "AFJ_VERSION=$AFJ_VERSION" +echo "INDY_LEDGER=$INDY_LEDGER" +echo "INBOUND_ENDPOINT=$INBOUND_ENDPOINT" +echo "SCHEMA_FILE_SERVER_URL=$SCHEMA_FILE_SERVER_URL" +echo "AGENT_API_KEY=$AGENT_API_KEY" +echo "AWS_ACCOUNT_ID=$AWS_ACCOUNT_ID" +echo "S3_BUCKET_ARN=$S3_BUCKET_ARN" +echo "CLUSTER_NAME=$CLUSTER_NAME" +echo "TASKDEFINITION_FAMILY=$TASKDEFINITION_FAMILY" +echo "ADMIN_TG_ARN=$ADMIN_TG_ARN" +echo "INBOUND_TG_ARN=$INBOUND_TG_ARN" + + generate_random_string() { echo "$(date +%s%N | sha256sum | base64 | head -c 12)" } @@ -39,7 +65,7 @@ random_string=$(generate_random_string) # Print the generated random string echo "Random String: $random_string" -SERVICE_NAME="${CONTAINER_NAME}-service" +SERVICE_NAME="${CONTAINER_NAME}-service-test" EXTERNAL_IP=$(echo "$2" | tr -d '[:space:]') ADMIN_PORT_FILE="$PWD/agent-provisioning/AFJ/port-file/last-admin-port.txt" INBOUND_PORT_FILE="$PWD/agent-provisioning/AFJ/port-file/last-inbound-port.txt" From 94179c82b52d623adad57c74326204b47cf90589 Mon Sep 17 00:00:00 2001 From: Sahil Kamble Date: Tue, 2 Sep 2025 17:06:56 +0530 Subject: [PATCH 04/15] WIP: add efs to ecs.sh credo-spin-up script Signed-off-by: Sahil Kamble --- .../AFJ/scripts/start_agent_ecs.sh | 56 ++++++------------- .../src/agent-provisioning.service.ts | 2 +- 2 files changed, 19 insertions(+), 39 deletions(-) diff --git a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh index e9e3b4a55..592a6cbc3 100644 --- a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh +++ b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh @@ -26,35 +26,10 @@ CLUSTER_NAME=${21} TASKDEFINITION_FAMILY=${22} ADMIN_TG_ARN=${23} INBOUND_TG_ARN=${24} +FILESYSTEMID=${25} DESIRED_COUNT=1 -echo "AGENCY=$AGENCY" -echo "EXTERNAL_IP=$EXTERNAL_IP" -echo "WALLET_NAME=$WALLET_NAME" -echo "WALLET_PASSWORD=$WALLET_PASSWORD" -echo "RANDOM_SEED=$RANDOM_SEED" -echo "WEBHOOK_HOST=$WEBHOOK_HOST" -echo "WALLET_STORAGE_HOST=$WALLET_STORAGE_HOST" -echo "WALLET_STORAGE_PORT=$WALLET_STORAGE_PORT" -echo "WALLET_STORAGE_USER=$WALLET_STORAGE_USER" -echo "WALLET_STORAGE_PASSWORD=$WALLET_STORAGE_PASSWORD" -echo "CONTAINER_NAME=$CONTAINER_NAME" -echo "PROTOCOL=$PROTOCOL" -echo "TENANT=$TENANT" -echo "AFJ_VERSION=$AFJ_VERSION" -echo "INDY_LEDGER=$INDY_LEDGER" -echo "INBOUND_ENDPOINT=$INBOUND_ENDPOINT" -echo "SCHEMA_FILE_SERVER_URL=$SCHEMA_FILE_SERVER_URL" -echo "AGENT_API_KEY=$AGENT_API_KEY" -echo "AWS_ACCOUNT_ID=$AWS_ACCOUNT_ID" -echo "S3_BUCKET_ARN=$S3_BUCKET_ARN" -echo "CLUSTER_NAME=$CLUSTER_NAME" -echo "TASKDEFINITION_FAMILY=$TASKDEFINITION_FAMILY" -echo "ADMIN_TG_ARN=$ADMIN_TG_ARN" -echo "INBOUND_TG_ARN=$INBOUND_TG_ARN" - - generate_random_string() { echo "$(date +%s%N | sha256sum | base64 | head -c 12)" } @@ -65,7 +40,7 @@ random_string=$(generate_random_string) # Print the generated random string echo "Random String: $random_string" -SERVICE_NAME="${CONTAINER_NAME}-service-test" +SERVICE_NAME="${CONTAINER_NAME}-service" EXTERNAL_IP=$(echo "$2" | tr -d '[:space:]') ADMIN_PORT_FILE="$PWD/agent-provisioning/AFJ/port-file/last-admin-port.txt" INBOUND_PORT_FILE="$PWD/agent-provisioning/AFJ/port-file/last-inbound-port.txt" @@ -170,7 +145,8 @@ cat </app/agent-provisioning/AFJ/agent-config/${AGENCY}_${CONTAINER_NAME}. "webhookUrl": "$WEBHOOK_HOST/wh/$AGENCY", "adminPort": $ADMIN_PORT, "tenancy": $TENANT, - "schemaFileServerURL": "$SCHEMA_FILE_SERVER_URL" + "schemaFileServerURL": "$SCHEMA_FILE_SERVER_URL", + "apiKey": "$AGENT_API_KEY" } EOF @@ -182,7 +158,7 @@ CONTAINER_DEFINITIONS=$( "name": "$CONTAINER_NAME", "image": "${AFJ_VERSION}", "cpu": 307, - "memory": 307, + "memory": 358, "portMappings": [ { "containerPort": $ADMIN_PORT, @@ -199,7 +175,7 @@ CONTAINER_DEFINITIONS=$( "command": [ "--auto-accept-connections", "--config", - "/config.json" + "/config/${AGENCY}_${CONTAINER_NAME}.json" ], "environment": [ { @@ -216,7 +192,7 @@ CONTAINER_DEFINITIONS=$( "mountPoints": [ { "sourceVolume": "config", - "containerPath": "/config.json", + "containerPath": "/config", "readOnly": true } ], @@ -245,18 +221,22 @@ TASK_DEFINITION=$( "executionRoleArn": "arn:aws:iam::${AWS_ACCOUNT_ID}:role/ecsTaskExecutionRole", "volumes": [ { - "name": "config", - "host": { - "sourcePath": "/home/ec2-user/config/${AGENCY}_${CONTAINER_NAME}.json" - } - } + "efsVolumeConfiguration": { + "fileSystemId": "$FILESYSTEMID", + "rootDirectory": "/" + }, + "name": "config" + } ], - "networkMode": "host", "requiresCompatibilities": [ "EC2" ], + "runtimePlatform": { + "cpuArchitecture": "ARM64", + "operatingSystemFamily": "LINUX" + } "cpu": "307", - "memory": "307" + "memory": "358" } EOF ) diff --git a/apps/agent-provisioning/src/agent-provisioning.service.ts b/apps/agent-provisioning/src/agent-provisioning.service.ts index ab5a04c62..52bc51b0d 100644 --- a/apps/agent-provisioning/src/agent-provisioning.service.ts +++ b/apps/agent-provisioning/src/agent-provisioning.service.ts @@ -39,7 +39,7 @@ export class AgentProvisioningService { } = payload; if (agentType === AgentType.AFJ) { // The wallet provision command is used to invoke a shell script - const walletProvision = `${process.cwd() + process.env.AFJ_AGENT_SPIN_UP} ${orgId} "${externalIp}" "${walletName}" "${walletPassword}" ${seed} ${webhookEndpoint} ${walletStorageHost} ${walletStoragePort} ${walletStorageUser} ${walletStoragePassword} ${containerName} ${protocol} ${tenant} ${credoImage} "${indyLedger}" ${inboundEndpoint} ${process.env.SCHEMA_FILE_SERVER_URL} ${process.env.AGENT_API_KEY} ${process.env.AWS_ACCOUNT_ID} ${process.env.S3_BUCKET_ARN} ${process.env.CLUSTER_NAME} ${process.env.TASKDEFINITION_FAMILY} ${process.env.ADMIN_TG_ARN} ${process.env.INBOUND_TG_ARN}`; + const walletProvision = `${process.cwd() + process.env.AFJ_AGENT_SPIN_UP} ${orgId} "${externalIp}" "${walletName}" "${walletPassword}" ${seed} ${webhookEndpoint} ${walletStorageHost} ${walletStoragePort} ${walletStorageUser} ${walletStoragePassword} ${containerName} ${protocol} ${tenant} ${credoImage} "${indyLedger}" ${inboundEndpoint} ${process.env.SCHEMA_FILE_SERVER_URL} ${process.env.AGENT_API_KEY} ${process.env.AWS_ACCOUNT_ID} ${process.env.S3_BUCKET_ARN} ${process.env.CLUSTER_NAME} ${process.env.TASKDEFINITION_FAMILY} ${process.env.ADMIN_TG_ARN} ${process.env.INBOUND_TG_ARN} ${process.env.FILESYSTEMID}`; const spinUpResponse: object = new Promise(async (resolve) => { await exec(walletProvision, async (err, stdout, stderr) => { this.logger.log(`shell script output: ${stdout}`); From bc0402a0b702a7f36e8bf388be6b379eb3d64843 Mon Sep 17 00:00:00 2001 From: Sahil Kamble Date: Tue, 2 Sep 2025 17:27:38 +0530 Subject: [PATCH 05/15] WIP: typo error Signed-off-by: Sahil Kamble --- apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh index 592a6cbc3..d761b7ec9 100644 --- a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh +++ b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh @@ -234,7 +234,7 @@ TASK_DEFINITION=$( "runtimePlatform": { "cpuArchitecture": "ARM64", "operatingSystemFamily": "LINUX" - } + }, "cpu": "307", "memory": "358" } From fb274812bea146ccfbef1f85430cb06888cbbbef Mon Sep 17 00:00:00 2001 From: Sahil Kamble Date: Tue, 2 Sep 2025 17:47:42 +0530 Subject: [PATCH 06/15] WIP: typo error Signed-off-by: Sahil Kamble --- apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh index d761b7ec9..c04f59fba 100644 --- a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh +++ b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh @@ -331,7 +331,7 @@ task_id=$(echo "$service_description" | jq -r '.services[0].events[] | select(.m #echo "task_id=$task_id" # to fetch log group of container -............................................................. + log_group=/ecs/$TASKDEFINITION_FAMILY echo "log_group=$log_group" From c1f0680a03b0672e6837e023502fcf50ac2cdbbd Mon Sep 17 00:00:00 2001 From: Sahil Kamble Date: Tue, 2 Sep 2025 18:11:46 +0530 Subject: [PATCH 07/15] WIP: token extraction in ecs.sh Signed-off-by: Sahil Kamble --- Dockerfiles/Dockerfile.agent-provisioning | 2 ++ .../AFJ/scripts/start_agent_ecs.sh | 21 ++++++++++++------- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/Dockerfiles/Dockerfile.agent-provisioning b/Dockerfiles/Dockerfile.agent-provisioning index 4b827611b..3df1af321 100644 --- a/Dockerfiles/Dockerfile.agent-provisioning +++ b/Dockerfiles/Dockerfile.agent-provisioning @@ -9,6 +9,7 @@ RUN set -eux \ aws-cli \ docker \ docker-compose \ + jq \ && npm install -g pnpm --ignore-scripts \ && export PATH=$PATH:/usr/lib/node_modules/pnpm/bin \ && rm -rf /var/cache/apk/* @@ -46,6 +47,7 @@ RUN set -eux \ aws-cli \ docker \ docker-compose \ + jq \ && npm install -g pnpm --ignore-scripts \ && export PATH=$PATH:/usr/lib/node_modules/pnpm/bin \ && rm -rf /var/cache/apk/* diff --git a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh index c04f59fba..dcdd34717 100644 --- a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh +++ b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh @@ -327,11 +327,15 @@ echo "service_description=$service_description" # Extract Task ID from the service description events -task_id=$(echo "$service_description" | jq -r '.services[0].events[] | select(.message | test("has started 1 tasks")) | .message | capture("\\(task (?[^)]+)\\)") | .id') -#echo "task_id=$task_id" +task_id=$(echo "$service_description" | jq -r ' + .services[0].events[] + | select(.message | test("has started 1 tasks")) + | .message + | capture("\\(task (?[^)]+)\\)") + | .id +') # to fetch log group of container - log_group=/ecs/$TASKDEFINITION_FAMILY echo "log_group=$log_group" @@ -359,8 +363,12 @@ for attempt in $(seq 1 $RETRIES); do --log-group-name "$log_group" \ --log-stream-name "$log_stream" \ --region $AWS_PUBLIC_REGION \ - | grep -o '*** API Key: [^ ]*' \ - | cut -d ' ' -f 3 + --query 'events[*].message' \ + --output text \ + | tr -d '\033' \ + | grep 'API Key:' \ + | sed -E 's/.*API Key:[[:space:]]*([a-zA-Z0-9._:-]*).*/\1/' \ + | head -n 1 ) # echo "token=$token" if [ -n "$token" ]; then @@ -382,8 +390,7 @@ done echo "Creating agent config" cat <${PWD}/agent-provisioning/AFJ/endpoints/${AGENCY}_${CONTAINER_NAME}.json { - "CONTROLLER_ENDPOINT":"${EXTERNAL_IP}:${ADMIN_PORT}", - "AGENT_ENDPOINT" : "${INTERNAL_IP}:${ADMIN_PORT}" + "CONTROLLER_ENDPOINT":"${CONTROLLER_ENDPOINT}" } EOF From 9efe9dad9c8be7bd34f2722eba74f944ca854dce Mon Sep 17 00:00:00 2001 From: Sahil Kamble Date: Wed, 3 Sep 2025 14:55:06 +0530 Subject: [PATCH 08/15] update fargate.sh-credo spin up script Signed-off-by: Sahil Kamble --- .../agent-provisioning/AFJ/scripts/fargate.sh | 464 ++++-------------- .../AFJ/scripts/start_agent_ecs.sh | 3 +- .../src/agent-provisioning.service.ts | 2 +- 3 files changed, 107 insertions(+), 362 deletions(-) diff --git a/apps/agent-provisioning/AFJ/scripts/fargate.sh b/apps/agent-provisioning/AFJ/scripts/fargate.sh index 39df7c08b..50ef4435a 100644 --- a/apps/agent-provisioning/AFJ/scripts/fargate.sh +++ b/apps/agent-provisioning/AFJ/scripts/fargate.sh @@ -1,4 +1,3 @@ - #!/bin/sh START_TIME=$(date +%s) @@ -19,62 +18,18 @@ TENANT=${13} AFJ_VERSION=${14} INDY_LEDGER=${15} INBOUND_ENDPOINT=${16} -AWS_ACCOUNT_ID=${17} -S3_BUCKET_ARN=${18} -CLUSTER_NAME=${19} -FILESYSTEMID=${20} -ACCESSPOINTID=${21} -VPC_ID=${22} -ECS_SUBNET_ID=${23} -ALB_SUBNET_ID_ONE=${24} -ALB_SUBNET_ID_TWO=${25} -EFS_SECURITY_GROUP_ID=${26} -AWS_PUBLIC_REGION=${27} -STAGE=${28} -AGENT_WEBSOCKET_PROTOCOL=${29} -DB_SECURITY_GROUP_ID=${30} -TESKDEFINITION_FAMILY="${CONTAINER_NAME}_TASKDEFITION" - - -echo "START_TIME: $START_TIME" -echo "AGENCY: $AGENCY" -echo "EXTERNAL_IP: $EXTERNAL_IP" -echo "WALLET_NAME: $WALLET_NAME" -echo "WALLET_PASSWORD: $WALLET_PASSWORD" -echo "RANDOM_SEED: $RANDOM_SEED" -echo "WEBHOOK_HOST: $WEBHOOK_HOST" -echo "WALLET_STORAGE_HOST: $WALLET_STORAGE_HOST" -echo "WALLET_STORAGE_PORT: $WALLET_STORAGE_PORT" -echo "WALLET_STORAGE_USER: $WALLET_STORAGE_USER" -echo "WALLET_STORAGE_PASSWORD: $WALLET_STORAGE_PASSWORD" -echo "CONTAINER_NAME: $CONTAINER_NAME" -echo "PROTOCOL: $PROTOCOL" -echo "TENANT: $TENANT" -echo "AFJ_VERSION: $AFJ_VERSION" -echo "INDY_LEDGER: $INDY_LEDGER" -echo "INBOUND_ENDPOINT: $INBOUND_ENDPOINT" -echo "AWS_ACCOUNT_ID: $AWS_ACCOUNT_ID" -echo "S3_BUCKET_ARN: $S3_BUCKET_ARN" -echo "CLUSTER_NAME: $CLUSTER_NAME" -echo "TESKDEFINITION_FAMILY: $TESKDEFINITION_FAMILY" -echo "FILESYSTEMID: $FILESYSTEMID" -echo "ACCESSPOINTID: $ACCESSPOINTID" -echo "VPC_ID: $VPC_ID" -echo "ECS_SUBNET_ID: $ECS_SUBNET_ID" -echo "ALB_SUBNET_ID_ONE: $ALB_SUBNET_ID_ONE" -echo "ALB_SUBNET_ID_TWO: $ALB_SUBNET_ID_TWO" -echo "SSL_CRTS: $SSL_CRTS" -echo "EFS_SECURITY_GROUP_ID: $EFS_SECURITY_GROUP_ID" -echo "AGENT_URL: $AGENT_URL" -echo "AWS_PUBLIC_REGION: $AWS_PUBLIC_REGION" -echo "STAGE: $STAGE" -echo "AGENT_WEBSOCKET_PROTOCOL: $AGENT_WEBSOCKET_PROTOCOL" -echo "ALB_SECURITY_GROUP_ID: $ALB_SECURITY_GROUP_ID" -echo "ADMIN_TG_ARN: $ADMIN_TG_ARN" -echo "INBOUND_TG_ARN: $INBOUND_TG_ARN" -echo "AGENT_INBOUND_URL: $AGENT_INBOUND_URL" -echo "DB_SECURITY_GROUP_ID: $DB_SECURITY_GROUP_ID" - +SCHEMA_FILE_SERVER_URL=${17} +AGENT_API_KEY=${18} +AWS_ACCOUNT_ID=${19} +S3_BUCKET_ARN=${20} +CLUSTER_NAME=${21} +TASKDEFINITION_FAMILY=${22} +TASKDEFINITION_FAMILY=${22} +ADMIN_TG_ARN=${23} +INBOUND_TG_ARN=${24} +FILESYSTEMID=${25} +ECS_SUBNET_ID=${26} +ECS_SECURITY_GROUP_ID=${27} DESIRED_COUNT=1 @@ -88,12 +43,10 @@ random_string=$(generate_random_string) # Print the generated random string echo "Random String: $random_string" -SERVICE_NAME="${AGENCY}-${CONTAINER_NAME}-service-${random_string}" +SERVICE_NAME="${CONTAINER_NAME}-service" EXTERNAL_IP=$(echo "$2" | tr -d '[:space:]') ADMIN_PORT_FILE="$PWD/agent-provisioning/AFJ/port-file/last-admin-port.txt" INBOUND_PORT_FILE="$PWD/agent-provisioning/AFJ/port-file/last-inbound-port.txt" -echo "AGENCY: $SERVICE_NAME" -echo "EXTERNAL_IP: $EXTERNAL_IP" ADMIN_PORT=8001 INBOUND_PORT=9001 @@ -144,209 +97,24 @@ echo "Last used admin port: $ADMIN_PORT" echo "Last used inbound port: $INBOUND_PORT" echo "AGENT SPIN-UP STARTED" +# Define a regular expression pattern for IP address +IP_REGEX="^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$" -#CLUSTER_NAME=$(aws ecs create-cluster --cluster-name ${CONTAINER_NAME}) - -# Create security groups -ALB_SECURITY_GROUP_ID=$(aws ec2 create-security-group --group-name "${STAGE}-${AGENCY}-${random_string}-alb-sg" --description "Security group for ALB" --vpc-id $VPC_ID --output text) -ECS_SECURITY_GROUP_ID=$(aws ec2 create-security-group --group-name "${STAGE}-${AGENCY}-${random_string}-ecs-sg" --description "Security group for ECS Fargate service" --vpc-id $VPC_ID --output text) - -echo "ALB_SECURITY_GROUP_ID:$ALB_SECURITY_GROUP_ID" -echo "ECS_SECURITY_GROUP_ID:$ECS_SECURITY_GROUP_ID" -echo "EFS_SECURITY_GROUP_ID:$SECURITY_GROUP_ID" - -# Allow inbound traffic from the ECS Fargate security group to the EFS security group on NFS port -aws ec2 authorize-security-group-ingress \ - --group-id "$EFS_SECURITY_GROUP_ID" \ - --protocol tcp \ - --port 2049 \ - --source-group "$ECS_SECURITY_GROUP_ID" \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=${STAGE}-${AGENCY}-${CONTAINER_NAME}-allow},{Key=ENV,Value=test}]" \ - --region $AWS_PUBLIC_REGION - -# Authorize inbound traffic for ALB security group from ECS security group -aws ec2 authorize-security-group-ingress \ - --group-id "$ECS_SECURITY_GROUP_ID" \ - --protocol tcp \ - --port "$ADMIN_PORT" \ - --source-group "$ALB_SECURITY_GROUP_ID" \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=${STAGE}-${AGENCY}-${CONTAINER_NAME}-alb-sg},{Key=ENV,Value=test}]" \ - --region $AWS_PUBLIC_REGION - - -# Authorize outbound traffic for ALB security group from ECS security group -aws ec2 authorize-security-group-egress \ - --group-id "$ECS_SECURITY_GROUP_ID" \ - --protocol tcp \ - --port "$ADMIN_PORT" \ - --source-group "$ALB_SECURITY_GROUP_ID" \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=${STAGE}-${AGENCY}-${CONTAINER_NAME}-alb-sg},{Key=ENV,Value=test}]" \ - --region $AWS_PUBLIC_REGION - - -# Authorize inbound traffic for ALB security group from ECS security group -aws ec2 authorize-security-group-ingress \ - --group-id "$ECS_SECURITY_GROUP_ID" \ - --protocol tcp \ - --port "$INBOUND_PORT" \ - --source-group "$ALB_SECURITY_GROUP_ID" \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=${STAGE}-${AGENCY}-${CONTAINER_NAME}-alb-sg},{Key=ENV,Value=test}]" \ - --region $AWS_PUBLIC_REGION - -# Authorize outbound traffic for ALB security group from ECS security group -aws ec2 authorize-security-group-egress \ - --group-id "$ECS_SECURITY_GROUP_ID" \ - --protocol tcp \ - --port "$INBOUND_PORT" \ - --source-group "$ALB_SECURITY_GROUP_ID" \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=${STAGE}-${AGENCY}-${CONTAINER_NAME}-alb-sg},{Key=ENV,Value=test}]" \ - --region $AWS_PUBLIC_REGION - -# Authorize inbound traffic for ECS security group from DB security group -aws ec2 authorize-security-group-ingress \ - --group-id "$DB_SECURITY_GROUP_ID" \ - --protocol tcp \ - --port "$WALLET_STORAGE_PORT" \ - --source-group "$ECS_SECURITY_GROUP_ID" \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=${STAGE}-${AGENCY}-${CONTAINER_NAME}-ecs-sg},{Key=ENV,Value=test}]" \ - --region $AWS_PUBLIC_REGION - -# Authorize outbound traffic for ECS security group from DB security group -aws ec2 authorize-security-group-egress \ - --group-id "$DB_SECURITY_GROUP_ID" \ - --protocol tcp \ - --port "$WALLET_STORAGE_PORT" \ - --source-group "$ECS_SECURITY_GROUP_ID" \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=${STAGE}-${AGENCY}-${CONTAINER_NAME}-ecs-sg},{Key=ENV,Value=test}]" \ - --region $AWS_PUBLIC_REGION - -# Authorize inbound traffic for ALB security group from ECS security group -aws ec2 authorize-security-group-ingress \ - --group-id "$ALB_SECURITY_GROUP_ID" \ - --ip-permissions IpProtocol=tcp,FromPort=443,ToPort=443,IpRanges='[{CidrIp=0.0.0.0/0,Description="Allowing 0.0.0.0/0 to the LB port"}]' \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=allow-the-world}]" \ - --region $AWS_PUBLIC_REGION - -# Authorize outbound traffic for ALB security group from ECS security group -aws ec2 authorize-security-group-egress \ - --group-id "$ALB_SECURITY_GROUP_ID" \ - --protocol tcp \ - --port "$ADMIN_PORT" \ - --source-group "$ECS_SECURITY_GROUP_ID" \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=${STAGE}-${AGENCY}-${CONTAINER_NAME}-adminalb-sg},{Key=ENV,Value=test}]" \ - --region $AWS_PUBLIC_REGION - -# Authorize inbound traffic for ALB security group from ECS security group -aws ec2 authorize-security-group-ingress \ - --group-id "$ALB_SECURITY_GROUP_ID" \ - --ip-permissions IpProtocol=tcp,FromPort=80,ToPort=80,IpRanges='[{CidrIp=0.0.0.0/0,Description="Allowing 0.0.0.0/0 to the LB port"}]' \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=allow-the-world}]" \ - --region $AWS_PUBLIC_REGION - -# Authorize outbound traffic of ALB security group for ECS security group -aws ec2 authorize-security-group-egress \ - --group-id "$ALB_SECURITY_GROUP_ID" \ - --protocol tcp \ - --port "$INBOUND_PORT" \ - --source-group "$ECS_SECURITY_GROUP_ID" \ - --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=Name,Value=${STAGE}-${AGENCY}-${CONTAINER_NAME}-inboundalb-sg},{Key=ENV,Value=test}]" \ - --region $AWS_PUBLIC_REGION - - -# Create Target Groups for admin port -ADMIN_TG_ARN=$(aws elbv2 create-target-group \ - --name "${STAGE}-${ADMIN_PORT}-tg" \ - --protocol HTTP \ - --port 80 \ - --target-type ip \ - --vpc-id $VPC_ID \ - --health-check-protocol HTTP \ - --health-check-port $ADMIN_PORT \ - --health-check-path /agent \ - --health-check-interval-seconds 120 \ - --query 'TargetGroups[0].TargetGroupArn' \ - --output text) - - -echo "admin-tg-arm: $ADMIN_TG_ARN" - -# Create Target Groups for inbound port -INBOUND_TG_ARN=$(aws elbv2 create-target-group --name "${STAGE}-${INBOUND_PORT}-tg" --protocol HTTP --port 80 --target-type ip --vpc-id $VPC_ID --query 'TargetGroups[0].TargetGroupArn' --output text) - -echo "admin-tg-arm: $INBOUND_TG_ARN" - - -# Create Application Load Balancer -ADMIN_ALB_ARN=$(aws elbv2 create-load-balancer \ ---name $STAGE-$CONTAINER_NAME-${ADMIN_PORT}-alb \ ---subnets $ALB_SUBNET_ID_ONE $ALB_SUBNET_ID_TWO \ ---tags "[{\"Key\":\"Name\", \"Value\":\"${CONTAINER_NAME}-alb\"}]" \ ---type application \ ---scheme internet-facing \ ---security-groups $ALB_SECURITY_GROUP_ID \ ---region $AWS_PUBLIC_REGION \ ---query "LoadBalancers[0].LoadBalancerArn" \ ---output text) - -# Describe the ALB to retrieve its DNS name -ADMIN_ALB_DNS=$(aws elbv2 describe-load-balancers \ ---load-balancer-arns $ADMIN_ALB_ARN \ ---query "LoadBalancers[0].DNSName" \ ---output text) - -echo "ALB DNS: $ADMIN_ALB_DNS" - -# Create HTTP listener -aws elbv2 create-listener \ - --load-balancer-arn "$ADMIN_ALB_ARN" \ - --protocol HTTP \ - --port 80 \ - --default-actions Type=forward,TargetGroupArn="$ADMIN_TG_ARN" \ - --region "$AWS_PUBLIC_REGION" - - - -# Create Application Load Balancer -INBOUND_ALB_ARN=$(aws elbv2 create-load-balancer \ ---name $STAGE-$CONTAINER_NAME-${INBOUND_PORT}-alb \ ---subnets $ALB_SUBNET_ID_ONE $ALB_SUBNET_ID_TWO \ ---tags "[{\"Key\":\"Name\", \"Value\":\"${CONTAINER_NAME}-alb\"}]" \ ---type application \ ---scheme internet-facing \ ---security-groups $ALB_SECURITY_GROUP_ID \ ---region $AWS_PUBLIC_REGION \ ---query "LoadBalancers[0].LoadBalancerArn" \ ---output text) - -# Describe the ALB to retrieve its DNS name -INBOUND_ALB_DNS=$(aws elbv2 describe-load-balancers \ ---load-balancer-arns $INBOUND_ALB_ARN \ ---query "LoadBalancers[0].DNSName" \ ---output text) - -echo "INBOUND_ALB DNS: $INBOUND_ALB_DNS" - -#add listner to inbound -aws elbv2 create-listener \ - --load-balancer-arn $INBOUND_ALB_ARN \ - --protocol HTTP \ - --port 80 \ - --default-actions Type=forward,TargetGroupArn=$INBOUND_TG_ARN \ - --region $AWS_PUBLIC_REGION - - -# modify health check of inboud tg -aws elbv2 modify-target-group \ - --target-group-arn $INBOUND_TG_ARN \ - --health-check-protocol HTTP \ - --health-check-port "traffic-port" \ - --health-check-path "/" \ - --health-check-interval-seconds 30 \ - --healthy-threshold-count 3 \ - --unhealthy-threshold-count 3 \ - --matcher "HttpCode=404" \ - --region $AWS_PUBLIC_REGION - +# Check if INBOUND_ENDPOINT is a domain or IP address +if [[ $INBOUND_ENDPOINT =~ ^https?://[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then + echo "INBOUND_ENDPOINT is a domain: $INBOUND_ENDPOINT" + # Extracting the domain name without the protocol + AGENT_ENDPOINT=$(echo "$INBOUND_ENDPOINT" | sed 's/^https\?:\/\///') +else + # Check if the input is an IP address + if [[ $INBOUND_ENDPOINT =~ $IP_REGEX ]]; then + echo "INBOUND_ENDPOINT is an IP address: $INBOUND_ENDPOINT" + # Adding the protocol to the IP address + AGENT_ENDPOINT="${PROTOCOL}://${INBOUND_ENDPOINT}:${INBOUND_PORT}" + else + echo "Invalid input for INBOUND_ENDPOINT: $INBOUND_ENDPOINT" + fi +fi # Generate the agent config JSON cat <$PWD/agent-provisioning/AFJ/agent-config/${AGENCY}_${CONTAINER_NAME}.json @@ -363,7 +131,7 @@ cat <$PWD/agent-provisioning/AFJ/agent-config/${AGENCY}_${CONTAINER_NAME}. "walletScheme": "DatabasePerWallet", "indyLedger": $INDY_LEDGER, "endpoint": [ - "http://$INBOUND_ALB_DNS" + "$AGENT_ENDPOINT" ], "autoAcceptConnections": true, "autoAcceptCredentials": "contentApproved", @@ -371,16 +139,18 @@ cat <$PWD/agent-provisioning/AFJ/agent-config/${AGENCY}_${CONTAINER_NAME}. "logLevel": 5, "inboundTransport": [ { - "transport": "$AGENT_WEBSOCKET_PROTOCOL", + "transport": "$PROTOCOL", "port": "$INBOUND_PORT" } ], "outboundTransport": [ - "$AGENT_WEBSOCKET_PROTOCOL" + "$PROTOCOL" ], "webhookUrl": "$WEBHOOK_HOST/wh/$AGENCY", "adminPort": $ADMIN_PORT, - "tenancy": $TENANT + "tenancy": $TENANT, + "schemaFileServerURL": "$SCHEMA_FILE_SERVER_URL", + "apiKey": "$AGENT_API_KEY" } EOF @@ -391,8 +161,8 @@ CONTAINER_DEFINITIONS=$( { "name": "$CONTAINER_NAME", "image": "${AFJ_IMAGE_URL}", - "cpu": 256, - "memory": 512, + "cpu": 307, + "memory": 358, "portMappings": [ { "containerPort": $ADMIN_PORT, @@ -425,7 +195,7 @@ CONTAINER_DEFINITIONS=$( ], "mountPoints": [ { - "sourceVolume": "AGENT-CONFIG", + "sourceVolume": "config", "containerPath": "/config", "readOnly": true } @@ -434,16 +204,16 @@ CONTAINER_DEFINITIONS=$( "volumesFrom": [], "ulimits": [], "logConfiguration": { - "logDriver": "awslogs", - "options": { - "awslogs-create-group": "true", - "awslogs-group": "/ecs/$TESKDEFINITION_FAMILY", - "awslogs-region": "$AWS_PUBLIC_REGION", - "awslogs-stream-prefix": "ecs" - }, - "secretOptions": [] - } - } + "logDriver": "awslogs", + "options": { + "awslogs-create-group": "true", + "awslogs-group": "/ecs/$TASKDEFINITION_FAMILY", + "awslogs-region": "$AWS_PUBLIC_REGION", + "awslogs-stream-prefix": "ecs" +} + }, + "ulimits": [] +} ] EOF ) @@ -451,7 +221,7 @@ EOF # Define the task definition JSON TASK_DEFINITION=$(cat < task_definition.json TASK_DEFINITION_ARN=$(aws ecs register-task-definition --cli-input-json file://task_definition.json --query 'taskDefinition.taskDefinitionArn' --output text) -SERVICE=$(cat < service.json # Check if the service file was created successfully -if [ -f "$SERVICE_FILE" ]; then - echo "Service file created successfully: $SERVICE_FILE" +if [ -f "service.json" ]; then + echo "Service file created successfully: service.json" else - echo "Failed to create service file: $SERVICE_FILE" + echo "Failed to create service file: service.json" fi # Create the service aws ecs create-service \ - --service-name $SERVICE_NAME \ --cli-input-json file://service.json \ --region $AWS_PUBLIC_REGION @@ -552,26 +314,28 @@ else exit 1 fi -# Wait for the agent to become ready -# You may need to adjust the number of attempts and sleep time according to your requirements -n=0 -max_attempts=15 -sleep_time=10 -AGENT_HEALTHCHECK_URL="http://$ADMIN_ALB_DNS/agent" -echo "--------AGENT_HEALTHCHECK_URL-----$AGENT_URL" -until [ "$n" -ge "$max_attempts" ]; do - agentResponse=$(curl -s -o /dev/null -w "%{http_code}" "$AGENT_HEALTHCHECK_URL") - if [ "$agentResponse" = "200" ]; then - echo "Agent is running" - break - else +if [ $? -eq 0 ]; then + + n=0 + until [ "$n" -ge 6 ]; do + if netstat -tln | grep ${ADMIN_PORT} >/dev/null; then + + AGENTURL="http://${EXTERNAL_IP}:${ADMIN_PORT}/agent" + agentResponse=$(curl -s -o /dev/null -w "%{http_code}" $AGENTURL) + + if [ "$agentResponse" = "200" ]; then + echo "Agent is running" && break + else echo "Agent is not running" n=$((n + 1)) - sleep "$sleep_time" + sleep 10 + fi + else + echo "No response from agent" + n=$((n + 1)) + sleep 10 fi -done - - + done # Describe the ECS service and filter by service name service_description=$(aws ecs describe-services --service $SERVICE_NAME --cluster $CLUSTER_NAME --region $AWS_PUBLIC_REGION) @@ -579,12 +343,16 @@ echo "service_description=$service_description" # Extract Task ID from the service description events -task_id=$(echo "$service_description" | jq -r '.services[0].events[] | select(.message | test("has started 1 tasks")) | .message | capture("\\(task (?[^)]+)\\)") | .id') -#echo "task_id=$task_id" +task_id=$(echo "$service_description" | jq -r ' + .services[0].events[] + | select(.message | test("has started 1 tasks")) + | .message + | capture("\\(task (?[^)]+)\\)") + | .id +') # to fetch log group of container -............................................................. -log_group=/ecs/$TESKDEFINITION_FAMILY +log_group=/ecs/$TASKDEFINITION_FAMILY echo "log_group=$log_group" # Get Log Stream Name @@ -592,10 +360,6 @@ log_stream=ecs/$CONTAINER_NAME/$task_id echo "logstrem=$log_stream" - -# Fetch logs -#echo "$(aws logs get-log-events --log-group-name "/ecs/$TESKDEFINITION_FAMILY/$CONTAINER_NAME" --log-stream-name "$log_stream" --region $AWS_PUBLIC_REGION)" - # Check if the token folder exists, and create it if it doesn't token_folder="$PWD/agent-provisioning/AFJ/token" if [ ! -d "$token_folder" ]; then @@ -605,7 +369,6 @@ fi # Set maximum retry attempts RETRIES=3 -# Loop to attempt retrieving token from logs # Loop to attempt retrieving token from logs for attempt in $(seq 1 $RETRIES); do echo "Attempt $attempt: Checking service logs for token..." @@ -614,9 +377,13 @@ for attempt in $(seq 1 $RETRIES); do token=$(aws logs get-log-events \ --log-group-name "$log_group" \ --log-stream-name "$log_stream" \ - --region ap-southeast-1 \ - | grep -o 'API Token: [^ ]*' \ - | cut -d ' ' -f 3 + --region $AWS_PUBLIC_REGION \ + --query 'events[*].message' \ + --output text \ + | tr -d '\033' \ + | grep 'API Key:' \ + | sed -E 's/.*API Key:[[:space:]]*([a-zA-Z0-9._:-]*).*/\1/' \ + | head -n 1 ) # echo "token=$token" if [ -n "$token" ]; then @@ -634,44 +401,23 @@ for attempt in $(seq 1 $RETRIES); do sleep 10 done + echo "Creating agent config" + cat <${PWD}/agent-provisioning/AFJ/endpoints/${AGENCY}_${CONTAINER_NAME}.json + { + "CONTROLLER_ENDPOINT":"${CONTROLLER_ENDPOINT}" + } +EOF -# Print variable values for debugging -echo "AGENCY: $AGENCY" -echo "CONTAINER_NAME: $CONTAINER_NAME" -echo "AGENT_URL: $AGENT_URL" -echo "AGENT_INBOUND_URL: $AGENT_INBOUND_URL" - -## Construct file path for agent config -config_file="${PWD}/agent-provisioning/AFJ/endpoints/${AGENCY}_${CONTAINER_NAME}.json" - -# Check if the directory exists and create it if it doesn't -config_dir=$(dirname "$config_file") -if [ ! -d "$config_dir" ]; then - mkdir -p "$config_dir" -fi - -# Create agent config -echo "Creating agent config" -cat <"$config_file" -{ - "CONTROLLER_ENDPOINT": "$ADMIN_ALB_DNS", - "AGENT_ENDPOINT": "$INBOUND_ALB_DNS" -} + cat <${PWD}/agent-provisioning/AFJ/token/${AGENCY}_${CONTAINER_NAME}.json + { + "token" : "$token" + } EOF -# Check if the file was created successfully -if [ -f "$config_file" ]; then - echo "Agent config created successfully: $config_file" + echo "Agent config created" else - echo "Failed to create agent config: $config_file" + echo "===============" + echo "ERROR : Failed to spin up the agent!" + echo "===============" && exit 125 fi - -# Print available folders in the AFJ directory -echo "Available folders in the AFJ directory:" -ls -d "${PWD}/agent-provisioning/AFJ/"*/ - -# Print the content of the JSON files -echo "Content of endpoint JSON file:" -cat "$config_file" -echo "Content of token JSON file:" - +echo "Total time elapsed: $(date -ud "@$(($(date +%s) - $START_TIME))" +%T) (HH:MM:SS)" \ No newline at end of file diff --git a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh index dcdd34717..4537e1e3f 100644 --- a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh +++ b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh @@ -285,7 +285,6 @@ fi # Create the service aws ecs create-service \ --cli-input-json file://service.json \ - --deployment-configuration "maximumPercent=200,minimumHealthyPercent=100" \ --region $AWS_PUBLIC_REGION # Describe the ECS service and filter by service name @@ -321,6 +320,7 @@ if [ $? -eq 0 ]; then sleep 10 fi done + # Describe the ECS service and filter by service name service_description=$(aws ecs describe-services --service $SERVICE_NAME --cluster $CLUSTER_NAME --region $AWS_PUBLIC_REGION) echo "service_description=$service_description" @@ -353,7 +353,6 @@ fi # Set maximum retry attempts RETRIES=3 -# Loop to attempt retrieving token from logs # Loop to attempt retrieving token from logs for attempt in $(seq 1 $RETRIES); do echo "Attempt $attempt: Checking service logs for token..." diff --git a/apps/agent-provisioning/src/agent-provisioning.service.ts b/apps/agent-provisioning/src/agent-provisioning.service.ts index 52bc51b0d..2f2cc5b2e 100644 --- a/apps/agent-provisioning/src/agent-provisioning.service.ts +++ b/apps/agent-provisioning/src/agent-provisioning.service.ts @@ -39,7 +39,7 @@ export class AgentProvisioningService { } = payload; if (agentType === AgentType.AFJ) { // The wallet provision command is used to invoke a shell script - const walletProvision = `${process.cwd() + process.env.AFJ_AGENT_SPIN_UP} ${orgId} "${externalIp}" "${walletName}" "${walletPassword}" ${seed} ${webhookEndpoint} ${walletStorageHost} ${walletStoragePort} ${walletStorageUser} ${walletStoragePassword} ${containerName} ${protocol} ${tenant} ${credoImage} "${indyLedger}" ${inboundEndpoint} ${process.env.SCHEMA_FILE_SERVER_URL} ${process.env.AGENT_API_KEY} ${process.env.AWS_ACCOUNT_ID} ${process.env.S3_BUCKET_ARN} ${process.env.CLUSTER_NAME} ${process.env.TASKDEFINITION_FAMILY} ${process.env.ADMIN_TG_ARN} ${process.env.INBOUND_TG_ARN} ${process.env.FILESYSTEMID}`; + const walletProvision = `${process.cwd() + process.env.AFJ_AGENT_SPIN_UP} ${orgId} "${externalIp}" "${walletName}" "${walletPassword}" ${seed} ${webhookEndpoint} ${walletStorageHost} ${walletStoragePort} ${walletStorageUser} ${walletStoragePassword} ${containerName} ${protocol} ${tenant} ${credoImage} "${indyLedger}" ${inboundEndpoint} ${process.env.SCHEMA_FILE_SERVER_URL} ${process.env.AGENT_API_KEY} ${process.env.AWS_ACCOUNT_ID} ${process.env.S3_BUCKET_ARN} ${process.env.CLUSTER_NAME} ${process.env.TASKDEFINITION_FAMILY} ${process.env.ADMIN_TG_ARN} ${process.env.INBOUND_TG_ARN} ${process.env.FILESYSTEMID} ${process.env.ECS_SUBNET_ID} ${process.env.ECS_SECURITY_GROUP_ID}`; const spinUpResponse: object = new Promise(async (resolve) => { await exec(walletProvision, async (err, stdout, stderr) => { this.logger.log(`shell script output: ${stdout}`); From c7538c966eca8b6b1c0a9a1ed301051a840d5dab Mon Sep 17 00:00:00 2001 From: Sahil Kamble Date: Wed, 3 Sep 2025 19:51:32 +0530 Subject: [PATCH 09/15] fix: fargate.sh volume issue Signed-off-by: Sahil Kamble --- apps/agent-provisioning/AFJ/scripts/fargate.sh | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/apps/agent-provisioning/AFJ/scripts/fargate.sh b/apps/agent-provisioning/AFJ/scripts/fargate.sh index 50ef4435a..0f979ce73 100644 --- a/apps/agent-provisioning/AFJ/scripts/fargate.sh +++ b/apps/agent-provisioning/AFJ/scripts/fargate.sh @@ -24,7 +24,6 @@ AWS_ACCOUNT_ID=${19} S3_BUCKET_ARN=${20} CLUSTER_NAME=${21} TASKDEFINITION_FAMILY=${22} -TASKDEFINITION_FAMILY=${22} ADMIN_TG_ARN=${23} INBOUND_TG_ARN=${24} FILESYSTEMID=${25} @@ -226,17 +225,12 @@ TASK_DEFINITION=$(cat < Date: Wed, 3 Sep 2025 20:11:14 +0530 Subject: [PATCH 10/15] WIP fargate.sh issue Signed-off-by: Sahil Kamble --- apps/agent-provisioning/AFJ/scripts/fargate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/agent-provisioning/AFJ/scripts/fargate.sh b/apps/agent-provisioning/AFJ/scripts/fargate.sh index 0f979ce73..a6a655b48 100644 --- a/apps/agent-provisioning/AFJ/scripts/fargate.sh +++ b/apps/agent-provisioning/AFJ/scripts/fargate.sh @@ -283,7 +283,7 @@ EOF ) # Save the service JSON to a file -echo "$SERVICE" > service.json +echo "$SERVICE_JSON" > service.json # Check if the service file was created successfully if [ -f "service.json" ]; then From 23f05093434764f12eaa155cc9fc00f4437f1519 Mon Sep 17 00:00:00 2001 From: Sahil Kamble Date: Wed, 3 Sep 2025 20:22:32 +0530 Subject: [PATCH 11/15] WIP fargate.sh image issue Signed-off-by: Sahil Kamble --- apps/agent-provisioning/AFJ/scripts/fargate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/agent-provisioning/AFJ/scripts/fargate.sh b/apps/agent-provisioning/AFJ/scripts/fargate.sh index a6a655b48..9e0cf5f2e 100644 --- a/apps/agent-provisioning/AFJ/scripts/fargate.sh +++ b/apps/agent-provisioning/AFJ/scripts/fargate.sh @@ -159,7 +159,7 @@ CONTAINER_DEFINITIONS=$( [ { "name": "$CONTAINER_NAME", - "image": "${AFJ_IMAGE_URL}", + "image": "${AFJ_VERSION}", "cpu": 307, "memory": 358, "portMappings": [ From 4c6fea56f054db24f68c340f72c80ecfff1c7993 Mon Sep 17 00:00:00 2001 From: Sahil Kamble Date: Thu, 4 Sep 2025 17:05:14 +0530 Subject: [PATCH 12/15] added ARM arch to fargate.sh Signed-off-by: Sahil Kamble --- apps/agent-provisioning/AFJ/scripts/fargate.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/apps/agent-provisioning/AFJ/scripts/fargate.sh b/apps/agent-provisioning/AFJ/scripts/fargate.sh index 9e0cf5f2e..e51375d6e 100644 --- a/apps/agent-provisioning/AFJ/scripts/fargate.sh +++ b/apps/agent-provisioning/AFJ/scripts/fargate.sh @@ -237,6 +237,10 @@ TASK_DEFINITION=$(cat < Date: Fri, 5 Sep 2025 14:19:13 +0530 Subject: [PATCH 13/15] WIP inbound endpoint Signed-off-by: Sahil Kamble --- apps/agent-provisioning/AFJ/scripts/fargate.sh | 2 +- apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/agent-provisioning/AFJ/scripts/fargate.sh b/apps/agent-provisioning/AFJ/scripts/fargate.sh index e51375d6e..3df339122 100644 --- a/apps/agent-provisioning/AFJ/scripts/fargate.sh +++ b/apps/agent-provisioning/AFJ/scripts/fargate.sh @@ -130,7 +130,7 @@ cat <$PWD/agent-provisioning/AFJ/agent-config/${AGENCY}_${CONTAINER_NAME}. "walletScheme": "DatabasePerWallet", "indyLedger": $INDY_LEDGER, "endpoint": [ - "$AGENT_ENDPOINT" + "$INBOUND_ENDPOINT" ], "autoAcceptConnections": true, "autoAcceptCredentials": "contentApproved", diff --git a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh index 4537e1e3f..adb83de81 100644 --- a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh +++ b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh @@ -127,7 +127,7 @@ cat </app/agent-provisioning/AFJ/agent-config/${AGENCY}_${CONTAINER_NAME}. "walletScheme": "DatabasePerWallet", "indyLedger": $INDY_LEDGER, "endpoint": [ - "$AGENT_ENDPOINT" + "$INBOUND_ENDPOINT" ], "autoAcceptConnections": true, "autoAcceptCredentials": "contentApproved", From 2e1203fdb4c515f3b71131edfd0d89527638b278 Mon Sep 17 00:00:00 2001 From: Sahil Kamble Date: Fri, 5 Sep 2025 16:35:46 +0530 Subject: [PATCH 14/15] WIP fixed agent endpoint saved at end Signed-off-by: Sahil Kamble --- apps/agent-provisioning/AFJ/scripts/fargate.sh | 2 +- apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/agent-provisioning/AFJ/scripts/fargate.sh b/apps/agent-provisioning/AFJ/scripts/fargate.sh index 3df339122..e3889a263 100644 --- a/apps/agent-provisioning/AFJ/scripts/fargate.sh +++ b/apps/agent-provisioning/AFJ/scripts/fargate.sh @@ -402,7 +402,7 @@ done echo "Creating agent config" cat <${PWD}/agent-provisioning/AFJ/endpoints/${AGENCY}_${CONTAINER_NAME}.json { - "CONTROLLER_ENDPOINT":"${CONTROLLER_ENDPOINT}" + "CONTROLLER_ENDPOINT":"$EXTERNAL_IP" } EOF diff --git a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh index adb83de81..3bedb6f36 100644 --- a/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh +++ b/apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh @@ -389,7 +389,7 @@ done echo "Creating agent config" cat <${PWD}/agent-provisioning/AFJ/endpoints/${AGENCY}_${CONTAINER_NAME}.json { - "CONTROLLER_ENDPOINT":"${CONTROLLER_ENDPOINT}" + "CONTROLLER_ENDPOINT":"$EXTERNAL_IP" } EOF From 77d91d5364a51a98fdd3c277c8c28c6d47d4305e Mon Sep 17 00:00:00 2001 From: Sahil Kamble Date: Mon, 8 Sep 2025 10:50:45 +0530 Subject: [PATCH 15/15] fix: fargate.sh inbound port to number from string Signed-off-by: Sahil Kamble --- apps/agent-provisioning/AFJ/scripts/fargate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/agent-provisioning/AFJ/scripts/fargate.sh b/apps/agent-provisioning/AFJ/scripts/fargate.sh index e3889a263..bb8ea9b66 100644 --- a/apps/agent-provisioning/AFJ/scripts/fargate.sh +++ b/apps/agent-provisioning/AFJ/scripts/fargate.sh @@ -139,7 +139,7 @@ cat <$PWD/agent-provisioning/AFJ/agent-config/${AGENCY}_${CONTAINER_NAME}. "inboundTransport": [ { "transport": "$PROTOCOL", - "port": "$INBOUND_PORT" + "port": $INBOUND_PORT } ], "outboundTransport": [