kamikazechaser/cic-internal-integration
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: kamikazechaser:lash/contract-migration-dump
Branches Tags
kamikazechaser:master kamikazechaser:cic-eth-server kamikazechaser:philip/translations-v1 kamikazechaser:sohail/help-menu-fix kamikazechaser:philip/ussd-poler kamikazechaser:philip/ussd-data-files kamikazechaser:philip/bump-test-coverage kamikazechaser:philip/cleanup-hardening kamikazechaser:lash/improve-cache kamikazechaser:sohail/contrib-docs kamikazechaser:sohail/alt-build kamikazechaser:lash/rules-of-engagement kamikazechaser:lash/bloxberg-seeding kamikazechaser:lash/token-checksum-address-fix kamikazechaser:sohail/nonce-order-fix kamikazechaser:willruddick-master-patch-65982 kamikazechaser:sohail/pip-url-fix kamikazechaser:philip/social-pin-recovery kamikazechaser:philip/multi-token-v1 kamikazechaser:revert-28936a58 kamikazechaser:152-revert-the-changes-to-the-new-code-of-conduct kamikazechaser:philip/token-meta kamikazechaser:lash/verify-cache kamikazechaser:lash/cic-cache-build kamikazechaser:lash/better-meta-logging kamikazechaser:lash/local-dev-improve kamikazechaser:lash/tmp-bloxberg-seeding kamikazechaser:lash/fix-docs kamikazechaser:lash/meta-immutable kamikazechaser:lash/split-migration kamikazechaser:feat/automation/add-semver kamikazechaser:lash/funga kamikazechaser:lash/api-choose-token kamikazechaser:lash/no-none-callbacks kamikazechaser:lash/update-aux-deps kamikazechaser:lash/gas-prefix kamikazechaser:philip/token-addition kamikazechaser:lash/build-migrations-again kamikazechaser:bvander/refactor-monorepo-deployment kamikazechaser:bvander/contract-migration-readyz kamikazechaser:lash/okota kamikazechaser:lash/more-case-case kamikazechaser:willruddick-master-patch-72638 kamikazechaser:sohail/ci-next kamikazechaser:lash/task-graphs kamikazechaser:lash/init-server kamikazechaser:lash/queue-recover kamikazechaser:lash/signer-missing-symbol kamikazechaser:lash/missing-env-vars kamikazechaser:lash/contract-migration-dump kamikazechaser:lash/import-handle-meta-dup kamikazechaser:lash/contract-migration-config kamikazechaser:bvander/one-service-auth kamikazechaser:lash/lockfix kamikazechaser:bvander/deploy-to-k8s-dev kamikazechaser:lash/normalize-backend-tx kamikazechaser:lash/upgrade-outer-tools kamikazechaser:lash/deploy-on-host kamikazechaser:lash/traffic-script-rehab kamikazechaser:lash/cic-eth-seeding-fix kamikazechaser:lash/verify-details kamikazechaser:lash/cic-eth-upgrade-more kamikazechaser:lash/signer-update kamikazechaser:bvander/swarm-traefik-checkpoint kamikazechaser:bvander/add-id-to-buildkit-cache kamikazechaser:bvander/integration-tests-on-docker kamikazechaser:lash/faucet-workaround kamikazechaser:lash/fix-configs kamikazechaser:lash/advanced-cache-queries kamikazechaser:lash/remove-cic-base kamikazechaser:bvander/easy-ussd-data-seeding kamikazechaser:bvander/liveness-probes kamikazechaser:bvander/build-script-changes kamikazechaser:bvander/user-balance-directory-retry kamikazechaser:lash/chainlib-nextgen kamikazechaser:lash/chaintool-alembic kamikazechaser:lash/migration-fix kamikazechaser:lash/fix-ussd-impotrs kamikazechaser:lash/dispatcher-leak kamikazechaser:pypi-deps-build kamikazechaser:lash/expand-tokens-in-list kamikazechaser:lash/eth-abi-exorcism kamikazechaser:lash/account-registry-filter-match kamikazechaser:lash/default-token-context kamikazechaser:bvander/cic-eth-base-image-and-testing kamikazechaser:lash/demurrage-task kamikazechaser:lash/explicit-token-type kamikazechaser:lash/free-api kamikazechaser:lash/new-sarafu-token kamikazechaser:bvander/flat-py-deps kamikazechaser:lash/traffic kamikazechaser:lash/improve-requirements kamikazechaser:philip/sms-cluster-issues kamikazechaser:lash/allowance kamikazechaser:lash/faucet-verif kamikazechaser:lash/fixture-move kamikazechaser:lash/move-to-chainlib-eth kamikazechaser:spencer/meta-multiple-hashes kamikazechaser:lash/downgrade-chainsyncer kamikazechaser:spencer/fix-import-scripts-build kamikazechaser:bvander/example-new-base-image-build kamikazechaser:lash/loglines kamikazechaser:philip/refactor-integration-tests kamikazechaser:lash/check-import-ussd kamikazechaser:lash/simple-compose kamikazechaser:no-host-mount-startup kamikazechaser:lash/tmp-check-chaintool kamikazechaser:lash/stale-import-deps kamikazechaser:lash/horse-cart kamikazechaser:philip/management-integration-tests kamikazechaser:lash/coveralls-that-coverall kamikazechaser:lash/update-imports-readme kamikazechaser:cic-eth-unittest kamikazechaser:lash/rehabilitate-tests-eth kamikazechaser:lash/rehabilitate-traffic-2 kamikazechaser:bvander/move-scripts-to-e2e-folder kamikazechaser:lash/update-contracts-in-migration-2 kamikazechaser:lash/cache-data-api kamikazechaser:philip/transaction-integration-tests kamikazechaser:lash/no-ussd-contamination kamikazechaser:philip/accounts-integration-tests kamikazechaser:lash/descriptive-documentation kamikazechaser:lash/decimals-in-api kamikazechaser:lash/scripts-stale-imports kamikazechaser:lash/custom-offset kamikazechaser:lash/upgrade-contracts-in-migration kamikazechaser:lash/catch-no-contract-crash kamikazechaser:philip/hardening-ussd-accounts kamikazechaser:lash/bump kamikazechaser:lash/cache-faucet kamikazechaser:philip/import-pins-script kamikazechaser:lash/celery-graphs kamikazechaser:lash/ci-for-scripts kamikazechaser:lash/chainlib-erc20-split kamikazechaser:lash/contract-interfaces kamikazechaser:contract-migration-include-data-scripts kamikazechaser:lash/cic-cache-tags kamikazechaser:lash/contracts-kill kamikazechaser:lash/right-token kamikazechaser:lash/rehabilitate-tests kamikazechaser:lash/get-registry-api kamikazechaser:lash/version-conflict kamikazechaser:lash/fix-chainlib-upgrade kamikazechaser:lash/default-token kamikazechaser:lash/emergency-shutdown-II kamikazechaser:lash/custom-meta kamikazechaser:lash/emergency-shutdown kamikazechaser:spencer/refactor-meta-library kamikazechaser:lash/simpler-token-selector kamikazechaser:tmp-simple-token-selector kamikazechaser:lash/ussd-final-steps kamikazechaser:lash/health-util kamikazechaser:philip/expect-scripts kamikazechaser:lash/settable-gas-price kamikazechaser:lash/cic-cache-syncer-backend-mixup kamikazechaser:philip/ussd-db-fixes kamikazechaser:philip/fix-filter-callbacks kamikazechaser:lash/chainlib-regression kamikazechaser:lash/improve-cic-cache-service kamikazechaser:tmp kamikazechaser:lash/update-syncer-imports kamikazechaser:lash/cache-tracker-history kamikazechaser:lash/rehabilitate-traffic kamikazechaser:lash/import-ussd kamikazechaser:lash/sovereign-script-fix kamikazechaser:lash/meta-index-phone kamikazechaser:lash/add-missing-state-file kamikazechaser:lash/external-notify-tasks kamikazechaser:lash/calculate-block-time kamikazechaser:lash/remove-stray-stat kamikazechaser:lash/4k kamikazechaser:lash/external-chain-queue kamikazechaser:lash/rehabilitate-cic-cache kamikazechaser:lash/rehabilitate-retrier kamikazechaser:lash/clean-sovereign-imports kamikazechaser:lash/import-scripts-typo kamikazechaser:lash/sovereign-import kamikazechaser:lash/connect-registry kamikazechaser:lash/migration-verify-faucet kamikazechaser:lash/cic-ussd-cic-eth-upgrade kamikazechaser:lash/add-omitted-tests kamikazechaser:lash/migration-last-gasp kamikazechaser:lash/new-contract-migration kamikazechaser:fix-cache-tasker kamikazechaser:bvander/fixes-to-contract-migration-deps kamikazechaser:spencer/cache-database-configs kamikazechaser:lash/cli-rehabilitations kamikazechaser:lash/browser-emulator-ussd kamikazechaser:lash/retry-on-signer-error kamikazechaser:lash/ussd-cli kamikazechaser:lash/cic-eth-upgrade kamikazechaser:lash/transfer-authorization kamikazechaser:lash/cic-cache-biiig-num kamikazechaser:lash/session-nonce-queue kamikazechaser:lash/fix-tx-list kamikazechaser:lash/refactor-syncer kamikazechaser:lash/fix-imports-again kamikazechaser:lash/import-scripts-refactor kamikazechaser:lash/audit-postgres-sessions kamikazechaser:bvander/cic-cache-build kamikazechaser:lash/new-transfer-request kamikazechaser:lash/admin-api-account-check kamikazechaser:lash/correct-db-names kamikazechaser:lash/rename-chainlib kamikazechaser:lash/schmigration kamikazechaser:lash/port-fixes kamikazechaser:bvander/cic-meta-docker-compose kamikazechaser:lash/cic-eth-create-cli-fixes kamikazechaser:cleanup-cic-eth kamikazechaser:remove-submodule-cic-ussd kamikazechaser:lash/some-vars kamikazechaser:lash/docker-compose
..
compare: kamikazechaser:bvander/deploy-to-k8s-dev
Branches Tags
kamikazechaser:cic-eth-server kamikazechaser:master kamikazechaser:philip/translations-v1 kamikazechaser:sohail/help-menu-fix kamikazechaser:philip/ussd-poler kamikazechaser:philip/ussd-data-files kamikazechaser:philip/bump-test-coverage kamikazechaser:philip/cleanup-hardening kamikazechaser:lash/improve-cache kamikazechaser:sohail/contrib-docs kamikazechaser:sohail/alt-build kamikazechaser:lash/rules-of-engagement kamikazechaser:lash/bloxberg-seeding kamikazechaser:lash/token-checksum-address-fix kamikazechaser:sohail/nonce-order-fix kamikazechaser:willruddick-master-patch-65982 kamikazechaser:sohail/pip-url-fix kamikazechaser:philip/social-pin-recovery kamikazechaser:philip/multi-token-v1 kamikazechaser:revert-28936a58 kamikazechaser:152-revert-the-changes-to-the-new-code-of-conduct kamikazechaser:philip/token-meta kamikazechaser:lash/verify-cache kamikazechaser:lash/cic-cache-build kamikazechaser:lash/better-meta-logging kamikazechaser:lash/local-dev-improve kamikazechaser:lash/tmp-bloxberg-seeding kamikazechaser:lash/fix-docs kamikazechaser:lash/meta-immutable kamikazechaser:lash/split-migration kamikazechaser:feat/automation/add-semver kamikazechaser:lash/funga kamikazechaser:lash/api-choose-token kamikazechaser:lash/no-none-callbacks kamikazechaser:lash/update-aux-deps kamikazechaser:lash/gas-prefix kamikazechaser:philip/token-addition kamikazechaser:lash/build-migrations-again kamikazechaser:bvander/refactor-monorepo-deployment kamikazechaser:bvander/contract-migration-readyz kamikazechaser:lash/okota kamikazechaser:lash/more-case-case kamikazechaser:willruddick-master-patch-72638 kamikazechaser:sohail/ci-next kamikazechaser:lash/task-graphs kamikazechaser:lash/init-server kamikazechaser:lash/queue-recover kamikazechaser:lash/signer-missing-symbol kamikazechaser:lash/missing-env-vars kamikazechaser:lash/contract-migration-dump kamikazechaser:lash/import-handle-meta-dup kamikazechaser:lash/contract-migration-config kamikazechaser:bvander/one-service-auth kamikazechaser:lash/lockfix kamikazechaser:bvander/deploy-to-k8s-dev kamikazechaser:lash/normalize-backend-tx kamikazechaser:lash/upgrade-outer-tools kamikazechaser:lash/deploy-on-host kamikazechaser:lash/traffic-script-rehab kamikazechaser:lash/cic-eth-seeding-fix kamikazechaser:lash/verify-details kamikazechaser:lash/cic-eth-upgrade-more kamikazechaser:lash/signer-update kamikazechaser:bvander/swarm-traefik-checkpoint kamikazechaser:bvander/add-id-to-buildkit-cache kamikazechaser:bvander/integration-tests-on-docker kamikazechaser:lash/faucet-workaround kamikazechaser:lash/fix-configs kamikazechaser:lash/advanced-cache-queries kamikazechaser:lash/remove-cic-base kamikazechaser:bvander/easy-ussd-data-seeding kamikazechaser:bvander/liveness-probes kamikazechaser:bvander/build-script-changes kamikazechaser:bvander/user-balance-directory-retry kamikazechaser:lash/chainlib-nextgen kamikazechaser:lash/chaintool-alembic kamikazechaser:lash/migration-fix kamikazechaser:lash/fix-ussd-impotrs kamikazechaser:lash/dispatcher-leak kamikazechaser:pypi-deps-build kamikazechaser:lash/expand-tokens-in-list kamikazechaser:lash/eth-abi-exorcism kamikazechaser:lash/account-registry-filter-match kamikazechaser:lash/default-token-context kamikazechaser:bvander/cic-eth-base-image-and-testing kamikazechaser:lash/demurrage-task kamikazechaser:lash/explicit-token-type kamikazechaser:lash/free-api kamikazechaser:lash/new-sarafu-token kamikazechaser:bvander/flat-py-deps kamikazechaser:lash/traffic kamikazechaser:lash/improve-requirements kamikazechaser:philip/sms-cluster-issues kamikazechaser:lash/allowance kamikazechaser:lash/faucet-verif kamikazechaser:lash/fixture-move kamikazechaser:lash/move-to-chainlib-eth kamikazechaser:spencer/meta-multiple-hashes kamikazechaser:lash/downgrade-chainsyncer kamikazechaser:spencer/fix-import-scripts-build kamikazechaser:bvander/example-new-base-image-build kamikazechaser:lash/loglines kamikazechaser:philip/refactor-integration-tests kamikazechaser:lash/check-import-ussd kamikazechaser:lash/simple-compose kamikazechaser:no-host-mount-startup kamikazechaser:lash/tmp-check-chaintool kamikazechaser:lash/stale-import-deps kamikazechaser:lash/horse-cart kamikazechaser:philip/management-integration-tests kamikazechaser:lash/coveralls-that-coverall kamikazechaser:lash/update-imports-readme kamikazechaser:cic-eth-unittest kamikazechaser:lash/rehabilitate-tests-eth kamikazechaser:lash/rehabilitate-traffic-2 kamikazechaser:bvander/move-scripts-to-e2e-folder kamikazechaser:lash/update-contracts-in-migration-2 kamikazechaser:lash/cache-data-api kamikazechaser:philip/transaction-integration-tests kamikazechaser:lash/no-ussd-contamination kamikazechaser:philip/accounts-integration-tests kamikazechaser:lash/descriptive-documentation kamikazechaser:lash/decimals-in-api kamikazechaser:lash/scripts-stale-imports kamikazechaser:lash/custom-offset kamikazechaser:lash/upgrade-contracts-in-migration kamikazechaser:lash/catch-no-contract-crash kamikazechaser:philip/hardening-ussd-accounts kamikazechaser:lash/bump kamikazechaser:lash/cache-faucet kamikazechaser:philip/import-pins-script kamikazechaser:lash/celery-graphs kamikazechaser:lash/ci-for-scripts kamikazechaser:lash/chainlib-erc20-split kamikazechaser:lash/contract-interfaces kamikazechaser:contract-migration-include-data-scripts kamikazechaser:lash/cic-cache-tags kamikazechaser:lash/contracts-kill kamikazechaser:lash/right-token kamikazechaser:lash/rehabilitate-tests kamikazechaser:lash/get-registry-api kamikazechaser:lash/version-conflict kamikazechaser:lash/fix-chainlib-upgrade kamikazechaser:lash/default-token kamikazechaser:lash/emergency-shutdown-II kamikazechaser:lash/custom-meta kamikazechaser:lash/emergency-shutdown kamikazechaser:spencer/refactor-meta-library kamikazechaser:lash/simpler-token-selector kamikazechaser:tmp-simple-token-selector kamikazechaser:lash/ussd-final-steps kamikazechaser:lash/health-util kamikazechaser:philip/expect-scripts kamikazechaser:lash/settable-gas-price kamikazechaser:lash/cic-cache-syncer-backend-mixup kamikazechaser:philip/ussd-db-fixes kamikazechaser:philip/fix-filter-callbacks kamikazechaser:lash/chainlib-regression kamikazechaser:lash/improve-cic-cache-service kamikazechaser:tmp kamikazechaser:lash/update-syncer-imports kamikazechaser:lash/cache-tracker-history kamikazechaser:lash/rehabilitate-traffic kamikazechaser:lash/import-ussd kamikazechaser:lash/sovereign-script-fix kamikazechaser:lash/meta-index-phone kamikazechaser:lash/add-missing-state-file kamikazechaser:lash/external-notify-tasks kamikazechaser:lash/calculate-block-time kamikazechaser:lash/remove-stray-stat kamikazechaser:lash/4k kamikazechaser:lash/external-chain-queue kamikazechaser:lash/rehabilitate-cic-cache kamikazechaser:lash/rehabilitate-retrier kamikazechaser:lash/clean-sovereign-imports kamikazechaser:lash/import-scripts-typo kamikazechaser:lash/sovereign-import kamikazechaser:lash/connect-registry kamikazechaser:lash/migration-verify-faucet kamikazechaser:lash/cic-ussd-cic-eth-upgrade kamikazechaser:lash/add-omitted-tests kamikazechaser:lash/migration-last-gasp kamikazechaser:lash/new-contract-migration kamikazechaser:fix-cache-tasker kamikazechaser:bvander/fixes-to-contract-migration-deps kamikazechaser:spencer/cache-database-configs kamikazechaser:lash/cli-rehabilitations kamikazechaser:lash/browser-emulator-ussd kamikazechaser:lash/retry-on-signer-error kamikazechaser:lash/ussd-cli kamikazechaser:lash/cic-eth-upgrade kamikazechaser:lash/transfer-authorization kamikazechaser:lash/cic-cache-biiig-num kamikazechaser:lash/session-nonce-queue kamikazechaser:lash/fix-tx-list kamikazechaser:lash/refactor-syncer kamikazechaser:lash/fix-imports-again kamikazechaser:lash/import-scripts-refactor kamikazechaser:lash/audit-postgres-sessions kamikazechaser:bvander/cic-cache-build kamikazechaser:lash/new-transfer-request kamikazechaser:lash/admin-api-account-check kamikazechaser:lash/correct-db-names kamikazechaser:lash/rename-chainlib kamikazechaser:lash/schmigration kamikazechaser:lash/port-fixes kamikazechaser:bvander/cic-meta-docker-compose kamikazechaser:lash/cic-eth-create-cli-fixes kamikazechaser:cleanup-cic-eth kamikazechaser:remove-submodule-cic-ussd kamikazechaser:lash/some-vars kamikazechaser:lash/docker-compose

23 Commits
lash/contr ... bvander/de

Author SHA1 Message Date
Blair Vanderlugt
4131bfea7c replace deploy image 2021-08-28 16:05:11 -07:00
Blair Vanderlugt
8f83066082 try a kustomize build 2021-08-28 15:42:08 -07:00
Blair Vanderlugt
01c6f06b4b Merge remote-tracking branch 'origin/master' into bvander/deploy-to-k8s-dev 2021-08-28 09:28:36 -07:00
Blair Vanderlugt
415d64a4bd Merge branch 'master' into bvander/deploy-to-k8s-dev 2021-08-25 08:57:39 -07:00
Blair Vanderlugt
79d29689f9 Merge branch 'master' into bvander/deploy-to-k8s-dev 2021-08-24 16:00:34 -07:00
Blair Vanderlugt
83f1161772 peppa pig 2021-08-24 14:53:22 -07:00
Blair Vanderlugt
93cedcc3dd remove flux stuff 2021-08-24 14:27:00 -07:00
Blair Vanderlugt
293c8d4b57 remove af secrets 2021-08-24 14:24:35 -07:00
Blair Vanderlugt
01fef92166 fix user proxy deployment 2021-08-24 12:39:45 -07:00
Blair Vanderlugt
41a7f483cc update the deploy script part 2021-08-24 12:22:34 -07:00
Blair Vanderlugt
aaa91dab63 Merge branch 'master' into bvander/deploy-to-k8s-dev 2021-08-24 12:04:08 -07:00
Blair Vanderlugt
c0e0836a08 Merge remote-tracking branch 'origin/master' into bvander/deploy-to-k8s-dev 2021-08-24 09:48:56 -07:00
Blair Vanderlugt
434805c914 progress 2021-08-24 09:48:38 -07:00
Blair Vanderlugt
6f7000f234 run contract migration to completion 2021-08-23 14:23:34 -07:00
Blair Vanderlugt
183bb1e50b fix images and remove last script 2021-08-23 14:05:51 -07:00
Blair Vanderlugt
8240a79b0e fix paths 2021-08-23 13:52:41 -07:00
Blair Vanderlugt
ea6ce88dab try and launch some k8s 2021-08-23 13:46:17 -07:00
Blair Vanderlugt
70ce759564 more debugging 2021-08-23 12:16:59 -07:00
Blair Vanderlugt
bca5d4d09f maybe just a typo 2021-08-23 11:58:16 -07:00
Blair Vanderlugt
a3c0539114 added secrets can we read 2021-08-23 10:40:32 -07:00
Blair Vanderlugt
a2fbdd8338 ci debug 2021-08-23 09:55:52 -07:00
Blair Vanderlugt
3f850913ed move the kaniko image to no be default 2021-08-23 09:54:05 -07:00
Blair Vanderlugt
6e97c41b78 try adding a k8s job 2021-08-23 09:50:05 -07:00
92 changed files with 4626 additions and 3122 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -14,3 +14,4 @@ build/
**/.venv
.idea
**/.vim
**/*secret.yaml

42
.gitlab-ci.yml
View File

@@ -20,24 +20,48 @@ variables:
DOCKER_BUILDKIT: "1"
COMPOSE_DOCKER_CLI_BUILD: "1"
CI_DEBUG_TRACE: "true"
TAG: $CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA
before_script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
# runs on protected branches and pushes to repo
build-push:
stage: build
tags:
- integration
#script:
# - TAG=$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA sh ./scripts/build-push.sh
before_script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
script:
- TAG=latest sh ./scripts/build-push.sh
- TAG=$TAG sh ./scripts/build-push.sh
rules:
- if: $CI_COMMIT_REF_PROTECTED == "true"
when: always
deploy-dev:
deploy-k8s-dev:
stage: deploy
trigger: grassrootseconomics/devops
when: manual
image: line/kubectl-kustomize
variables:
CI_DEBUG_TRACE: "true"
script:
- kubectl config set-cluster k8s --server="${K8S_DEV_SERVER?dev server missing}"
- kubectl config set clusters.k8s.certificate-authority-data ${K8S_DEV_CERTIFICATE_AUTHORITY_DATA}
- kubectl config set-credentials gitlab --token="${K8S_DEV_USER_TOKEN}"
- kubectl config set-context grassroots --cluster=k8s --user=gitlab --namespace grassroots
- kubectl config use-context grassroots
#- sed -i "s/<VERSION>/${CI_COMMIT_SHORT_SHA}/g" deployment.yaml
#- kubectl apply -f deployment.yaml
- echo "Wiping state..."
- kubectl delete jobs.batch --all
- kubectl delete hr postgresql && kubectl delete pvc -l 'app.kubernetes.io/name=postgresql'
- kubectl delete sts,pvc -l 'app=bloxberg-validator'
- kubectl delete hr redis && kubectl delete pvc -l 'app=redis'
- kubectl apply -f kubernetes/eth-node/ -f kubernetes/postgresql/ -f kubernetes/redis/
- echo "deploy and run database migrations..."
# set image based on deploy tag
- bash ./scripts/set-image.sh
- kubectl apply -f .
- echo "run contract migrations..."
- kubectl apply -f kubernetes/contract-migration/contract-migration-job.yaml
rules:
- if: $CI_COMMIT_REF_PROTECTED == "true"
when: always

25
README.md
View File

@@ -2,21 +2,25 @@
## Getting started
This repo uses docker-compose and docker buildkit. Set the following environment variables to get started:
## Make some keys
```
export COMPOSE_DOCKER_CLI_BUILD=1
export DOCKER_BUILDKIT=1
docker build -t bloxie . && docker run -v "$(pwd)/keys:/root/keys" --rm -it -t bloxie account new --chain /root/bloxberg.json --keys-path /root/keys
```
start services, database, redis and local ethereum node
```
docker-compose up -d
```
Run app/contract-migration to deploy contracts
### Prepare the repo
This is stuff we need to put in makefile but for now...
File mounts and permisssions need to be set
```
RUN_MASK=3 docker-compose up contract-migration
chmod -R 755 scripts/initdb apps/cic-meta/scripts/initdb
````
start cluster
```
docker-compose up
```
stop cluster
@@ -24,7 +28,7 @@ stop cluster
docker-compose down
```
stop cluster and delete data
delete data
```
docker-compose down -v
```
@@ -34,4 +38,5 @@ rebuild an images
docker-compose up --build <service_name>
```
Deployment variables are writtend to service-configs/.env after everthing is up.

10
apps/cic-eth/.gitlab-ci.yml
View File

@@ -9,8 +9,8 @@ build-test-cic-eth:
- cd apps/cic-eth
- docker build -t $MR_IMAGE_TAG -f docker/Dockerfile .
- docker run $MR_IMAGE_TAG sh docker/run_tests.sh
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
changes:
- apps/$APP_NAME/**/*
when: always
#rules:
#- if: $CI_PIPELINE_SOURCE == "merge_request_event"
# changes:
# - apps/$APP_NAME/**/*
# when: always

4
apps/cic-eth/cic_eth/db/migrations/default/versions/75d4767b3031_lock.py
View File

@@ -8,8 +8,8 @@ Create Date: 2021-04-02 18:41:20.864265
import datetime
from alembic import op
import sqlalchemy as sa
from chainlib.eth.constant import ZERO_ADDRESS
from cic_eth.db.enum import LockEnum
from cic_eth.encode import ZERO_ADDRESS_NORMAL
# revision identifiers, used by Alembic.
@@ -30,7 +30,7 @@ def upgrade():
sa.Column("otx_id", sa.Integer, sa.ForeignKey('otx.id'), nullable=True),
)
op.create_index('idx_chain_address', 'lock', ['blockchain', 'address'], unique=True)
op.execute("INSERT INTO lock (address, date_created, blockchain, flags) VALUES('{}', '{}', '::', {})".format(ZERO_ADDRESS_NORMAL, datetime.datetime.utcnow(), LockEnum.INIT | LockEnum.SEND | LockEnum.QUEUE))
op.execute("INSERT INTO lock (address, date_created, blockchain, flags) VALUES('{}', '{}', '::', {})".format(ZERO_ADDRESS, datetime.datetime.utcnow(), LockEnum.INIT | LockEnum.SEND | LockEnum.QUEUE))
def downgrade():

6
apps/cic-eth/cic_eth/eth/gas.py
View File

@@ -3,10 +3,7 @@ import logging
# external imports
import celery
from hexathon import (
strip_0x,
add_0x,
)
from hexathon import strip_0x
#from chainlib.eth.constant import ZERO_ADDRESS
from chainlib.chain import ChainSpec
from chainlib.eth.address import is_checksum_address
@@ -183,7 +180,6 @@ def check_gas(self, tx_hashes_hex, chain_spec_dict, txs_hex=[], address=None, ga
if not is_checksum_address(address):
raise ValueError('invalid address {}'.format(address))
address = tx_normalize.wallet_address(address)
address = add_0x(address)
tx_hashes = []
txs = []

2
apps/cic-eth/cic_eth/task.py
View File

@@ -13,6 +13,7 @@ from chainlib.eth.nonce import RPCNonceOracle
from chainlib.eth.gas import RPCGasOracle
from cic_eth_registry import CICRegistry
from cic_eth_registry.error import UnknownContractError
import liveness.linux
# local imports
from cic_eth.error import SeppukuError
@@ -47,7 +48,6 @@ class BaseTask(celery.Task):
def on_failure(self, exc, task_id, args, kwargs, einfo):
if isinstance(exc, SeppukuError):
import liveness.linux
liveness.linux.reset(rundir=self.run_dir)
logg.critical(einfo)
msg = 'received critical exception {}, calling shutdown'.format(str(exc))

2
apps/cic-eth/cic_eth/version.py
View File

@@ -10,7 +10,7 @@ version = (
0,
12,
4,
'alpha.8',
'alpha.7',
)
version_object = semver.VersionInfo(

23
apps/cic-eth/doc/texinfo/configuration.texi
View File

@@ -1,6 +1,8 @@
@node cic-eth configuration
@section Configuration
(refer to @code{cic-base} for a general overview of the config pipeline)
Configuration parameters are grouped by configuration filename.
@@ -38,26 +40,7 @@ Boolean value. If set, the amount of available context for a task in the result
@subsection database
@table @var
@item host
Database host
@item port
Database port
@item name
Database name
@item user
Database user
@item password
Database password
@item engine
The engine part of the dsn connection string (@code{postgresql} in @code{postgresql+psycopg2})
@item driver
The driver part of the dsn connection string (@code{psycopg2} in @code{postgresql+psycopg2})
@item pool_size
Connection pool size for database drivers that provide connection pooling
@item debug
Output actual sql queries to logs. Potentially very verbose
@end table
See ref cic-base when ready
@subsection eth

29
apps/cic-eth/docker/Dockerfile
View File

@@ -13,16 +13,7 @@ ARG EXTRA_PIP_ARGS=""
# pip install --index-url https://pypi.org/simple \
# --force-reinstall \
# --extra-index-url $GITLAB_PYTHON_REGISTRY --extra-index-url $EXTRA_INDEX_URL \
# -r requirements.txt
RUN --mount=type=cache,mode=0755,target=/root/.cache/pip \
pip install --index-url https://pypi.org/simple \
--extra-index-url $GITLAB_PYTHON_REGISTRY \
--extra-index-url $EXTRA_INDEX_URL \
$EXTRA_PIP_ARGS \
cic-eth-aux-erc20-demurrage-token~=0.0.2a6
# -r requirements.txt
COPY *requirements.txt ./
RUN --mount=type=cache,mode=0755,target=/root/.cache/pip \
pip install --index-url https://pypi.org/simple \
@@ -31,21 +22,19 @@ RUN --mount=type=cache,mode=0755,target=/root/.cache/pip \
$EXTRA_PIP_ARGS \
-r requirements.txt \
-r services_requirements.txt \
-r admin_requirements.txt
# always install the latest signer
RUN --mount=type=cache,mode=0755,target=/root/.cache/pip \
pip install --index-url https://pypi.org/simple \
--extra-index-url $GITLAB_PYTHON_REGISTRY \
--extra-index-url $EXTRA_INDEX_URL \
$EXTRA_PIP_ARGS \
crypto-dev-signer
-r admin_requirements.txt
COPY . .
RUN python setup.py install
ENV PYTHONPATH .
RUN --mount=type=cache,mode=0755,target=/root/.cache/pip \
pip install --index-url https://pypi.org/simple \
--extra-index-url $GITLAB_PYTHON_REGISTRY \
--extra-index-url $EXTRA_INDEX_URL \
$EXTRA_PIP_ARGS \
cic-eth-aux-erc20-demurrage-token~=0.0.2a6
COPY docker/entrypoints/* ./
RUN chmod 755 *.sh

36
apps/cic-eth/docker/entrypoints/start_tasker.sh
View File

@@ -5,27 +5,27 @@ set -e
# set CONFINI_ENV_PREFIX to override the env prefix to override env vars
#echo "!!! starting signer"
#python /usr/local/bin/crypto-dev-daemon -c /usr/local/etc/crypto-dev-signer -vv 2> /tmp/signer.log &
echo "!!! starting signer"
python /usr/local/bin/crypto-dev-daemon -c /usr/local/etc/crypto-dev-signer -vv 2> /tmp/signer.log &
echo "!!! starting taskerd"
/usr/local/bin/cic-eth-taskerd $@
# thanks! https://docs.docker.com/config/containers/multi-service_container/
#sleep 1;
#echo "!!! entering monitor loop"
#while true; do
# ps aux | grep crypto-dev-daemon | grep -q -v grep
# PROCESS_1_STATUS=$?
# ps aux | grep cic-eth-tasker |grep -q -v grep
# PROCESS_2_STATUS=$?
# # If the greps above find anything, they exit with 0 status
# # If they are not both 0, then something is wrong
# if [ $PROCESS_1_STATUS -ne 0 -o $PROCESS_2_STATUS -ne 0 ]; then
# echo "One of the processes has already exited."
# exit 1
# fi
# sleep 15;
#done
#
sleep 1;
echo "!!! entering monitor loop"
while true; do
ps aux | grep crypto-dev-daemon | grep -q -v grep
PROCESS_1_STATUS=$?
ps aux | grep cic-eth-tasker |grep -q -v grep
PROCESS_2_STATUS=$?
# If the greps above find anything, they exit with 0 status
# If they are not both 0, then something is wrong
if [ $PROCESS_1_STATUS -ne 0 -o $PROCESS_2_STATUS -ne 0 ]; then
echo "One of the processes has already exited."
exit 1
fi
sleep 15;
done
set +e

2
apps/cic-eth/requirements.txt
View File

@@ -1,3 +1,3 @@
celery==4.4.7
chainlib-eth>=0.0.9a11,<0.1.0
chainlib-eth>=0.0.9a7,<0.1.0
semver==2.13.0

3
apps/cic-eth/tests/task/test_task_gas.py
View File

@@ -75,7 +75,7 @@ def test_task_check_gas_ok(
'cic_eth.eth.gas.check_gas',
[
[
strip_0x(tx_hash_hex),
tx_hash_hex,
],
default_chain_spec.asdict(),
[],
@@ -283,3 +283,4 @@ def test_task_resend_explicit(
tx_after = unpack(bytes.fromhex(strip_0x(otx.signed_tx)), default_chain_spec)
logg.debug('gasprices before {} after {}'.format(tx_before['gasPrice'], tx_after['gasPrice']))
assert tx_after['gasPrice'] > tx_before['gasPrice']

2
apps/cic-eth/tools_requirements.txt
View File

@@ -1,4 +1,4 @@
crypto-dev-signer>=0.4.15a4,<=0.4.15
crypto-dev-signer>=0.4.15a1,<=0.4.15
chainqueue>=0.0.5a1,<0.1.0
cic-eth-registry>=0.6.1a2,<0.7.0
redis==3.5.3

10
apps/cic-meta/.gitlab-ci.yml
View File

@@ -9,8 +9,8 @@ build-test-cic-meta:
- cd apps/cic-meta
- docker build -t $MR_IMAGE_TAG -f docker/Dockerfile .
- docker run --entrypoint=sh $MR_IMAGE_TAG docker/run_tests.sh
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
changes:
- apps/$APP_NAME/**/*
when: always
#rules:
#- if: $CI_PIPELINE_SOURCE == "merge_request_event"
# changes:
# - apps/$APP_NAME/**/*
# when: always

1
apps/cic-meta/README.md
View File

@@ -1 +0,0 @@
# CIC-Meta

6
apps/cic-notify/cic_notify/tasks/sms/db.py
View File

@@ -11,12 +11,12 @@ celery_app = celery.current_app
@celery_app.task
def persist_notification(message, recipient):
def persist_notification(recipient, message):
"""
:param message:
:type message:
:param recipient:
:type recipient:
:param message:
:type message:
:return:
:rtype:
"""

7
apps/cic-notify/cic_notify/tasks/sms/log.py
View File

@@ -11,13 +11,12 @@ local_logg = logging.getLogger(__name__)
@celery_app.task
def log(message, recipient):
def log(recipient, message):
"""
:param message:
:type message:
:param recipient:
:type recipient:
:param message:
:type message:
:return:
:rtype:
"""

11
apps/cic-ussd/cic_ussd/account/transaction.py
View File

@@ -1,6 +1,5 @@
# standard import
import decimal
import json
import logging
from typing import Dict, Tuple
@@ -9,8 +8,6 @@ from cic_eth.api import Api
from sqlalchemy.orm.session import Session
# local import
from cic_ussd.account.chain import Chain
from cic_ussd.account.tokens import get_cached_default_token
from cic_ussd.db.models.account import Account
from cic_ussd.db.models.base import SessionBase
from cic_ussd.error import UnknownUssdRecipient
@@ -62,9 +59,7 @@ def from_wei(value: int) -> float:
:return: SRF equivalent of value in Wei
:rtype: float
"""
cached_token_data = json.loads(get_cached_default_token(Chain.spec.__str__()))
token_decimals: int = cached_token_data.get('decimals')
value = float(value) / (10**token_decimals)
value = float(value) / 1e+6
return truncate(value=value, decimals=2)
@@ -75,9 +70,7 @@ def to_wei(value: int) -> int:
:return: Wei equivalent of value in SRF
:rtype: int
"""
cached_token_data = json.loads(get_cached_default_token(Chain.spec.__str__()))
token_decimals: int = cached_token_data.get('decimals')
return int(value * (10**token_decimals))
return int(value * 1e+6)
def truncate(value: float, decimals: int):

2
apps/cic-ussd/cic_ussd/metadata/base.py
View File

@@ -44,7 +44,7 @@ class MetadataRequestsHandler(Metadata):
def create(self, data: Union[Dict, str]):
""""""
data = json.dumps(data).encode('utf-8')
data = json.dumps(data)
result = make_request(method='POST', url=self.url, data=data, headers=self.headers)
error_handler(result=result)

2
apps/cic-ussd/cic_ussd/session/ussd_session.py
View File

@@ -146,7 +146,7 @@ def create_ussd_session(
)
def update_ussd_session(ussd_session: DbUssdSession,
def update_ussd_session(ussd_session: UssdSession,
user_input: str,
state: str,
data: Optional[dict] = None) -> UssdSession:

14
apps/cic-ussd/cic_ussd/tasks/callback_handler.py
View File

@@ -138,14 +138,26 @@ def transaction_balances_callback(self, result: list, param: dict, status_code:
balances_data = result[0]
available_balance = calculate_available_balance(balances_data)
transaction = param
blockchain_address = transaction.get('blockchain_address')
transaction['available_balance'] = available_balance
queue = self.request.delivery_info.get('routing_key')
s_preferences_metadata = celery.signature(
'cic_ussd.tasks.metadata.query_preferences_metadata', [blockchain_address], queue=queue
)
s_process_account_metadata = celery.signature(
'cic_ussd.tasks.processor.parse_transaction', [transaction], queue=queue
)
s_notify_account = celery.signature('cic_ussd.tasks.notifications.transaction', queue=queue)
celery.chain(s_process_account_metadata, s_notify_account).apply_async()
if transaction.get('transaction_type') == 'transfer':
celery.chain(s_preferences_metadata, s_process_account_metadata, s_notify_account).apply_async()
if transaction.get('transaction_type') == 'tokengift':
s_process_account_metadata = celery.signature(
'cic_ussd.tasks.processor.parse_transaction', [{}, transaction], queue=queue
)
celery.chain(s_process_account_metadata, s_notify_account).apply_async()
@celery_app.task

9
apps/cic-ussd/cic_ussd/tasks/processor.py
View File

@@ -8,7 +8,6 @@ import i18n
from chainlib.hash import strip_0x
# local imports
from cic_ussd.account.metadata import get_cached_preferred_language
from cic_ussd.account.statement import get_cached_statement
from cic_ussd.account.transaction import aux_transaction_data, validate_transaction_account
from cic_ussd.cache import cache_data, cache_data_key
@@ -59,17 +58,19 @@ def cache_statement(parsed_transaction: dict, querying_party: str):
@celery_app.task
def parse_transaction(transaction: dict) -> dict:
def parse_transaction(preferences: dict, transaction: dict) -> dict:
"""This function parses transaction objects and collates all relevant data for system use i.e:
- An account's set preferred language.
- Account identifier that facilitates notification.
- Contextual tags i.e action and direction tags.
:param preferences: An account's set preferences.
:type preferences: dict
:param transaction: Transaction object.
:type transaction: dict
:return: Transaction object with contextual data for use in the system.
:rtype: dict
"""
preferred_language = get_cached_preferred_language(transaction.get('blockchain_address'))
preferred_language = preferences.get('preferred_language')
if not preferred_language:
preferred_language = i18n.config.get('fallback')
transaction['preferred_language'] = preferred_language
@@ -82,8 +83,6 @@ def parse_transaction(transaction: dict) -> dict:
alt_account = session.query(Account).filter_by(blockchain_address=alt_blockchain_address).first()
if alt_account:
transaction['alt_metadata_id'] = alt_account.standard_metadata_id()
else:
transaction['alt_metadata_id'] = 'GRASSROOTS ECONOMICS'
transaction['metadata_id'] = account.standard_metadata_id()
transaction['phone_number'] = account.phone_number
session.close()

43
apps/contract-migration/config.sh
View File

@@ -1,43 +0,0 @@
#!/bin/bash
set -a
if [ -z $DEV_DATA_DIR ]; then
export DEV_DATA_DIR=`mktemp -d`
else
mkdir -p $DEV_DATA_DIR
fi
if [ -z $DEV_CONFIG_RESET ]; then
if [ -f ${DEV_DATA_DIR}/env_reset ]; then
>&2 echo "importing existing configuration values from ${DEV_DATA_DIR}/env_reset"
. ${DEV_DATA_DIR}/env_reset
fi
fi
# Handle wallet
export WALLET_KEY_FILE=${WALLET_KEY_FILE:-`realpath ./keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c`}
if [ ! -f $WALLET_KEY_FILE ]; then
>&2 echo "wallet path '$WALLET_KEY_FILE' does not point to a file"
exit 1
fi
export DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER=`eth-checksum $(cat $WALLET_KEY_FILE | jq -r .address)`
# Wallet dependent variable defaults
export DEV_ETH_ACCOUNT_RESERVE_MINTER=${DEV_ETH_ACCOUNT_RESERVE_MINTER:-$DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER}
export DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER=${DEV_ETH_ACCOUNT_RESERVE_MINTER:-$DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER}
export CIC_TRUST_ADDRESS=${CIC_TRUST_ADDRESS:-$DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER}
export CIC_DEFAULT_TOKEN_SYMBOL=$TOKEN_SYMBOL
export TOKEN_SINK_ADDRESS=${TOKEN_SINK_ADDRESS:-$DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER}
# Legacy variable defaults
# Migration variable processing
confini-dump --schema-module chainlib.eth.data.config --schema-module cic_eth.data.config --schema-dir ./config --prefix export > ${DEV_DATA_DIR}/env_reset
cat ${DEV_DATA_DIR}/env_reset
set +a

23
apps/contract-migration/config/config.ini
View File

@@ -1,23 +0,0 @@
[token]
name = Giftable Token
symbol = GFT
type = giftable_erc20_token
demurrage_level = 196454828847045000000000000000000
redistribution_period =
supply_limit =
sink_address =
[dev]
eth_account_contract_deployer =
eth_account_reserve_minter =
eth_account_accounts_index_writer =
reserve_amount = 10000000000000000000000000000000000
faucet_amount = 0
gas_amount = 100000000000000000000000
token_amount = 100000000000000000000000
eth_gas_price =
data_dir =
pip_extra_index_url =
eth_provider_host =
eth_provider_port =

8
apps/contract-migration/requirements.txt
View File

@@ -1,6 +1,6 @@
cic-eth[tools]==0.12.4a8
chainlib-eth>=0.0.9a9,<0.1.0
eth-erc20>=0.1.2a3,<0.2.0
cic-eth[tools]==0.12.4a4
chainlib-eth>=0.0.9a7,<0.1.0
eth-erc20>=0.1.2a2,<0.2.0
erc20-demurrage-token>=0.0.5a2,<0.1.0
eth-accounts-index>=0.1.2a2,<0.2.0
eth-address-index>=0.2.3a4,<0.3.0
@@ -8,5 +8,3 @@ cic-eth-registry>=0.6.1a2,<0.7.0
erc20-transfer-authorization>=0.3.5a2,<0.4.0
erc20-faucet>=0.3.2a2,<0.4.0
sarafu-faucet>=0.0.7a2,<0.1.0
confini>=0.4.2rc3,<1.0.0
crypto-dev-signer>=0.4.15a4,<=0.4.15

238
apps/contract-migration/reset.sh
View File

@@ -2,115 +2,179 @@
set -a
. ${DEV_DATA_DIR}/env_reset
default_token=giftable_erc20_token
TOKEN_SYMBOL=${CIC_DEFAULT_TOKEN_SYMBOL}
TOKEN_NAME=${TOKEN_NAME}
TOKEN_TYPE=${TOKEN_TYPE:-$default_token}
cat <<EOF
external token settings:
token_type: $TOKEN_TYPE
token_symbol: $TOKEN_SYMBOL
token_name: $TOKEN_NAME
token_decimals: $TOKEN_DECIMALS
token_demurrage: $TOKEN_DEMURRAGE_LEVEL
token_redistribution_period: $TOKEN_REDISTRIBUTION_PERIOD
token_supply_limit: $TOKEN_SUPPLY_LIMIT
EOF
CHAIN_SPEC=${CHAIN_SPEC:-$CIC_CHAIN_SPEC}
RPC_HTTP_PROVIDER=${RPC_HTTP_PROVIDER:-$ETH_PROVIDER}
DEV_ETH_ACCOUNT_RESERVE_MINTER=${DEV_ETH_ACCOUNT_RESERVE_MINTER:-$DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER}
DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER=${DEV_ETH_ACCOUNT_RESERVE_MINTER:-$DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER}
DEV_RESERVE_AMOUNT=${DEV_ETH_RESERVE_AMOUNT:-""10000000000000000000000000000000000}
DEV_FAUCET_AMOUNT=${DEV_FAUCET_AMOUNT:-0}
DEV_ETH_KEYSTORE_FILE=${DEV_ETH_KEYSTORE_FILE:-`realpath ./keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c`}
set -e
DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER=`eth-checksum $(cat $DEV_ETH_KEYSTORE_FILE | jq -r .address)`
if [ ! -z $DEV_ETH_GAS_PRICE ]; then
gas_price_arg="--gas-price $DEV_ETH_GAS_PRICE"
fee_price_arg="--fee-price $DEV_ETH_GAS_PRICE"
>&2 echo using static gas price $DEV_ETH_GAS_PRICE
fi
echo "environment:"
printenv
echo \n
echo "using wallet address '$DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER' from keystore file $DEV_ETH_KEYSTORE_FILE"
# This is a grassroots team convention for building the Bancor contracts using the bancor protocol repository truffle setup
# Running this in docker-internal dev container (built from Docker folder in this repo) will write a
# source-able env file to CIC_DATA_DIR. Services dependent on these contracts can mount this file OR
# define these parameters at runtime
# pushd /usr/src
if [ -z $CIC_DATA_DIR ]; then
CIC_DATA_DIR=`mktemp -d`
fi
>&2 echo using data dir $CIC_DATA_DIR
init_level_file=${CIC_DATA_DIR}/.init
if [ ! -f ${CIC_DATA_DIR}/.init ]; then
echo "Creating .init file..."
mkdir -p $CIC_DATA_DIR
touch $CIC_DATA_DIR/.init
# touch $init_level_file
fi
echo -n 1 > $init_level_file
# Abort on any error (including if wait-for-it fails).
# Wait for the backend to be up, if we know where it is.
if [ -z "${RPC_PROVIDER}" ]; then
echo "\$RPC_PROVIDER not set!"
exit 1
fi
if [[ -n "${ETH_PROVIDER}" ]]; then
unset CONFINI_DIR
export CONFINI_DIR=$_CONFINI_DIR
unset CONFINI_DIR
if [ ! -z "$DEV_USE_DOCKER_WAIT_SCRIPT" ]; then
IFS=: read -a p <<< "$RPC_PROVIDER"
read -i "/" rpc_provider_port <<< "${p[2]}"
rpc_provider_host=${p[1]:2}
echo "waiting for provider host $rpc_provider_host port $rpc_provider_port..."
./wait-for-it.sh "$rpc_provider_host:$rpc_provider_port"
fi
if [ "$TOKEN_TYPE" == "giftable_erc20_token" ]; then
if [ -z "$TOKEN_SYMBOL" ]; then
>&2 echo token symbol not set, setting defaults for type $TOKEN_TYPE
TOKEN_SYMBOL="GFT"
TOKEN_NAME="Giftable Token"
elif [ -z "$TOKEN_NAME" ]; then
>&2 echo token name not set, setting same as symbol for type $TOKEN_TYPE
TOKEN_NAME=$TOKEN_SYMBOL
if [ ! -z "$DEV_USE_DOCKER_WAIT_SCRIPT" ]; then
echo "waiting for ${ETH_PROVIDER}..."
./wait-for-it.sh "${ETH_PROVIDER_HOST}:${ETH_PROVIDER_PORT}"
fi
>&2 echo deploying default token $TOKEN_TYPE
echo giftable-token-deploy $fee_price_arg -p $RPC_PROVIDER -y $WALLET_KEY_FILE -i $CIC_CHAIN_SPEC -vv -s -ww --name "$TOKEN_NAME" --symbol $TOKEN_SYMBOL --decimals 6 -vv
DEV_RESERVE_ADDRESS=`giftable-token-deploy $fee_price_arg -p $RPC_PROVIDER -y $WALLET_KEY_FILE -i $CIC_CHAIN_SPEC -vv -s -ww --name "$TOKEN_NAME" --symbol $TOKEN_SYMBOL --decimals 6 -vv`
elif [ "$TOKEN_TYPE" == "erc20_demurrage_token" ]; then
if [ -z "$TOKEN_SYMBOL" ]; then
>&2 echo token symbol not set, setting defaults for type $TOKEN_TYPE
TOKEN_SYMBOL="DET"
TOKEN_NAME="Demurrage Token"
elif [ -z "$TOKEN_NAME" ]; then
>&2 echo token name not set, setting same as symbol for type $TOKEN_TYPE
TOKEN_NAME=$TOKEN_SYMBOL
fi
>&2 echo deploying token $TOKEN_TYPE
if [ -z $TOKEN_SINK_ADDRESS ]; then
if [ ! -z $TOKEN_REDISTRIBUTION_PERIOD ]; then
>&2 echo -e "\033[;93mtoken sink address not set, so redistribution will be BURNED\033[;39m"
if [ "$TOKEN_TYPE" == "$default_token" ]; then
if [ -z "$TOKEN_SYMBOL" ]; then
>&2 echo token symbol not set, setting defaults for type $TOKEN_TYPE
TOKEN_SYMBOL="GFT"
TOKEN_NAME="Giftable Token"
elif [ -z "$TOKEN_NAME" ]; then
>&2 echo token name not set, setting same as symbol for type $TOKEN_TYPE
TOKEN_NAME=$TOKEN_SYMBOL
fi
>&2 echo deploying default token $TOKEN_TYPE
echo giftable-token-deploy $fee_price_arg -p $ETH_PROVIDER -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -vv -s -ww --name "$TOKEN_NAME" --symbol $TOKEN_SYMBOL --decimals 6 -vv
DEV_RESERVE_ADDRESS=`giftable-token-deploy $fee_price_arg -p $ETH_PROVIDER -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -vv -s -ww --name "$TOKEN_NAME" --symbol $TOKEN_SYMBOL --decimals 6 -vv`
elif [ "$TOKEN_TYPE" == "erc20_demurrage_token" ]; then
if [ -z "$TOKEN_SYMBOL" ]; then
>&2 echo token symbol not set, setting defaults for type $TOKEN_TYPE
TOKEN_SYMBOL="SARAFU"
TOKEN_NAME="Sarafu Token"
elif [ -z "$TOKEN_NAME" ]; then
>&2 echo token name not set, setting same as symbol for type $TOKEN_TYPE
TOKEN_NAME=$TOKEN_SYMBOL
fi
>&2 echo deploying token $TOKEN_TYPE
if [ -z $TOKEN_SINK_ADDRESS ]; then
if [ ! -z $TOKEN_REDISTRIBUTION_PERIOD ]; then
>&2 echo -e "\033[;93mtoken sink address not set, so redistribution will be BURNED\033[;39m"
fi
fi
DEV_RESERVE_ADDRESS=`erc20-demurrage-token-deploy $fee_price_arg -p $ETH_PROVIDER -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC --name "$TOKEN_NAME" --symbol $TOKEN_SYMBOL -vv -ww -s`
else
>&2 echo unknown token type $TOKEN_TYPE
exit 1
fi
DEV_RESERVE_ADDRESS=`erc20-demurrage-token-deploy $fee_price_arg -p $RPC_PROVIDER -y $WALLET_KEY_FILE -i $CIC_CHAIN_SPEC --name "$TOKEN_NAME" --symbol $TOKEN_SYMBOL -vv -ww -s`
echo "giftable-token-gift $fee_price_arg -p $ETH_PROVIDER -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -vv -w -e $DEV_RESERVE_ADDRESS $DEV_RESERVE_AMOUNT"
giftable-token-gift $fee_price_arg -p $ETH_PROVIDER -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -u -vv -s -w -e $DEV_RESERVE_ADDRESS $DEV_RESERVE_AMOUNT
>&2 echo "deploy account index contract"
DEV_ACCOUNT_INDEX_ADDRESS=`eth-accounts-index-deploy $fee_price_arg -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -y $DEV_ETH_KEYSTORE_FILE -vv -s -u -w`
>&2 echo "add deployer address as account index writer"
eth-accounts-index-writer $fee_price_arg -s -u -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -e $DEV_ACCOUNT_INDEX_ADDRESS -ww -vv $debug $DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER
>&2 echo "deploy contract registry contract"
CIC_REGISTRY_ADDRESS=`eth-contract-registry-deploy $fee_price_arg -i $CIC_CHAIN_SPEC -y $DEV_ETH_KEYSTORE_FILE --identifier AccountRegistry --identifier TokenRegistry --identifier AddressDeclarator --identifier Faucet --identifier TransferAuthorization --identifier ContractRegistry -p $ETH_PROVIDER -vv -s -u -w`
eth-contract-registry-set $fee_price_arg -s -u -w -y $DEV_ETH_KEYSTORE_FILE -e $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv --identifier ContractRegistry $CIC_REGISTRY_ADDRESS
eth-contract-registry-set $fee_price_arg -s -u -w -y $DEV_ETH_KEYSTORE_FILE -e $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv --identifier AccountRegistry $DEV_ACCOUNT_INDEX_ADDRESS
# Deploy address declarator registry
>&2 echo "deploy address declarator contract"
declarator_description=0x546869732069732074686520434943206e6574776f726b000000000000000000
DEV_DECLARATOR_ADDRESS=`eth-address-declarator-deploy -s -u -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w -vv $declarator_description`
eth-contract-registry-set $fee_price_arg -s -u -w -y $DEV_ETH_KEYSTORE_FILE -e $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv --identifier AddressDeclarator $DEV_DECLARATOR_ADDRESS
# Deploy transfer authorization contact
>&2 echo "deploy transfer auth contract"
DEV_TRANSFER_AUTHORIZATION_ADDRESS=`erc20-transfer-auth-deploy $gas_price_arg -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w -vv`
eth-contract-registry-set $fee_price_arg -s -u -w -y $DEV_ETH_KEYSTORE_FILE -e $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv --identifier TransferAuthorization $DEV_TRANSFER_AUTHORIZATION_ADDRESS
# Deploy token index contract
>&2 echo "deploy token index contract"
DEV_TOKEN_INDEX_ADDRESS=`eth-token-index-deploy -s -u $fee_price_arg -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w -vv`
eth-contract-registry-set $fee_price_arg -s -u -w -y $DEV_ETH_KEYSTORE_FILE -e $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv --identifier TokenRegistry $DEV_TOKEN_INDEX_ADDRESS
>&2 echo "add reserve token to token index"
eth-token-index-add $fee_price_arg -s -u -w -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv -e $DEV_TOKEN_INDEX_ADDRESS $DEV_RESERVE_ADDRESS
# Sarafu faucet contract
>&2 echo "deploy token faucet contract"
DEV_FAUCET_ADDRESS=`sarafu-faucet-deploy $fee_price_arg -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -w -vv --account-index-address $DEV_ACCOUNT_INDEX_ADDRESS $DEV_RESERVE_ADDRESS -s`
>&2 echo "set token faucet amount"
sarafu-faucet-set $fee_price_arg -y $DEV_ETH_KEYSTORE_FILE -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -e $DEV_FAUCET_ADDRESS -vv -s --fee-limit 100000 $DEV_FAUCET_AMOUNT
>&2 echo "register faucet in registry"
eth-contract-registry-set -s -u $fee_price_arg -w -y $DEV_ETH_KEYSTORE_FILE -e $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv --identifier Faucet $DEV_FAUCET_ADDRESS
>&2 echo "set faucet as token minter"
giftable-token-minter -s -u $fee_price_arg -w -y $DEV_ETH_KEYSTORE_FILE -e $DEV_RESERVE_ADDRESS -i $CIC_CHAIN_SPEC -p $ETH_PROVIDER -vv $DEV_FAUCET_ADDRESS
export CONFINI_DIR=$_CONFINI_DIR
else
>&2 echo unknown token type $TOKEN_TYPE
echo "\$ETH_PROVIDER not set!"
exit 1
fi
echo "giftable-token-gift $fee_price_arg -p $RPC_PROVIDER -y $WALLET_KEY_FILE -i $CIC_CHAIN_SPEC -vv -w -e $DEV_RESERVE_ADDRESS $DEV_RESERVE_AMOUNT"
giftable-token-gift $fee_price_arg -p $RPC_PROVIDER -y $WALLET_KEY_FILE -i $CIC_CHAIN_SPEC -u -vv -s -w -e $DEV_RESERVE_ADDRESS $DEV_RESERVE_AMOUNT
mkdir -p $CIC_DATA_DIR
>&2 echo using data dir $CIC_DATA_DIR for environment variable dump
>&2 echo "deploy account index contract"
DEV_ACCOUNT_INDEX_ADDRESS=`eth-accounts-index-deploy $fee_price_arg -i $CIC_CHAIN_SPEC -p $RPC_PROVIDER -y $WALLET_KEY_FILE -vv -s -u -w`
>&2 echo "add deployer address as account index writer"
eth-accounts-index-writer $fee_price_arg -s -u -y $WALLET_KEY_FILE -i $CIC_CHAIN_SPEC -p $RPC_PROVIDER -e $DEV_ACCOUNT_INDEX_ADDRESS -ww -vv $debug $DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER
# this is consumed in downstream services to set environment variables
cat << EOF > $CIC_DATA_DIR/.env
export CIC_REGISTRY_ADDRESS=$CIC_REGISTRY_ADDRESS
export CIC_TRUST_ADDRESS=$DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER
export CIC_DECLARATOR_ADDRESS=$CIC_DECLARATOR_ADDRESS
EOF
>&2 echo "deploy contract registry contract"
CIC_REGISTRY_ADDRESS=`eth-contract-registry-deploy $fee_price_arg -i $CIC_CHAIN_SPEC -y $WALLET_KEY_FILE --identifier AccountRegistry --identifier TokenRegistry --identifier AddressDeclarator --identifier Faucet --identifier TransferAuthorization --identifier ContractRegistry -p $RPC_PROVIDER -vv -s -u -w`
eth-contract-registry-set $fee_price_arg -s -u -w -y $WALLET_KEY_FILE -e $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $RPC_PROVIDER -vv --identifier ContractRegistry $CIC_REGISTRY_ADDRESS
eth-contract-registry-set $fee_price_arg -s -u -w -y $WALLET_KEY_FILE -e $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $RPC_PROVIDER -vv --identifier AccountRegistry $DEV_ACCOUNT_INDEX_ADDRESS
# Deploy address declarator registry
>&2 echo "deploy address declarator contract"
declarator_description=0x546869732069732074686520434943206e6574776f726b000000000000000000
DEV_DECLARATOR_ADDRESS=`eth-address-declarator-deploy -s -u -y $WALLET_KEY_FILE -i $CIC_CHAIN_SPEC -p $RPC_PROVIDER -w -vv $declarator_description`
eth-contract-registry-set $fee_price_arg -s -u -w -y $WALLET_KEY_FILE -e $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $RPC_PROVIDER -vv --identifier AddressDeclarator $DEV_DECLARATOR_ADDRESS
# Deploy transfer authorization contact
>&2 echo "deploy transfer auth contract"
DEV_TRANSFER_AUTHORIZATION_ADDRESS=`erc20-transfer-auth-deploy $gas_price_arg -y $WALLET_KEY_FILE -i $CIC_CHAIN_SPEC -p $RPC_PROVIDER -w -vv`
eth-contract-registry-set $fee_price_arg -s -u -w -y $WALLET_KEY_FILE -e $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $RPC_PROVIDER -vv --identifier TransferAuthorization $DEV_TRANSFER_AUTHORIZATION_ADDRESS
# Deploy token index contract
>&2 echo "deploy token index contract"
DEV_TOKEN_INDEX_ADDRESS=`eth-token-index-deploy -s -u $fee_price_arg -y $WALLET_KEY_FILE -i $CIC_CHAIN_SPEC -p $RPC_PROVIDER -w -vv`
eth-contract-registry-set $fee_price_arg -s -u -w -y $WALLET_KEY_FILE -e $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $RPC_PROVIDER -vv --identifier TokenRegistry $DEV_TOKEN_INDEX_ADDRESS
>&2 echo "add reserve token to token index"
eth-token-index-add $fee_price_arg -s -u -w -y $WALLET_KEY_FILE -i $CIC_CHAIN_SPEC -p $RPC_PROVIDER -vv -e $DEV_TOKEN_INDEX_ADDRESS $DEV_RESERVE_ADDRESS
# Sarafu faucet contract
>&2 echo "deploy token faucet contract"
DEV_FAUCET_ADDRESS=`sarafu-faucet-deploy $fee_price_arg -y $WALLET_KEY_FILE -i $CIC_CHAIN_SPEC -p $RPC_PROVIDER -w -vv --account-index-address $DEV_ACCOUNT_INDEX_ADDRESS $DEV_RESERVE_ADDRESS -s`
>&2 echo "set token faucet amount"
sarafu-faucet-set $fee_price_arg -w -y $WALLET_KEY_FILE -i $CIC_CHAIN_SPEC -p $RPC_PROVIDER -e $DEV_FAUCET_ADDRESS -vv -s --fee-limit 100000 $DEV_FAUCET_AMOUNT
>&2 echo "register faucet in registry"
eth-contract-registry-set -s -u $fee_price_arg -w -y $WALLET_KEY_FILE -e $CIC_REGISTRY_ADDRESS -i $CIC_CHAIN_SPEC -p $RPC_PROVIDER -vv --identifier Faucet $DEV_FAUCET_ADDRESS
>&2 echo "set faucet as token minter"
giftable-token-minter -s -u $fee_price_arg -w -y $WALLET_KEY_FILE -e $DEV_RESERVE_ADDRESS -i $CIC_CHAIN_SPEC -p $RPC_PROVIDER -vv $DEV_FAUCET_ADDRESS
#echo "export CIC_DEFAULT_TOKEN_SYMBOL=$TOKEN_SYMBOL" >> ${DEV_DATA_DIR}/env_reset
export CIC_DEFAULT_TOKEN_SYMBOL=$TOKEN_SYMBOL
confini-dump --schema-module chainlib.eth.data.config --schema-module cic_eth.data.config --schema-dir ./config --prefix export > ${DEV_DATA_DIR}/env_reset
confini-dump --schema-module chainlib.eth.data.config --schema-module cic_eth.data.config --schema-dir ./config
cat ./envlist | bash from_env.sh > $CIC_DATA_DIR/.env_all
cat ./envlist
# popd
set +a
set +e
echo -n 2 > $init_level_file
exec "$@"

8
apps/contract-migration/run_job.sh
View File

@@ -1,13 +1,5 @@
#! /bin/bash
>&2 echo -e "\033[;96mRUNNING\033[;39m configurations"
. ./config.sh
if [ $? -ne "0" ]; then
>&2 echo -e "\033[;31mFAILED\033[;39m configurations"
exit 1;
fi
>&2 echo -e "\033[;32mSUCCEEDED\033[;39m configurations"
if [[ $((RUN_MASK & 1)) -eq 1 ]]
then
>&2 echo -e "\033[;96mRUNNING\033[;39m RUN_MASK 1 - contract deployment"

73
apps/contract-migration/seed_cic_eth.sh
View File

@@ -1,40 +1,68 @@
#!/bin/bash
# defaults
source ${DEV_DATA_DIR}/env_reset
cat ${DEV_DATA_DIR}/env_reset
#initlevel=`cat ${CIC_DATA_DIR}/.init`
#echo $inilevel
#if [ $initlevel -lt 2 ]; then
# >&2 echo "initlevel too low $initlevel"
# exit 1
#fi
source ${CIC_DATA_DIR}/.env
source ${CIC_DATA_DIR}/.env_all
DEV_PIP_EXTRA_INDEX_URL=${DEV_PIP_EXTRA_INDEX_URL:-https://pip.grassrootseconomics.net:8433}
DEV_DATABASE_NAME_CIC_ETH=${DEV_DATABASE_NAME_CIC_ETH:-"cic-eth"}
CIC_DATA_DIR=${CIC_DATA_DIR:-/tmp/cic}
ETH_PASSPHRASE=''
CIC_DEFAULT_TOKEN_SYMBOL=${CIC_DEFAULT_TOKEN_SYMBOL:-GFT}
TOKEN_SYMBOL=$CIC_DEFAULT_TOKEN_SYMBOL
CHAIN_SPEC=${CHAIN_SPEC:-$CIC_CHAIN_SPEC}
RPC_HTTP_PROVIDER=${RPC_HTTP_PROVIDER:-$ETH_PROVIDER}
# Debug flag
DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER=0xEb3907eCad74a0013c259D5874AE7f22DcBcC95C
keystore_file=./keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
debug='-vv'
gas_amount=100000000000000000000000
token_amount=${gas_amount}
env_out_file=${CIC_DATA_DIR}/.env_seed
init_level_file=${CIC_DATA_DIR}/.init
empty_config_dir=$CONFINI_DIR/empty
truncate $env_out_file -s 0
set -e
set -a
#pip install --extra-index-url $DEV_PIP_EXTRA_INDEX_URL eth-address-index==0.1.1a7
export CONFINI_DIR=$_CONFINI_DIR
unset CONFINI_DIR
# get required addresses from registries
token_index_address=`eth-contract-registry-list -u -i $CHAIN_SPEC -p $RPC_PROVIDER -e $CIC_REGISTRY_ADDRESS -vv --raw TokenRegistry`
account_index_address=`eth-contract-registry-list -u -i $CHAIN_SPEC -p $RPC_PROVIDER -e $CIC_REGISTRY_ADDRESS -vv --raw AccountRegistry`
reserve_address=`eth-token-index-list -i $CHAIN_SPEC -u -p $RPC_PROVIDER -e $token_index_address -vv --raw $CIC_DEFAULT_TOKEN_SYMBOL`
>&2 echo "Token registry: $token_index_address"
>&2 echo "Account registry: $account_index_address"
>&2 echo "Reserve address: $reserve_address ($TOKEN_SYMBOL)"
DEV_TOKEN_INDEX_ADDRESS=`eth-contract-registry-list -u -i $CHAIN_SPEC -p $ETH_PROVIDER -e $CIC_REGISTRY_ADDRESS -vv --raw TokenRegistry`
DEV_ACCOUNT_INDEX_ADDRESS=`eth-contract-registry-list -u -i $CHAIN_SPEC -p $ETH_PROVIDER -e $CIC_REGISTRY_ADDRESS -vv --raw AccountRegistry`
DEV_RESERVE_ADDRESS=`eth-token-index-list -i $CHAIN_SPEC -u -p $ETH_PROVIDER -e $DEV_TOKEN_INDEX_ADDRESS -vv --raw $CIC_DEFAULT_TOKEN_SYMBOL`
cat <<EOF
Token registry: $DEV_TOKEN_INDEX_ADDRESS
Account reigstry: $DEV_ACCOUNT_INDEX_ADDRESS
Reserve address: $DEV_RESERVE_ADDRESS ($CIC_DEFAULT_TOKEN_SYMBOL)
EOF
>&2 echo "create account for gas gifter"
old_gas_provider=$DEV_ETH_ACCOUNT_GAS_PROVIDER
#DEV_ETH_ACCOUNT_GAS_GIFTER=`CONFINI_DIR=$empty_config_dir cic-eth-create --redis-timeout 120 $debug --redis-host $REDIS_HOST --redis-host-callback=$REDIS_HOST --redis-port-callback=$REDIS_PORT --no-register`
DEV_ETH_ACCOUNT_GAS_GIFTER=`cic-eth-create --redis-timeout 120 $debug --redis-host $REDIS_HOST --redis-host-callback=$REDIS_HOST --redis-port-callback=$REDIS_PORT --no-register`
DEV_ETH_ACCOUNT_GAS_GIFTER=`CONFINI_DIR=$empty_config_dir cic-eth-create --redis-timeout 120 $debug --redis-host $REDIS_HOST --redis-host-callback=$REDIS_HOST --redis-port-callback=$REDIS_PORT --no-register`
echo DEV_ETH_ACCOUNT_GAS_GIFTER=$DEV_ETH_ACCOUNT_GAS_GIFTER >> $env_out_file
cic-eth-tag -i $CHAIN_SPEC GAS_GIFTER $DEV_ETH_ACCOUNT_GAS_GIFTER
>&2 echo "create account for sarafu gifter"
DEV_ETH_ACCOUNT_SARAFU_GIFTER=`CONFINI_DIR=$empty_config_dir cic-eth-create $debug --redis-host $REDIS_HOST --redis-host-callback=$REDIS_HOST --redis-port-callback=$REDIS_PORT --no-register`
echo DEV_ETH_ACCOUNT_SARAFU_GIFTER=$DEV_ETH_ACCOUNT_SARAFU_GIFTER >> $env_out_file
cic-eth-tag -i $CHAIN_SPEC SARAFU_GIFTER $DEV_ETH_ACCOUNT_SARAFU_GIFTER
>&2 echo "create account for approval escrow owner"
DEV_ETH_ACCOUNT_TRANSFER_AUTHORIZATION_OWNER=`CONFINI_DIR=$empty_config_dir cic-eth-create $debug --redis-host $REDIS_HOST --redis-host-callback=$REDIS_HOST --redis-port-callback=$REDIS_PORT --no-register`
echo DEV_ETH_ACCOUNT_TRANSFER_AUTHORIZATION_OWNER=$DEV_ETH_ACCOUNT_TRANSFER_AUTHORIZATION_OWNER >> $env_out_file
cic-eth-tag -i $CHAIN_SPEC TRANSFER_AUTHORIZATION_OWNER $DEV_ETH_ACCOUNT_TRANSFER_AUTHORIZATION_OWNER
#>&2 echo "create account for faucet owner"
@@ -44,45 +72,50 @@ cic-eth-tag -i $CHAIN_SPEC TRANSFER_AUTHORIZATION_OWNER $DEV_ETH_ACCOUNT_TRANSFE
>&2 echo "create account for accounts index writer"
DEV_ETH_ACCOUNT_ACCOUNT_REGISTRY_WRITER=`CONFINI_DIR=$empty_config_dir cic-eth-create $debug --redis-host $REDIS_HOST --redis-host-callback=$REDIS_HOST --redis-port-callback=$REDIS_PORT --no-register`
echo DEV_ETH_ACCOUNT_ACCOUNT_REGISTRY_WRITER=$DEV_ETH_ACCOUNT_ACCOUNT_REGISTRY_WRITER >> $env_out_file
cic-eth-tag -i $CHAIN_SPEC ACCOUNT_REGISTRY_WRITER $DEV_ETH_ACCOUNT_ACCOUNT_REGISTRY_WRITER
>&2 echo "add acccounts index writer account as writer on contract"
eth-accounts-index-writer -s -u -y $WALLET_KEY_FILE -i $CHAIN_SPEC -p $RPC_PROVIDER -e $account_index_address -ww $debug $DEV_ETH_ACCOUNT_ACCOUNT_REGISTRY_WRITER
eth-accounts-index-writer -s -u -y $keystore_file -i $CHAIN_SPEC -p $ETH_PROVIDER -e $DEV_ACCOUNT_INDEX_ADDRESS -ww $debug $DEV_ETH_ACCOUNT_ACCOUNT_REGISTRY_WRITER
# Transfer gas to custodial gas provider adddress
_CONFINI_DIR=$CONFINI_DIR
unset CONFINI_DIR
>&2 echo gift gas to gas gifter
>&2 eth-gas -s -u -y $WALLET_KEY_FILE -i $CHAIN_SPEC -p $RPC_PROVIDER -w $debug -a $DEV_ETH_ACCOUNT_GAS_GIFTER $DEV_GAS_AMOUNT
>&2 eth-gas -s -u -y $keystore_file -i $CHAIN_SPEC -p $ETH_PROVIDER -w $debug -a $DEV_ETH_ACCOUNT_GAS_GIFTER $gas_amount
>&2 echo gift gas to sarafu token owner
>&2 eth-gas -s -u -y $WALLET_KEY_FILE -i $CHAIN_SPEC -p $RPC_PROVIDER -w $debug -a $DEV_ETH_ACCOUNT_SARAFU_GIFTER $DEV_GAS_AMOUNT
>&2 eth-gas -s -u -y $keystore_file -i $CHAIN_SPEC -p $ETH_PROVIDER -w $debug -a $DEV_ETH_ACCOUNT_SARAFU_GIFTER $gas_amount
>&2 echo gift gas to account index owner
>&2 eth-gas -s -u -y $WALLET_KEY_FILE -i $CHAIN_SPEC -p $RPC_PROVIDER -w $debug -a $DEV_ETH_ACCOUNT_ACCOUNT_REGISTRY_WRITER $DEV_GAS_AMOUNT
>&2 eth-gas -s -u -y $keystore_file -i $CHAIN_SPEC -p $ETH_PROVIDER -w $debug -a $DEV_ETH_ACCOUNT_ACCOUNT_REGISTRY_WRITER $gas_amount
# Send token to token creator
>&2 echo "gift tokens to sarafu owner"
echo "giftable-token-gift -s -u -y $WALLET_KEY_FILE -i $CHAIN_SPEC -p $RPC_PROVIDER -e $reserve_address -a $DEV_ETH_ACCOUNT_SARAFU_GIFTER -w $debug $DEV_TOKEN_AMOUNT"
>&2 giftable-token-gift -s -u -y $WALLET_KEY_FILE -i $CHAIN_SPEC -p $RPC_PROVIDER -e $reserve_address -a $DEV_ETH_ACCOUNT_SARAFU_GIFTER -w $debug $DEV_TOKEN_AMOUNT
echo "giftable-token-gift -s -u -y $keystore_file -i $CHAIN_SPEC -p $ETH_PROVIDER -e $DEV_RESERVE_ADDRESS -a $DEV_ETH_ACCOUNT_SARAFU_GIFTER -w $debug $token_amount"
>&2 giftable-token-gift -s -u -y $keystore_file -i $CHAIN_SPEC -p $ETH_PROVIDER -e $DEV_RESERVE_ADDRESS -a $DEV_ETH_ACCOUNT_SARAFU_GIFTER -w $debug $token_amount
# Send token to token gifter
>&2 echo "gift tokens to keystore address"
>&2 giftable-token-gift -s -u -y $WALLET_KEY_FILE -i $CHAIN_SPEC -p $RPC_PROVIDER -e $reserve_address -a $DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER -w $debug $DEV_TOKEN_AMOUNT
>&2 giftable-token-gift -s -u -y $keystore_file -i $CHAIN_SPEC -p $ETH_PROVIDER -e $DEV_RESERVE_ADDRESS -a $DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER -w $debug $token_amount
>&2 echo "set sarafu token to reserve token (temporarily while bancor contracts are not connected)"
echo DEV_ETH_SARAFU_TOKEN_ADDRESS=$DEV_ETH_RESERVE_ADDRESS >> $env_out_file
export DEV_ETH_SARAFU_TOKEN_ADDRESS=$DEV_ETH_RESERVE_ADDRESS
# Transfer tokens to gifter address
>&2 echo "transfer tokens to token gifter address"
>&2 erc20-transfer -s -u -y $WALLET_KEY_FILE -i $CHAIN_SPEC -p $RPC_PROVIDER --fee-limit 100000 -e $reserve_address -w $debug -a $DEV_ETH_ACCOUNT_SARAFU_GIFTER ${DEV_TOKEN_AMOUNT:0:-1}
>&2 erc20-transfer -s -u -y $keystore_file -i $CHAIN_SPEC -p $ETH_PROVIDER --fee-limit 100000 -e $DEV_RESERVE_ADDRESS -w $debug -a $DEV_ETH_ACCOUNT_SARAFU_GIFTER ${token_amount:0:-1}
#echo -n 0 > $init_level_file
#CONFINI_DIR=$_CONFINI_DIR
# Remove the SEND (8), QUEUE (16) and INIT (2) locks (or'ed), set by default at migration
cic-eth-ctl -i $CHAIN_SPEC unlock INIT
cic-eth-ctl -i $CHAIN_SPEC unlock SEND
cic-eth-ctl -i $CHAIN_SPEC unlock QUEUE
confini-dump --schema-module chainlib.eth.data.config --schema-module cic_eth.data.config --schema-dir ./config
export CONFINI_DIR=$_CONFINI_DIR
set +a
set +e

2
apps/data-seeding/.dockerignore
View File

@@ -2,7 +2,7 @@
.cache
.dot
**/doc
node_modules/
**/node_modules
**/venv
**/.venv

194
apps/data-seeding/cic_ussd/import_balance.py
View File

@@ -1,61 +1,64 @@
# standard imports
import argparse
import logging
import os
import sys
import os
# external imports
import celery
import confini
import redis
from chainlib.chain import ChainSpec
from chainlib.eth.address import to_checksum_address
from chainlib.eth.connection import EthHTTPConnection
from confini import Config
from crypto_dev_signer.eth.signer import ReferenceSigner as EIP155Signer
from crypto_dev_signer.keystore.dict import DictKeystore
# local imports
from import_util import BalanceProcessor, get_celery_worker_status
from import_task import ImportTask, MetadataTask
from import_util import BalanceProcessor, get_celery_worker_status
default_config_dir = './config'
logging.basicConfig(level=logging.WARNING)
logg = logging.getLogger()
arg_parser = argparse.ArgumentParser(description='Daemon worker that handles data seeding tasks.')
arg_parser.add_argument('-c', type=str, default=default_config_dir, help='config root to use.')
arg_parser.add_argument('--env-prefix',
default=os.environ.get('CONFINI_ENV_PREFIX'),
dest='env_prefix',
type=str,
help='environment prefix for variables to overwrite configuration.')
arg_parser.add_argument('--head', action='store_true', help='start at current block height (overrides --offset)')
arg_parser.add_argument('-i', '--chain-spec', type=str, dest='i', help='chain spec')
arg_parser.add_argument('--include-balances', dest='include_balances', help='include opening balance transactions',
action='store_true')
arg_parser.add_argument('--meta-host', dest='meta_host', type=str, help='metadata server host')
arg_parser.add_argument('--meta-port', dest='meta_port', type=int, help='metadata server host')
arg_parser.add_argument('-p', '--provider', dest='p', type=str, help='chain rpc provider address')
arg_parser.add_argument('-q', type=str, default='cic-import-ussd', help='celery queue to submit data seeding tasks to.')
arg_parser.add_argument('-r', '--registry-address', type=str, dest='r', help='CIC Registry address')
arg_parser.add_argument('--redis-db', dest='redis_db', type=int, help='redis db to use for task submission and callback')
arg_parser.add_argument('--redis-host', dest='redis_host', type=str, help='redis host to use for task submission')
arg_parser.add_argument('--redis-port', dest='redis_port', type=int, help='redis host to use for task submission')
arg_parser.add_argument('--token-symbol', default='GFT', type=str, dest='token_symbol',
help='Token symbol to use for transactions')
arg_parser.add_argument('-v', help='be verbose', action='store_true')
arg_parser.add_argument('-vv', help='be more verbose', action='store_true')
arg_parser.add_argument('-y', '--key-file', dest='y', type=str, help='Ethereum keystore file to use for signing')
arg_parser.add_argument('--offset', type=int, default=0, help='block offset to start syncer from')
arg_parser.add_argument('--old-chain-spec', type=str, dest='old_chain_spec', default='evm:oldchain:1',
help='chain spec')
arg_parser.add_argument('import_dir', default='out', type=str, help='user export directory')
args = arg_parser.parse_args()
config_dir = './config'
if args.vv:
logging.getLogger().setLevel(logging.DEBUG)
elif args.v:
argparser = argparse.ArgumentParser(description='daemon that monitors transactions in new blocks')
argparser.add_argument('-p', '--provider', dest='p', type=str, help='chain rpc provider address')
argparser.add_argument('-y', '--key-file', dest='y', type=str, help='Ethereum keystore file to use for signing')
argparser.add_argument('-c', type=str, default=config_dir, help='config root to use')
argparser.add_argument('--old-chain-spec', type=str, dest='old_chain_spec', default='evm:oldchain:1', help='chain spec')
argparser.add_argument('-i', '--chain-spec', type=str, dest='i', help='chain spec')
argparser.add_argument('-r', '--registry-address', type=str, dest='r', help='CIC Registry address')
argparser.add_argument('--meta-host', dest='meta_host', type=str, help='metadata server host')
argparser.add_argument('--meta-port', dest='meta_port', type=int, help='metadata server host')
argparser.add_argument('--redis-host', dest='redis_host', type=str, help='redis host to use for task submission')
argparser.add_argument('--redis-port', dest='redis_port', type=int, help='redis host to use for task submission')
argparser.add_argument('--redis-db', dest='redis_db', type=int, help='redis db to use for task submission and callback')
argparser.add_argument('--token-symbol', default='GFT', type=str, dest='token_symbol',
help='Token symbol to use for transactions')
argparser.add_argument('--head', action='store_true', help='start at current block height (overrides --offset)')
argparser.add_argument('--env-prefix', default=os.environ.get('CONFINI_ENV_PREFIX'), dest='env_prefix', type=str,
help='environment prefix for variables to overwrite configuration')
argparser.add_argument('-q', type=str, default='cic-import-ussd', help='celery queue to submit transaction tasks to')
argparser.add_argument('--offset', type=int, default=0, help='block offset to start syncer from')
argparser.add_argument('-v', help='be verbose', action='store_true')
argparser.add_argument('-vv', help='be more verbose', action='store_true')
argparser.add_argument('user_dir', default='out', type=str, help='user export directory')
args = argparser.parse_args(sys.argv[1:])
if args.v:
logging.getLogger().setLevel(logging.INFO)
config = Config(args.c, args.env_prefix)
elif args.vv:
logging.getLogger().setLevel(logging.DEBUG)
config_dir = os.path.join(args.c)
os.makedirs(config_dir, 0o777, True)
config = confini.Config(config_dir, args.env_prefix)
config.process()
# override args
args_override = {
'CIC_CHAIN_SPEC': getattr(args, 'i'),
'ETH_PROVIDER': getattr(args, 'p'),
@@ -70,76 +73,88 @@ args_override = {
config.dict_override(args_override, 'cli flag')
config.censor('PASSWORD', 'DATABASE')
config.censor('PASSWORD', 'SSL')
logg.debug(f'config loaded from {args.c}:\n{config}')
logg.debug('config loaded from {}:\n{}'.format(config_dir, config))
db_config = {
'database': config.get('DATABASE_NAME'),
'host': config.get('DATABASE_HOST'),
'port': config.get('DATABASE_PORT'),
'user': config.get('DATABASE_USER'),
'password': config.get('DATABASE_PASSWORD')
}
ImportTask.db_config = db_config
redis_host = config.get('REDIS_HOST')
redis_port = config.get('REDIS_PORT')
redis_db = config.get('REDIS_DB')
r = redis.Redis(redis_host, redis_port, redis_db)
# create celery apps
celery_app = celery.Celery(backend=config.get('CELERY_RESULT_URL'), broker=config.get('CELERY_BROKER_URL'))
status = get_celery_worker_status(celery_app=celery_app)
signer_address = None
keystore = DictKeystore()
os.path.isfile(args.y)
logg.debug(f'loading keystore file {args.y}')
signer_address = keystore.import_keystore_file(args.y)
logg.debug(f'now have key for signer address {signer_address}')
if args.y is not None:
logg.debug('loading keystore file {}'.format(args.y))
signer_address = keystore.import_keystore_file(args.y)
logg.debug('now have key for signer address {}'.format(signer_address))
# define signer
signer = EIP155Signer(keystore)
block_offset = -1 if args.head else args.offset
queue = args.q
chain_str = config.get('CIC_CHAIN_SPEC')
block_offset = 0
if args.head:
block_offset = -1
else:
block_offset = args.offset
chain_spec = ChainSpec.from_chain_str(chain_str)
ImportTask.chain_spec = chain_spec
old_chain_spec_str = args.old_chain_spec
old_chain_spec = ChainSpec.from_chain_str(old_chain_spec_str)
user_dir = args.user_dir # user_out_dir from import_users.py
token_symbol = args.token_symbol
MetadataTask.meta_host = config.get('META_HOST')
MetadataTask.meta_port = config.get('META_PORT')
txs_dir = os.path.join(args.import_dir, 'txs')
os.makedirs(txs_dir, exist_ok=True)
sys.stdout.write(f'created txs dir: {txs_dir}')
celery_app = celery.Celery(broker=config.get('CELERY_BROKER_URL'), backend=config.get('CELERY_RESULT_URL'))
get_celery_worker_status(celery_app)
ImportTask.chain_spec = chain_spec
def main():
conn = EthHTTPConnection(config.get('ETH_PROVIDER'))
ImportTask.balance_processor = BalanceProcessor(conn,
chain_spec,
config.get('CIC_REGISTRY_ADDRESS'),
signer_address,
signer)
ImportTask.balance_processor.init(args.token_symbol)
ImportTask.balance_processor = BalanceProcessor(conn, chain_spec, config.get('CIC_REGISTRY_ADDRESS'),
signer_address, signer)
ImportTask.balance_processor.init(token_symbol)
# TODO get decimals from token
balances = {}
accuracy = 10 ** 6
count = 0
with open(f'{args.import_dir}/balances.csv', 'r') as balances_file:
while True:
line = balances_file.readline()
if line is None:
break
balance_data = line.split(',')
try:
blockchain_address = to_checksum_address(balance_data[0])
logg.info(
'loading balance: {} {} {}'.format(count, blockchain_address, balance_data[1].ljust(200) + "\r"))
except ValueError:
break
balance = int(int(balance_data[1].rstrip()) / accuracy)
balances[blockchain_address] = balance
count += 1
f = open('{}/balances.csv'.format(user_dir, 'r'))
remove_zeros = 10 ** 6
i = 0
while True:
l = f.readline()
if l is None:
break
r = l.split(',')
try:
address = to_checksum_address(r[0])
sys.stdout.write('loading balance {} {} {}'.format(i, address, r[1]).ljust(200) + "\r")
except ValueError:
break
balance = int(int(r[1].rstrip()) / remove_zeros)
balances[address] = balance
i += 1
f.close()
ImportTask.balances = balances
ImportTask.count = count
ImportTask.include_balances = args.include_balances is True
ImportTask.import_dir = args.import_dir
s_send_txs = celery.signature(
'import_task.send_txs', [ImportTask.balance_processor.nonce_offset], queue=args.q)
s_send_txs.apply_async()
ImportTask.count = i
ImportTask.import_dir = user_dir
s = celery.signature(
'import_task.send_txs',
[
MetadataTask.balance_processor.nonce_offset,
],
queue=queue,
)
s.apply_async()
argv = ['worker']
if args.vv:
@@ -150,7 +165,6 @@ def main():
argv.append(args.q)
argv.append('-n')
argv.append(args.q)
argv.append(f'--pidfile={args.q}.pid')
celery_app.worker_main(argv)

72
apps/data-seeding/cic_ussd/import_pins.py
View File

@@ -1,63 +1,71 @@
# standard imports
# standard import
import argparse
import csv
import logging
import os
import psycopg2
# external imports
from confini import Config
# third-party imports
import celery
import confini
# local imports
from import_util import get_celery_worker_status
default_config_dir = './config'
logging.basicConfig(level=logging.WARNING)
logg = logging.getLogger()
arg_parser = argparse.ArgumentParser(description='Pins import script.')
arg_parser.add_argument('-c', type=str, default=default_config_dir, help='config root to use.')
default_config_dir = './config'
arg_parser = argparse.ArgumentParser()
arg_parser.add_argument('-c', type=str, default=default_config_dir, help='config root to use')
arg_parser.add_argument('--env-prefix',
default=os.environ.get('CONFINI_ENV_PREFIX'),
dest='env_prefix',
type=str,
help='environment prefix for variables to overwrite configuration.')
arg_parser.add_argument('import_dir', default='out', type=str, help='user export directory')
help='environment prefix for variables to overwrite configuration')
arg_parser.add_argument('-q', type=str, default='cic-import-ussd', help='celery queue to submit transaction tasks to')
arg_parser.add_argument('-v', help='be verbose', action='store_true')
arg_parser.add_argument('-vv', help='be more verbose', action='store_true')
arg_parser.add_argument('pins_dir', default='out', type=str, help='user export directory')
args = arg_parser.parse_args()
if args.vv:
logging.getLogger().setLevel(logging.DEBUG)
elif args.v:
logging.getLogger().setLevel(logging.INFO)
# set log levels
if args.v:
logg.setLevel(logging.INFO)
elif args.vv:
logg.setLevel(logging.DEBUG)
config = Config(args.c, args.env_prefix)
# process configs
config_dir = args.c
config = confini.Config(config_dir, os.environ.get('CONFINI_ENV_PREFIX'))
config.process()
config.censor('PASSWORD', 'DATABASE')
logg.debug(f'config loaded from {args.c}:\n{config}')
logg.debug('config loaded from {}:\n{}'.format(args.c, config))
celery_app = celery.Celery(broker=config.get('CELERY_BROKER_URL'), backend=config.get('CELERY_RESULT_URL'))
status = get_celery_worker_status(celery_app=celery_app)
db_configs = {
'database': config.get('DATABASE_NAME'),
'host': config.get('DATABASE_HOST'),
'port': config.get('DATABASE_PORT'),
'user': config.get('DATABASE_USER'),
'password': config.get('DATABASE_PASSWORD')
}
def main():
with open(f'{args.import_dir}/pins.csv') as pins_file:
with open(f'{args.pins_dir}/pins.csv') as pins_file:
phone_to_pins = [tuple(row) for row in csv.reader(pins_file)]
db_conn = psycopg2.connect(
database=config.get('DATABASE_NAME'),
host=config.get('DATABASE_HOST'),
port=config.get('DATABASE_PORT'),
user=config.get('DATABASE_USER'),
password=config.get('DATABASE_PASSWORD')
s_import_pins = celery.signature(
'import_task.set_pins',
(db_configs, phone_to_pins),
queue=args.q
)
db_cursor = db_conn.cursor()
sql = 'UPDATE account SET password_hash = %s WHERE phone_number = %s'
for element in phone_to_pins:
db_cursor.execute(sql, (element[1], element[0]))
logg.debug(f'Updating account: {element[0]} with: {element[1]}')
db_conn.commit()
db_cursor.close()
db_conn.close()
result = s_import_pins.apply_async()
logg.debug(f'TASK: {result.id}, STATUS: {result.status}')
if __name__ == '__main__':

353
apps/data-seeding/cic_ussd/import_task.py
View File

@@ -1,37 +1,38 @@
# standard imports
import csv
import json
import logging
import os
import random
import uuid
from urllib import error, parse, request
import urllib.error
import urllib.parse
import urllib.request
# external imports
import celery
import psycopg2
from celery import Task
from chainlib.chain import ChainSpec
from chainlib.eth.address import to_checksum_address
from chainlib.eth.tx import raw, unpack
from cic_types.models.person import Person, generate_metadata_pointer
from hexathon import add_0x, strip_0x
from chainlib.eth.tx import (
unpack,
raw,
)
from cic_types.models.person import Person
from cic_types.processor import generate_metadata_pointer
from hexathon import (
strip_0x,
add_0x,
)
# local imports
celery_app = celery.current_app
logg = logging.getLogger()
celery_app = celery.current_app
class ImportTask(Task):
class ImportTask(celery.Task):
balances = None
balance_processor = None
chain_spec: ChainSpec = None
import_dir = 'out'
count = 0
db_config: dict = None
import_dir = ''
include_balances = False
chain_spec = None
balance_processor = None
max_retries = None
@@ -40,70 +41,121 @@ class MetadataTask(ImportTask):
meta_port = None
meta_path = ''
meta_ssl = False
autoretry_for = (error.HTTPError, OSError,)
autoretry_for = (
urllib.error.HTTPError,
OSError,
)
retry_jitter = True
retry_backoff = True
retry_backoff_max = 60
@classmethod
def meta_url(cls):
def meta_url(self):
scheme = 'http'
if cls.meta_ssl:
if self.meta_ssl:
scheme += 's'
url = parse.urlparse(f'{scheme}://{cls.meta_host}:{cls.meta_port}/{cls.meta_path}')
return parse.urlunparse(url)
url = urllib.parse.urlparse('{}://{}:{}/{}'.format(scheme, self.meta_host, self.meta_port, self.meta_path))
return urllib.parse.urlunparse(url)
def old_address_from_phone(base_path: str, phone_number: str):
pid_x = generate_metadata_pointer(phone_number.encode('utf-8'), ':cic.phone')
phone_idx_path = os.path.join(f'{base_path}/phone/{pid_x[:2]}/{pid_x[2:4]}/{pid_x}')
with open(phone_idx_path, 'r') as f:
old_address = f.read()
def old_address_from_phone(base_path, phone):
pidx = generate_metadata_pointer(phone.encode('utf-8'), ':cic.phone')
phone_idx_path = os.path.join('{}/phone/{}/{}/{}'.format(
base_path,
pidx[:2],
pidx[2:4],
pidx,
)
)
f = open(phone_idx_path, 'r')
old_address = f.read()
f.close()
return old_address
@celery_app.task(bind=True, base=MetadataTask)
def generate_person_metadata(self, blockchain_address: str, phone_number: str):
logg.debug(f'blockchain address: {blockchain_address}')
old_blockchain_address = old_address_from_phone(self.import_dir, phone_number)
old_address_upper = strip_0x(old_blockchain_address).upper()
metadata_path = f'{self.import_dir}/old/{old_address_upper[:2]}/{old_address_upper[2:4]}/{old_address_upper}.json'
with open(metadata_path, 'r') as metadata_file:
person_metadata = json.load(metadata_file)
person = Person.deserialize(person_metadata)
if not person.identities.get('evm'):
person.identities['evm'] = {}
sub_chain_str = f'{self.chain_spec.common_name()}:{self.chain_spec.network_id()}'
person.identities['evm'][sub_chain_str] = [add_0x(blockchain_address)]
blockchain_address = strip_0x(blockchain_address)
file_path = os.path.join(
self.import_dir,
'new',
blockchain_address[:2].upper(),
blockchain_address[2:4].upper(),
blockchain_address.upper() + '.json'
)
os.makedirs(os.path.dirname(file_path), exist_ok=True)
serialized_person_metadata = person.serialize()
with open(file_path, 'w') as metadata_file:
metadata_file.write(json.dumps(serialized_person_metadata))
logg.debug(f'written person metadata for address: {blockchain_address}')
meta_filepath = os.path.join(
self.import_dir,
'meta',
'{}.json'.format(blockchain_address.upper()),
)
os.symlink(os.path.realpath(file_path), meta_filepath)
return blockchain_address
def resolve_phone(self, phone):
identifier = generate_metadata_pointer(phone.encode('utf-8'), ':cic.phone')
url = urllib.parse.urljoin(self.meta_url(), identifier)
logg.debug('attempt getting phone pointer at {} for phone {}'.format(url, phone))
r = urllib.request.urlopen(url)
address = json.load(r)
address = address.replace('"', '')
logg.debug('address {} for phone {}'.format(address, phone))
return address
@celery_app.task(bind=True, base=MetadataTask)
def generate_preferences_data(self, data: tuple):
blockchain_address: str = data[0]
preferences = data[1]
def generate_metadata(self, address, phone):
old_address = old_address_from_phone(self.import_dir, phone)
logg.debug('address {}'.format(address))
old_address_upper = strip_0x(old_address).upper()
metadata_path = '{}/old/{}/{}/{}.json'.format(
self.import_dir,
old_address_upper[:2],
old_address_upper[2:4],
old_address_upper,
)
f = open(metadata_path, 'r')
o = json.load(f)
f.close()
u = Person.deserialize(o)
if u.identities.get('evm') == None:
u.identities['evm'] = {}
sub_chain_str = '{}:{}'.format(self.chain_spec.common_name(), self.chain_spec.network_id())
u.identities['evm'][sub_chain_str] = [add_0x(address)]
new_address_clean = strip_0x(address)
filepath = os.path.join(
self.import_dir,
'new',
new_address_clean[:2].upper(),
new_address_clean[2:4].upper(),
new_address_clean.upper() + '.json',
)
os.makedirs(os.path.dirname(filepath), exist_ok=True)
o = u.serialize()
f = open(filepath, 'w')
f.write(json.dumps(o))
f.close()
meta_key = generate_metadata_pointer(bytes.fromhex(new_address_clean), ':cic.person')
meta_filepath = os.path.join(
self.import_dir,
'meta',
'{}.json'.format(new_address_clean.upper()),
)
os.symlink(os.path.realpath(filepath), meta_filepath)
# write ussd data
ussd_data = {
'phone': phone,
'is_activated': 1,
'preferred_language': random.sample(['en', 'sw'], 1)[0],
'is_disabled': False
}
ussd_data_dir = os.path.join(self.import_dir, 'ussd')
ussd_data_file_path = os.path.join(ussd_data_dir, f'{old_address}.json')
f = open(ussd_data_file_path, 'w')
f.write(json.dumps(ussd_data))
f.close()
# write preferences data
preferences_dir = os.path.join(self.import_dir, 'preferences')
preferences_key = generate_metadata_pointer(bytes.fromhex(strip_0x(blockchain_address)), ':cic.preferences')
preferences_data = {
'preferred_language': ussd_data['preferred_language']
}
preferences_key = generate_metadata_pointer(bytes.fromhex(new_address_clean[2:]), ':cic.preferences')
preferences_filepath = os.path.join(preferences_dir, 'meta', preferences_key)
filepath = os.path.join(
preferences_dir,
'new',
@@ -112,95 +164,95 @@ def generate_preferences_data(self, data: tuple):
preferences_key.upper() + '.json'
)
os.makedirs(os.path.dirname(filepath), exist_ok=True)
with open(filepath, 'w') as preferences_file:
preferences_file.write(json.dumps(preferences))
logg.debug(f'written preferences metadata: {preferences} for address: {blockchain_address}')
f = open(filepath, 'w')
f.write(json.dumps(preferences_data))
f.close()
os.symlink(os.path.realpath(filepath), preferences_filepath)
return blockchain_address
logg.debug('found metadata {} for phone {}'.format(o, phone))
@celery_app.task(bind=True, base=MetadataTask)
def generate_pins_data(self, blockchain_address: str, phone_number: str):
pins_file = f'{self.import_dir}/pins.csv'
file_op = 'a' if os.path.exists(pins_file) else 'w'
with open(pins_file, file_op) as pins_file:
password_hash = uuid.uuid4().hex
pins_file.write(f'{phone_number},{password_hash}\n')
logg.debug(f'written pin data for address: {blockchain_address}')
return blockchain_address
@celery_app.task(bind=True, base=MetadataTask)
def generate_ussd_data(self, blockchain_address: str, phone_number: str):
ussd_data_file = f'{self.import_dir}/ussd_data.csv'
file_op = 'a' if os.path.exists(ussd_data_file) else 'w'
preferred_language = random.sample(["en", "sw"], 1)[0]
preferences = {'preferred_language': preferred_language}
with open(ussd_data_file, file_op) as ussd_data_file:
ussd_data_file.write(f'{phone_number}, { 1}, {preferred_language}, {False}\n')
logg.debug(f'written ussd data for address: {blockchain_address}')
return blockchain_address, preferences
@celery_app.task(bind=True, base=MetadataTask)
def opening_balance_tx(self, blockchain_address: str, phone_number: str, serial: str):
old_blockchain_address = old_address_from_phone(self.import_dir, phone_number)
address = to_checksum_address(strip_0x(old_blockchain_address))
balance = self.balances[address]
logg.debug(f'found balance: {balance} for address: {address} phone: {phone_number}')
decimal_balance = self.balance_processor.get_decimal_amount(int(balance))
tx_hash_hex, o = self.balance_processor.get_rpc_tx(blockchain_address, decimal_balance, serial)
tx = unpack(bytes.fromhex(strip_0x(o)), self.chain_spec)
logg.debug(f'generated tx token value: {decimal_balance}: {blockchain_address} tx hash {tx_hash_hex}')
tx_path = os.path.join(self.import_dir, 'txs', strip_0x(tx_hash_hex))
with open(tx_path, 'w') as tx_file:
tx_file.write(strip_0x(o))
logg.debug(f'written tx with tx hash: {tx["hash"]} for address: {blockchain_address}')
tx_nonce_path = os.path.join(self.import_dir, 'txs', '.' + str(tx['nonce']))
os.symlink(os.path.realpath(tx_path), tx_nonce_path)
return tx['hash']
@celery_app.task(bind=True, base=MetadataTask)
def resolve_phone(self, phone_number: str):
identifier = generate_metadata_pointer(phone_number.encode('utf-8'), ':cic.phone')
url = parse.urljoin(self.meta_url(), identifier)
logg.debug(f'attempt getting phone pointer at: {url} for phone: {phone_number}')
r = request.urlopen(url)
address = json.load(r)
address = address.replace('"', '')
logg.debug(f'address: {address} for phone: {phone_number}')
return address
@celery_app.task(autoretry_for=(FileNotFoundError,),
bind=True,
base=ImportTask,
max_retries=None,
@celery_app.task(bind=True, base=MetadataTask)
def opening_balance_tx(self, address, phone, serial):
old_address = old_address_from_phone(self.import_dir, phone)
k = to_checksum_address(strip_0x(old_address))
balance = self.balances[k]
logg.debug('found balance {} for address {} phone {}'.format(balance, old_address, phone))
decimal_balance = self.balance_processor.get_decimal_amount(int(balance))
(tx_hash_hex, o) = self.balance_processor.get_rpc_tx(address, decimal_balance, serial)
tx = unpack(bytes.fromhex(strip_0x(o)), self.chain_spec)
logg.debug('generated tx token value {} to {} tx hash {}'.format(decimal_balance, address, tx_hash_hex))
tx_path = os.path.join(
self.import_dir,
'txs',
strip_0x(tx_hash_hex),
)
f = open(tx_path, 'w')
f.write(strip_0x(o))
f.close()
tx_nonce_path = os.path.join(
self.import_dir,
'txs',
'.' + str(tx['nonce']),
)
os.symlink(os.path.realpath(tx_path), tx_nonce_path)
return tx['hash']
@celery_app.task(bind=True, base=ImportTask, autoretry_for=(FileNotFoundError,), max_retries=None,
default_retry_delay=0.1)
def send_txs(self, nonce):
queue = self.request.delivery_info.get('routing_key')
if nonce == self.count + self.balance_processor.nonce_offset:
logg.info(f'reached nonce {nonce} (offset {self.balance_processor.nonce_offset} + count {self.count}).')
celery_app.control.broadcast('shutdown', destination=[f'celery@{queue}'])
logg.info('reached nonce {} (offset {} + count {}) exiting'.format(nonce, self.balance_processor.nonce_offset,
self.count))
return
logg.debug('attempt to open symlink for nonce {}'.format(nonce))
tx_nonce_path = os.path.join(
self.import_dir,
'txs',
'.' + str(nonce),
)
f = open(tx_nonce_path, 'r')
tx_signed_raw_hex = f.read()
f.close()
logg.debug(f'attempt to open symlink for nonce {nonce}')
tx_nonce_path = os.path.join(self.import_dir, 'txs', '.' + str(nonce))
with open(tx_nonce_path, 'r') as tx_nonce_file:
tx_signed_raw_hex = tx_nonce_file.read()
os.unlink(tx_nonce_path)
o = raw(add_0x(tx_signed_raw_hex))
if self.include_balances:
tx_hash_hex = self.balance_processor.conn.do(o)
logg.info(f'sent nonce {nonce} tx hash {tx_hash_hex}')
tx_hash_hex = self.balance_processor.conn.do(o)
logg.info('sent nonce {} tx hash {}'.format(nonce, tx_hash_hex)) # tx_signed_raw_hex))
nonce += 1
s = celery.signature('import_task.send_txs', [nonce], queue=queue)
queue = self.request.delivery_info.get('routing_key')
s = celery.signature(
'import_task.send_txs',
[
nonce,
],
queue=queue,
)
s.apply_async()
return nonce
@celery_app.task()
def set_pin_data(config: dict, phone_to_pins: list):
@celery_app.task
def set_pins(config: dict, phone_to_pins: list):
# define db connection
db_conn = psycopg2.connect(
database=config.get('database'),
host=config.get('host'),
@@ -209,17 +261,24 @@ def set_pin_data(config: dict, phone_to_pins: list):
password=config.get('password')
)
db_cursor = db_conn.cursor()
sql = 'UPDATE account SET password_hash = %s WHERE phone_number = %s'
# update db
for element in phone_to_pins:
sql = 'UPDATE account SET password_hash = %s WHERE phone_number = %s'
db_cursor.execute(sql, (element[1], element[0]))
logg.debug(f'Updating: {element[0]} with: {element[1]}')
# commit changes
db_conn.commit()
# close connections
db_cursor.close()
db_conn.close()
@celery_app.task
def set_ussd_data(config: dict, ussd_data: list):
def set_ussd_data(config: dict, ussd_data: dict):
# define db connection
db_conn = psycopg2.connect(
database=config.get('database'),
host=config.get('host'),
@@ -228,12 +287,20 @@ def set_ussd_data(config: dict, ussd_data: list):
password=config.get('password')
)
db_cursor = db_conn.cursor()
# process ussd_data
account_status = 1
if ussd_data['is_activated'] == 1:
account_status = 2
preferred_language = ussd_data['preferred_language']
phone_number = ussd_data['phone']
sql = 'UPDATE account SET status = %s, preferred_language = %s WHERE phone_number = %s'
for element in ussd_data:
status = 2 if int(element[1]) == 1 else 1
preferred_language = element[2]
phone_number = element[0]
db_cursor.execute(sql, (status, preferred_language, phone_number))
db_cursor.execute(sql, (account_status, preferred_language, phone_number))
# commit changes
db_conn.commit()
# close connections
db_cursor.close()
db_conn.close()

250
apps/data-seeding/cic_ussd/import_users.py
View File

@@ -3,61 +3,56 @@ import argparse
import json
import logging
import os
import redis
import sys
import time
import urllib.request
import uuid
from urllib import request
from urllib.parse import urlencode
# external imports
import celery
import confini
import phonenumbers
import redis
from chainlib.chain import ChainSpec
from cic_types.models.person import Person
from confini import Config
# local imports
from import_util import get_celery_worker_status
default_config_dir = './config'
logging.basicConfig(level=logging.WARNING)
logg = logging.getLogger()
arg_parser = argparse.ArgumentParser(description='Daemon worker that handles data seeding tasks.')
# batch size should be slightly below cumulative gas limit worth, eg 80000 gas txs with 8000000 limit is a bit less than 100 batch size
arg_parser.add_argument('--batch-size',
dest='batch_size',
default=100,
type=int,
help='burst size of sending transactions to node')
arg_parser.add_argument('--batch-delay', dest='batch_delay', default=3, type=int, help='seconds delay between batches')
arg_parser.add_argument('-c', type=str, default=default_config_dir, help='config root to use.')
arg_parser.add_argument('--env-prefix',
default=os.environ.get('CONFINI_ENV_PREFIX'),
dest='env_prefix',
type=str,
help='environment prefix for variables to overwrite configuration.')
arg_parser.add_argument('-i', '--chain-spec', type=str, dest='i', help='chain spec')
arg_parser.add_argument('-q', type=str, default='cic-import-ussd', help='celery queue to submit data seeding tasks to.')
arg_parser.add_argument('--redis-db', dest='redis_db', type=int, help='redis db to use for task submission and callback')
arg_parser.add_argument('--redis-host', dest='redis_host', type=str, help='redis host to use for task submission')
arg_parser.add_argument('--redis-port', dest='redis_port', type=int, help='redis host to use for task submission')
arg_parser.add_argument('--ussd-host', dest='ussd_host', type=str,
help="host to ussd app responsible for processing ussd requests.")
arg_parser.add_argument('--ussd-no-ssl', dest='ussd_no_ssl', help='do not use ssl (careful)', action='store_true')
arg_parser.add_argument('--ussd-port', dest='ussd_port', type=str,
help="port to ussd app responsible for processing ussd requests.")
arg_parser.add_argument('-v', help='be verbose', action='store_true')
arg_parser.add_argument('-vv', help='be more verbose', action='store_true')
arg_parser.add_argument('import_dir', default='out', type=str, help='user export directory')
args = arg_parser.parse_args()
default_config_dir = '/usr/local/etc/cic'
if args.vv:
logging.getLogger().setLevel(logging.DEBUG)
elif args.v:
logging.getLogger().setLevel(logging.INFO)
argparser = argparse.ArgumentParser()
argparser.add_argument('-c', type=str, default=default_config_dir, help='config file')
argparser.add_argument('-i', '--chain-spec', dest='i', type=str, help='Chain specification string')
argparser.add_argument('--redis-host', dest='redis_host', type=str, help='redis host to use for task submission')
argparser.add_argument('--redis-port', dest='redis_port', type=int, help='redis host to use for task submission')
argparser.add_argument('--redis-db', dest='redis_db', type=int, help='redis db to use for task submission and callback')
argparser.add_argument('--batch-size', dest='batch_size', default=100, type=int,
help='burst size of sending transactions to node') # batch size should be slightly below cumulative gas limit worth, eg 80000 gas txs with 8000000 limit is a bit less than 100 batch size
argparser.add_argument('--batch-delay', dest='batch_delay', default=3, type=int, help='seconds delay between batches')
argparser.add_argument('--timeout', default=60.0, type=float, help='Callback timeout')
argparser.add_argument('--ussd-host', dest='ussd_host', type=str,
help="host to ussd app responsible for processing ussd requests.")
argparser.add_argument('--ussd-port', dest='ussd_port', type=str,
help="port to ussd app responsible for processing ussd requests.")
argparser.add_argument('--ussd-no-ssl', dest='ussd_no_ssl', help='do not use ssl (careful)', action='store_true')
argparser.add_argument('-q', type=str, default='cic-eth', help='Task queue')
argparser.add_argument('-v', action='store_true', help='Be verbose')
argparser.add_argument('-vv', action='store_true', help='Be more verbose')
argparser.add_argument('user_dir', type=str, help='path to users export dir tree')
args = argparser.parse_args()
config = Config(args.c, args.env_prefix)
if args.v:
logg.setLevel(logging.INFO)
elif args.vv:
logg.setLevel(logging.DEBUG)
config_dir = args.c
config = confini.Config(config_dir, os.environ.get('CONFINI_ENV_PREFIX'))
config.process()
args_override = {
'CIC_CHAIN_SPEC': getattr(args, 'i'),
@@ -65,29 +60,44 @@ args_override = {
'REDIS_PORT': getattr(args, 'redis_port'),
'REDIS_DB': getattr(args, 'redis_db'),
}
config.dict_override(args_override, 'cli flag')
config.censor('PASSWORD', 'DATABASE')
config.censor('PASSWORD', 'SSL')
logg.debug(f'config loaded from {args.c}:\n{config}')
config.dict_override(args_override, 'cli')
logg.debug('config loaded from {}:\n{}'.format(args.c, config))
old_account_dir = os.path.join(args.import_dir, 'old')
os.stat(old_account_dir)
logg.debug(f'created old system data dir: {old_account_dir}')
celery_app = celery.Celery(broker=config.get('CELERY_BROKER_URL'), backend=config.get('CELERY_RESULT_URL'))
get_celery_worker_status(celery_app=celery_app)
new_account_dir = os.path.join(args.import_dir, 'new')
os.makedirs(new_account_dir, exist_ok=True)
logg.debug(f'created new system data dir: {new_account_dir}')
redis_host = config.get('REDIS_HOST')
redis_port = config.get('REDIS_PORT')
redis_db = config.get('REDIS_DB')
r = redis.Redis(redis_host, redis_port, redis_db)
person_metadata_dir = os.path.join(args.import_dir, 'meta')
os.makedirs(person_metadata_dir, exist_ok=True)
logg.debug(f'created person metadata dir: {person_metadata_dir}')
ps = r.pubsub()
preferences_dir = os.path.join(args.import_dir, 'preferences')
user_new_dir = os.path.join(args.user_dir, 'new')
os.makedirs(user_new_dir, exist_ok=True)
ussd_data_dir = os.path.join(args.user_dir, 'ussd')
os.makedirs(ussd_data_dir, exist_ok=True)
preferences_dir = os.path.join(args.user_dir, 'preferences')
os.makedirs(os.path.join(preferences_dir, 'meta'), exist_ok=True)
logg.debug(f'created preferences metadata dir: {preferences_dir}')
valid_service_codes = config.get('USSD_SERVICE_CODE').split(",")
meta_dir = os.path.join(args.user_dir, 'meta')
os.makedirs(meta_dir, exist_ok=True)
user_old_dir = os.path.join(args.user_dir, 'old')
os.stat(user_old_dir)
txs_dir = os.path.join(args.user_dir, 'txs')
os.makedirs(txs_dir, exist_ok=True)
chain_spec = ChainSpec.from_chain_str(config.get('CIC_CHAIN_SPEC'))
chain_str = str(chain_spec)
batch_size = args.batch_size
batch_delay = args.batch_delay
ussd_port = args.ussd_port
ussd_host = args.ussd_host
ussd_no_ssl = args.ussd_no_ssl
if ussd_no_ssl is True:
ussd_ssl = False
@@ -95,17 +105,7 @@ else:
ussd_ssl = True
celery_app = celery.Celery(broker=config.get('CELERY_BROKER_URL'), backend=config.get('CELERY_RESULT_URL'))
get_celery_worker_status(celery_app)
def build_ussd_request(host: str,
password: str,
phone_number: str,
port: str,
service_code: str,
username: str,
ssl: bool = False):
def build_ussd_request(phone, host, port, service_code, username, password, ssl=False):
url = 'http'
if ssl:
url += 's'
@@ -115,16 +115,16 @@ def build_ussd_request(host: str,
url += '/?username={}&password={}'.format(username, password)
logg.info('ussd service url {}'.format(url))
logg.info('ussd phone {}'.format(phone_number))
logg.info('ussd phone {}'.format(phone))
session = uuid.uuid4().hex
data = {
'sessionId': session,
'serviceCode': service_code,
'phoneNumber': phone_number,
'phoneNumber': phone,
'text': service_code,
}
req = request.Request(url)
req = urllib.request.Request(url)
req.method = 'POST'
data_str = urlencode(data)
data_bytes = data_str.encode('utf-8')
@@ -134,77 +134,85 @@ def build_ussd_request(host: str,
return req
def e164_phone_number(phone_number: str):
phone_object = phonenumbers.parse(phone_number)
return phonenumbers.format_number(phone_object, phonenumbers.PhoneNumberFormat.E164)
def register_account(person: Person):
phone_number = e164_phone_number(person.tel)
logg.debug(f'tel: {phone_number}')
req = build_ussd_request(args.ussd_host,
'',
phone_number,
args.ussd_port,
valid_service_codes[0],
'',
ussd_ssl)
response = request.urlopen(req)
def register_ussd(i, u):
phone_object = phonenumbers.parse(u.tel)
phone = phonenumbers.format_number(phone_object, phonenumbers.PhoneNumberFormat.E164)
logg.debug('tel {} {}'.format(u.tel, phone))
req = build_ussd_request(
phone,
ussd_host,
ussd_port,
config.get('APP_SERVICE_CODE'),
'',
'',
ussd_ssl
)
response = urllib.request.urlopen(req)
response_data = response.read().decode('utf-8')
logg.debug(f'ussd response: {response_data[4:]}')
state = response_data[:3]
out = response_data[4:]
logg.debug('ussd reponse: {}'.format(out))
if __name__ == '__main__':
i = 0
j = 0
for x in os.walk(old_account_dir):
for x in os.walk(user_old_dir):
for y in x[2]:
if y[len(y) - 5:] != '.json':
continue
# handle json containing person object
filepath = os.path.join(x[0], y)
f = open(filepath, 'r')
try:
o = json.load(f)
except json.decoder.JSONDecodeError as e:
f.close()
logg.error('load error for {}: {}'.format(y, e))
continue
f.close()
u = Person.deserialize(o)
file_path = os.path.join(x[0], y)
with open(file_path, 'r') as account_file:
try:
account_data = json.load(account_file)
except json.decoder.JSONDecodeError as e:
logg.error('load error for {}: {}'.format(y, e))
continue
person = Person.deserialize(account_data)
register_account(person)
phone_number = e164_phone_number(person.tel)
s_resolve_phone = celery.signature(
'import_task.resolve_phone', [phone_number], queue=args.q
register_ussd(i, u)
phone_object = phonenumbers.parse(u.tel)
phone = phonenumbers.format_number(phone_object, phonenumbers.PhoneNumberFormat.E164)
s_phone = celery.signature(
'import_task.resolve_phone',
[
phone,
],
queue='cic-import-ussd',
)
s_person_metadata = celery.signature(
'import_task.generate_person_metadata', [phone_number], queue=args.q
s_meta = celery.signature(
'import_task.generate_metadata',
[
phone,
],
queue='cic-import-ussd',
)
s_ussd_data = celery.signature(
'import_task.generate_ussd_data', [phone_number], queue=args.q
s_balance = celery.signature(
'import_task.opening_balance_tx',
[
phone,
i,
],
queue='cic-import-ussd',
)
s_preferences_metadata = celery.signature(
'import_task.generate_preferences_data', [], queue=args.q
)
s_pins_data = celery.signature(
'import_task.generate_pins_data', [phone_number], queue=args.q
)
s_opening_balance = celery.signature(
'import_task.opening_balance_tx', [phone_number, i], queue=args.q
)
celery.chain(s_resolve_phone,
s_person_metadata,
s_ussd_data,
s_preferences_metadata,
s_pins_data,
s_opening_balance).apply_async(countdown=7)
s_meta.link(s_balance)
s_phone.link(s_meta)
# block time plus a bit of time for ussd processing
s_phone.apply_async(countdown=7)
i += 1
sys.stdout.write('imported: {} {}'.format(i, person).ljust(200) + "\r\n")
sys.stdout.write('imported {} {}'.format(i, u).ljust(200) + "\r")
j += 1
if j == args.batch_size:
time.sleep(args.batch_delay)
if j == batch_size:
time.sleep(batch_delay)
j = 0

90
apps/data-seeding/cic_ussd/import_ussd_data.py
View File

@@ -1,67 +1,67 @@
# standard imports
import argparse
import csv
import json
import logging
import os
import psycopg2
# external imports
import celery
from confini import Config
# local imports
default_config_dir = './config'
logging.basicConfig(level=logging.WARNING)
logg = logging.getLogger()
arg_parser = argparse.ArgumentParser(description='Pins import script.')
arg_parser.add_argument('-c', type=str, default=default_config_dir, help='config root to use.')
arg_parser.add_argument('--env-prefix',
default=os.environ.get('CONFINI_ENV_PREFIX'),
dest='env_prefix',
type=str,
help='environment prefix for variables to overwrite configuration.')
arg_parser.add_argument('import_dir', default='out', type=str, help='user export directory')
arg_parser.add_argument('-v', help='be verbose', action='store_true')
arg_parser.add_argument('-vv', help='be more verbose', action='store_true')
default_config_dir = '/usr/local/etc/cic'
arg_parser = argparse.ArgumentParser()
arg_parser.add_argument('-c', type=str, default=default_config_dir, help='config file')
arg_parser.add_argument('-q', type=str, default='cic-import-ussd', help='Task queue')
arg_parser.add_argument('-v', action='store_true', help='Be verbose')
arg_parser.add_argument('-vv', action='store_true', help='Be more verbose')
arg_parser.add_argument('user_dir', type=str, help='path to users export dir tree')
args = arg_parser.parse_args()
if args.vv:
logging.getLogger().setLevel(logging.DEBUG)
elif args.v:
logging.getLogger().setLevel(logging.INFO)
if args.v:
logg.setLevel(logging.INFO)
elif args.vv:
logg.setLevel(logging.DEBUG)
config = Config(args.c, args.env_prefix)
config_dir = args.c
config = Config(config_dir, os.environ.get('CONFINI_ENV_PREFIX'))
config.process()
config.censor('PASSWORD', 'DATABASE')
logg.debug(f'config loaded from {args.c}:\n{config}')
logg.debug('config loaded from {}:\n{}'.format(args.c, config))
ussd_data_dir = os.path.join(args.user_dir, 'ussd')
def main():
with open(f'{args.import_dir}/ussd_data.csv') as ussd_data_file:
ussd_data = [tuple(row) for row in csv.reader(ussd_data_file)]
db_conn = psycopg2.connect(
database=config.get('DATABASE_NAME'),
host=config.get('DATABASE_HOST'),
port=config.get('DATABASE_PORT'),
user=config.get('DATABASE_USER'),
password=config.get('DATABASE_PASSWORD')
)
db_cursor = db_conn.cursor()
sql = 'UPDATE account SET status = %s, preferred_language = %s WHERE phone_number = %s'
for element in ussd_data:
status = 2 if int(element[1]) == 1 else 1
preferred_language = element[2]
phone_number = element[0]
db_cursor.execute(sql, (status, preferred_language, phone_number))
logg.debug(f'Updating account:{phone_number} with: preferred language: {preferred_language} status: {status}.')
db_conn.commit()
db_cursor.close()
db_conn.close()
db_configs = {
'database': config.get('DATABASE_NAME'),
'host': config.get('DATABASE_HOST'),
'port': config.get('DATABASE_PORT'),
'user': config.get('DATABASE_USER'),
'password': config.get('DATABASE_PASSWORD')
}
celery_app = celery.Celery(broker=config.get('CELERY_BROKER_URL'), backend=config.get('CELERY_RESULT_URL'))
if __name__ == '__main__':
main()
for x in os.walk(ussd_data_dir):
for y in x[2]:
if y[len(y) - 5:] == '.json':
filepath = os.path.join(x[0], y)
f = open(filepath, 'r')
try:
ussd_data = json.load(f)
logg.debug(f'LOADING USSD DATA: {ussd_data}')
except json.decoder.JSONDecodeError as e:
f.close()
logg.error('load error for {}: {}'.format(y, e))
continue
f.close()
s_set_ussd_data = celery.signature(
'import_task.set_ussd_data',
[db_configs, ussd_data]
)
s_set_ussd_data.apply_async(queue='cic-import-ussd')

29
apps/data-seeding/config/app.ini
View File

@@ -1,4 +1,27 @@
[app]
allowed_ip=0.0.0.0/0
max_body_length=1024
password_pepper=
ALLOWED_IP=0.0.0.0/0
LOCALE_FALLBACK=en
LOCALE_PATH=/usr/src/cic-ussd/var/lib/locale/
MAX_BODY_LENGTH=1024
PASSWORD_PEPPER=QYbzKff6NhiQzY3ygl2BkiKOpER8RE/Upqs/5aZWW+I=
SERVICE_CODE=*483*46#
[phone_number]
REGION=KE
[ussd]
MENU_FILE=/usr/src/data/ussd_menu.json
user =
pass =
[statemachine]
STATES=/usr/src/cic-ussd/states/
TRANSITIONS=/usr/src/cic-ussd/transitions/
[client]
host =
port =
ssl =
[keystore]
file_path = keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c

18
apps/data-seeding/config/database.ini
View File

@@ -1,10 +1,10 @@
[database]
name=cic_ussd
user=postgres
password=
host=localhost
port=5432
engine=postgresql
driver=psycopg2
debug=0
pool_size=1
NAME=sempo
USER=postgres
PASSWORD=
HOST=localhost
PORT=5432
ENGINE=postgresql
DRIVER=psycopg2
DEBUG=0
POOL_SIZE=1

5
apps/data-seeding/config/ussd.ini
View File

@@ -1,5 +0,0 @@
[ussd]
menu_file=data/ussd_menu.json
service_code=*483*46#,*483*061#,*384*96#
user =
pass =

91
apps/data-seeding/create_import_pins.py Normal file
View File

@@ -0,0 +1,91 @@
# standard imports
import argparse
import json
import logging
import os
import uuid
# third-party imports
import bcrypt
import celery
import confini
import phonenumbers
import random
from cic_types.models.person import Person
from cryptography.fernet import Fernet
# local imports
logging.basicConfig(level=logging.WARNING)
logg = logging.getLogger()
script_dir = os.path.realpath(os.path.dirname(__file__))
default_config_dir = os.environ.get('CONFINI_DIR', os.path.join(script_dir, 'config'))
arg_parser = argparse.ArgumentParser()
arg_parser.add_argument('-c', type=str, default=default_config_dir, help='Config dir')
arg_parser.add_argument('-v', action='store_true', help='Be verbose')
arg_parser.add_argument('-vv', action='store_true', help='Be more verbose')
arg_parser.add_argument('--userdir', type=str, help='path to users export dir tree')
arg_parser.add_argument('pins_dir', type=str, help='path to pin export dir tree')
args = arg_parser.parse_args()
if args.v:
logg.setLevel(logging.INFO)
elif args.vv:
logg.setLevel(logging.DEBUG)
config = confini.Config(args.c, os.environ.get('CONFINI_ENV_PREFIX'))
config.process()
logg.info('loaded config\n{}'.format(config))
celery_app = celery.Celery(broker=config.get('CELERY_BROKER_URL'), backend=config.get('CELERY_RESULT_URL'))
user_dir = args.userdir
pins_dir = args.pins_dir
def generate_password_hash():
key = Fernet.generate_key()
fnt = Fernet(key)
pin = str(random.randint(1000, 9999))
return fnt.encrypt(bcrypt.hashpw(pin.encode('utf-8'), bcrypt.gensalt())).decode()
user_old_dir = os.path.join(user_dir, 'old')
logg.debug(f'reading user data from: {user_old_dir}')
pins_file = open(f'{pins_dir}/pins.csv', 'w')
if __name__ == '__main__':
for x in os.walk(user_old_dir):
for y in x[2]:
# skip non-json files
if y[len(y) - 5:] != '.json':
continue
# define file path for
filepath = None
if y[:15] != '_ussd_data.json':
filepath = os.path.join(x[0], y)
f = open(filepath, 'r')
try:
o = json.load(f)
except json.decoder.JSONDecodeError as e:
f.close()
logg.error('load error for {}: {}'.format(y, e))
continue
f.close()
u = Person.deserialize(o)
phone_object = phonenumbers.parse(u.tel)
phone = phonenumbers.format_number(phone_object, phonenumbers.PhoneNumberFormat.E164)
password_hash = uuid.uuid4().hex
pins_file.write(f'{phone},{password_hash}\n')
logg.info(f'Writing phone: {phone}, password_hash: {password_hash}')
pins_file.close()

4
apps/data-seeding/docker/Dockerfile
View File

@@ -9,9 +9,7 @@ COPY package.json \
package-lock.json \
.
RUN npm ci --production
#RUN --mount=type=cache,mode=0755,target=/root/node_modules npm install
RUN --mount=type=cache,mode=0755,target=/root/node_modules npm install
COPY requirements.txt .

60
apps/data-seeding/import_ussd.sh
View File

@@ -1,60 +0,0 @@
#!/usr/bin/env bash
set -e
echo "Creating seed data..."
python create_import_users.py -vv --dir "$IMPORT_DIR" "$ACCOUNT_COUNT"
wait $!
echo "Purge tasks from celery worker"
celery -A cic_ussd.import_task purge -Q "$CELERY_QUEUE" --broker redis://"$REDIS_HOST":"$REDIS_PORT" -f
echo "Start celery work and import balance job"
if [ "$INCLUDE_BALANCES" != "y" ]
then
echo "Running worker without opening balance transactions"
TARGET_TX_COUNT=$ACCOUNT_COUNT
python cic_ussd/import_balance.py -vv -c "$CONFIG" -p "$ETH_PROVIDER" -r "$CIC_REGISTRY_ADDRESS" --token-symbol "$TOKEN_SYMBOL" -y "$KEYSTORE_PATH" "$IMPORT_DIR" &
else
echo "Running worker with opening balance transactions"
TARGET_TX_COUNT=$((ACCOUNT_COUNT*2))
python cic_ussd/import_balance.py -vv -c "$CONFIG" -p "$ETH_PROVIDER" -r "$CIC_REGISTRY_ADDRESS" --include-balances --token-symbol "$TOKEN_SYMBOL" -y "$KEYSTORE_PATH" "$IMPORT_DIR" &
fi
until [ -f ./cic-import-ussd.pid ]
do
echo "Polling for celery worker pid file..."
sleep 1
done
IMPORT_BALANCE_JOB=$(<cic-import-ussd.pid)
echo "Start import users job"
if [ "$USSD_SSL" == "y" ]
then
echo "Targeting secure ussd-user server"
python cic_ussd/import_users.py -vv -c "$CONFIG" --ussd-host "$USSD_HOST" --ussd-port "$USSD_PORT" "$IMPORT_DIR"
else
python cic_ussd/import_users.py -vv -c "$CONFIG" --ussd-host "$USSD_HOST" --ussd-port "$USSD_PORT" --ussd-no-ssl "$IMPORT_DIR"
fi
echo "Waiting for import balance job to complete ..."
tail --pid="$IMPORT_BALANCE_JOB" -f /dev/null
set -e
echo "Importing pins"
python cic_ussd/import_pins.py -c "$CONFIG" -vv "$IMPORT_DIR"
set +e
wait $!
set -e
echo "Importing ussd data"
python cic_ussd/import_ussd_data.py -c "$CONFIG" -vv "$IMPORT_DIR"
set +e
wait $!
echo "Importing person metadata"
node cic_meta/import_meta.js "$IMPORT_DIR" "$ACCOUNT_COUNT"
echo "Import preferences metadata"
node cic_meta/import_meta_preferences.js "$IMPORT_DIR" "$ACCOUNT_COUNT"
CIC_NOTIFY_DATABASE=postgres://$DATABASE_USER:$DATABASE_PASSWORD@$DATABASE_HOST:$DATABASE_PORT/$NOTIFY_DATABASE_NAME
NOTIFICATION_COUNT=$(psql -qtA "$CIC_NOTIFY_DATABASE" -c 'SELECT COUNT(message) FROM notification WHERE message IS NOT NULL')
while [[ "$NOTIFICATION_COUNT" < "$TARGET_TX_COUNT" ]]
do
NOTIFICATION_COUNT=$(psql -qtA "$CIC_NOTIFY_DATABASE" -c 'SELECT COUNT(message) FROM notification WHERE message IS NOT NULL')
sleep 5
echo "Notification count is: ${NOTIFICATION_COUNT}. Checking after 5 ..."
done
python verify.py -c "$CONFIG" -v -p "$ETH_PROVIDER" -r "$CIC_REGISTRY_ADDRESS" --exclude "$EXCLUSIONS" --token-symbol "$TOKEN_SYMBOL" "$IMPORT_DIR"

2216
apps/data-seeding/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

2
apps/data-seeding/requirements.txt
View File

@@ -1,5 +1,5 @@
sarafu-faucet~=0.0.7a1
cic-eth[tools]~=0.12.4a8
cic-eth[tools]~=0.12.4a7
cic-types~=0.1.0a14
crypto-dev-signer>=0.4.15a1,<=0.4.15
faker==4.17.1

13
apps/data-seeding/verify.py
View File

@@ -64,10 +64,6 @@ phone_tests = [
'ussd_pins'
]
admin_tests = [
'local_key',
]
all_tests = eth_tests + custodial_tests + metadata_tests + phone_tests
argparser = argparse.ArgumentParser(description='daemon that monitors transactions in new blocks')
@@ -78,7 +74,6 @@ argparser.add_argument('-i', '--chain-spec', type=str, dest='i', help='chain spe
argparser.add_argument('--meta-provider', type=str, dest='meta_provider', default='http://localhost:63380', help='cic-meta url')
argparser.add_argument('--ussd-provider', type=str, dest='ussd_provider', default='http://localhost:63315', help='cic-ussd url')
argparser.add_argument('--skip-custodial', dest='skip_custodial', action='store_true', help='skip all custodial verifications')
argparser.add_argument('--skip-ussd', dest='skip_ussd', action='store_true', help='skip all ussd verifications')
argparser.add_argument('--skip-metadata', dest='skip_metadata', action='store_true', help='skip all metadata verifications')
argparser.add_argument('--exclude', action='append', type=str, default=[], help='skip specified verification')
argparser.add_argument('--include', action='append', type=str, help='include specified verification')
@@ -139,11 +134,6 @@ if args.skip_custodial:
for t in custodial_tests:
if t not in exclude:
exclude.append(t)
if args.skip_ussd:
logg.info('will skip all ussd verifications ({})'.format(','.join(phone_tests)))
for t in phone_tests:
if t not in exclude:
exclude.append(t)
if args.skip_metadata:
logg.info('will skip all metadata verifications ({})'.format(','.join(metadata_tests)))
for t in metadata_tests:
@@ -197,10 +187,9 @@ def send_ussd_request(address, data_dir):
phone = p.tel
session = uuid.uuid4().hex
valid_service_codes = config.get('USSD_SERVICE_CODE').split(",")
data = {
'sessionId': session,
'serviceCode': valid_service_codes[0],
'serviceCode': config.get('APP_SERVICE_CODE'),
'phoneNumber': phone,
'text': '',
}

12
ci_templates/.cic-template.yml
View File

@@ -1,12 +1,12 @@
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
variables:
KANIKO_CACHE_ARGS: "--cache=true --cache-copy-layers=true --cache-ttl=24h"
MR_IMAGE_TAG: $CI_REGISTRY_IMAGE/mergerequest/$APP_NAME:$CI_COMMIT_SHORT_SHA
.py_build_merge_request:
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
stage: build
script:
- mkdir -p /kaniko/.docker
@@ -16,6 +16,9 @@ variables:
--cache-repo $CI_REGISTRY_IMAGE --destination $MR_IMAGE_TAG
.py_build_target_dev:
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
stage: build
variables:
IMAGE_TAG_BASE: $CI_REGISTRY_IMAGE/$APP_NAME:mr-unittest-$CI_COMMIT_SHORT_SHA
@@ -28,6 +31,9 @@ variables:
--destination $MR_IMAGE_TAG
.py_build_push:
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
stage: build
variables:
IMAGE_TAG_BASE: $CI_REGISTRY_IMAGE/$APP_NAME:$CI_COMMIT_BRANCH-$CI_COMMIT_SHORT_SHA

103
docker-compose.yml
View File

@@ -72,13 +72,16 @@ services:
EXTRA_PIP_ARGS: $EXTRA_PIP_ARGS
# image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:latest
environment:
RPC_PROVIDER: ${RPC_PROVIDER:-http://eth:8545}
RPC_HTTP_PROVIDER: ${RPC_PROVIDER:-http://eth:8545}
CIC_REGISTRY_ADDRESS: $CIC_REGISTRY_ADDRESS
ETH_PROVIDER: ${CIC_HTTP_PROVIDER:-http://eth:8545}
RPC_HTTP_PROVIDER: ${CIC_HTTP_PROVIDER:-http://eth:8545}
# And these two are for wait-for-it (could parse this)
DEV_USE_DOCKER_WAIT_SCRIPT: 1
ETH_PROVIDER_HOST: eth
ETH_PROVIDER_PORT: 8545
CHAIN_SPEC: ${CHAIN_SPEC:-evm:bloxberg:8996}
CIC_CHAIN_SPEC: ${CHAIN_SPEC:-evm:bloxberg:8996}
DEV_DATA_DIR: ${DEV_DATA_DIR:-/tmp/cic/config}
DEV_CONFIG_RESET: $DEV_CONFIG_RESET
CIC_DATA_DIR: ${CIC_DATA_DIR:-/tmp/cic/config}
DATABASE_HOST: ${DATABASE_HOST:-postgres}
DATABASE_PORT: ${DATABASE_PORT:-5432}
DATABASE_NAME: ${DEV_DATABASE_NAME_CIC_ETH:-cic_eth}
@@ -93,16 +96,17 @@ services:
DEV_PIP_EXTRA_INDEX_URL: ${DEV_PIP_EXTRA_INDEX_URL:-https://pip.grassrootseconomics.net:8433}
RUN_MASK: ${RUN_MASK:-0} # bit flags; 1: contract migrations 2: seed data
DEV_FAUCET_AMOUNT: ${DEV_FAUCET_AMOUNT:-0}
DEV_ETH_GAS_PRICE: $DEV_ETH_GAS_PRICE
CIC_DEFAULT_TOKEN_SYMBOL: ${CIC_DEFAULT_TOKEN_SYMBOL:-SARAFU}
TOKEN_NAME: ${TOKEN_NAME:-Sarafu Token}
#DEV_SARAFU_DEMURRAGE_LEVEL: ${DEV_SARAFU_DEMURRAGE_LEVEL:-196454828847045000000000000000000}
DEV_ETH_GAS_PRICE: ${DEV_ETH_GAS_PRICE:-1}
CIC_DEFAULT_TOKEN_SYMBOL: $CIC_DEFAULT_TOKEN_SYMBOL
TOKEN_NAME: $TOKEN_NAME
TOKEN_DECIMALS: $TOKEN_DECIMALS
TOKEN_REDISTRIBUTION_PERIOD: $TOKEN_DEMURRAGE_REDISTRIBUTION_PERIOD
TOKEN_REDISTRIBUTION_PERIOD: $TOKEN_REDISTRIBUTION_PERIOD
TOKEN_SUPPLY_LIMIT: $TOKEN_SUPPLY_LIMIT
TOKEN_DEMURRAGE_LEVEL: $TOKEN_DEMURRAGE_LEVEL
TOKEN_DEMURRAGE_LEVEL: ${TOKEN_DEMURRAGE_LEVEL:-196454828847045000000000000000000}
TOKEN_SINK_ADDRESS: $TOKEN_SINK_ADDRESS
TOKEN_TYPE: $TOKEN_TYPE
SIGNER_PROVIDER: ${SIGNER_SOCKET_PATH:-http://cic-eth-signer:8000}
#CONFINI_DIR: ${CONFINI_DIR:-/tmp/cic/config}
command: ["./run_job.sh"]
#command: ["./reset.sh"]
depends_on:
@@ -113,6 +117,7 @@ services:
volumes:
- contract-config:/tmp/cic/config
cic-cache-tracker:
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:${TAG:-latest}
profiles:
@@ -150,7 +155,7 @@ services:
- /bin/bash
- -c
- |
if [[ -f /tmp/cic/config/env_reset ]]; then source /tmp/cic/config/env_reset; fi
if [[ -f /tmp/cic/config/.env ]]; then source /tmp/cic/config/.env; fi
./start_tracker.sh -c /usr/local/etc/cic-cache -vv
volumes:
- contract-config:/tmp/cic/config/:ro
@@ -191,7 +196,7 @@ services:
- /bin/bash
- -c
- |
if [[ -f /tmp/cic/config/env_reset ]]; then source /tmp/cic/config/env_reset; fi
if [[ -f /tmp/cic/config/.env ]]; then source /tmp/cic/config/.env; fi
/usr/local/bin/cic-cache-taskerd -vv
volumes:
- contract-config:/tmp/cic/config/:ro
@@ -225,7 +230,7 @@ services:
- /bin/bash
- -c
- |
if [[ -f /tmp/cic/config/env_reset ]]; then source /tmp/cic/config/env_reset; fi
if [[ -f /tmp/cic/config/.env ]]; then source /tmp/cic/config/.env; fi
"/usr/local/bin/uwsgi" \
--wsgi-file /root/cic_cache/runnable/daemons/server.py \
--http :8000 \
@@ -262,8 +267,8 @@ services:
CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://redis}
CELERY_RESULT_URL: ${CELERY_RESULT_URL:-redis://redis}
CELERY_DEBUG: ${CELERY_DEBUG:-1}
SIGNER_SOCKET_PATH: ${SIGNER_SOCKET_PATH:-http://cic-eth-signer:8000}
SIGNER_PROVIDER: ${SIGNER_SOCKET_PATH:-http://cic-eth-signer:8000}
SIGNER_SOCKET_PATH: ${SIGNER_SOCKET_PATH:-ipc:///run/crypto-dev-signer/jsonrpc.ipc}
SIGNER_PROVIDER: ${SIGNER_SOCKET_PATH:-ipc:///run/crypto-dev-signer/jsonrpc.ipc}
SIGNER_SECRET: ${SIGNER_SECRET:-deadbeef}
ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER: ${DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER:-0xACB0BC74E1686D62dE7DC6414C999EA60C09F0eA}
TASKS_TRACE_QUEUE_STATUS: ${TASKS_TRACE_QUEUE_STATUS:-1}
@@ -272,75 +277,18 @@ services:
- eth
- postgres
- redis
- cic-eth-signer
deploy:
restart_policy:
condition: on-failure
volumes:
- signer-data:/run/crypto-dev-signer
- signer-data:/tmp/cic/signer
- contract-config:/tmp/cic/config/:ro
#command: ["/usr/local/bin/cic-eth-taskerd"]
#command: ["sleep", "3600"]
command:
- /bin/bash
- -c
- |
if [[ -f /tmp/cic/config/env_reset ]]; then source /tmp/cic/config/env_reset; fi
if [[ -f /tmp/cic/config/.env ]]; then source /tmp/cic/config/.env; fi
./start_tasker.sh --aux-all -q cic-eth -vv
cic-eth-signer:
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:${TAG:-latest}
build:
context: apps/cic-eth
dockerfile: docker/Dockerfile
target: dev
args:
EXTRA_INDEX_URL: ${EXTRA_INDEX_URL:-https://pip.grassrootseconomics.net:8433}
environment:
CIC_REGISTRY_ADDRESS: $CIC_REGISTRY_ADDRESS
ETH_GAS_PROVIDER_ADDRESS: $DEV_ETH_ACCOUNT_GAS_PROVIDER
ETH_PROVIDER: ${ETH_PROVIDER:-http://eth:8545}
RPC_HTTP_PROVIDER: ${ETH_PROVIDER:-http://eth:8545}
DATABASE_USER: ${DATABASE_USER:-grassroots}
DATABASE_HOST: ${DATABASE_HOST:-postgres}
DATABASE_PASSWORD: ${DATABASE_PASSWORD:-tralala}
DATABASE_NAME: ${DATABASE_NAME_CIC_ETH:-cic_eth}
DATABASE_PORT: ${DATABASE_PORT:-5432}
DATABASE_ENGINE: ${DATABASE_ENGINE:-postgres}
DATABASE_DRIVER: ${DATABASE_DRIVER:-psycopg2}
DATABASE_DEBUG: ${DATABASE_DEBUG:-0}
DATABASE_POOL_SIZE: 0
REDIS_PORT: 6379
REDIS_HOST: redis
PGPASSWORD: ${DATABASE_PASSWORD:-tralala}
CIC_CHAIN_SPEC: ${CIC_CHAIN_SPEC:-evm:bloxberg:8996}
CHAIN_SPEC: ${CIC_CHAIN_SPEC:-evm:bloxberg:8996}
CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://redis}
CELERY_RESULT_URL: ${CELERY_RESULT_URL:-redis://redis}
CELERY_DEBUG: ${CELERY_DEBUG:-1}
SIGNER_SOCKET_PATH: ${SIGNER_SOCKET_PATH:-http://0.0.0.0:8000}
SIGNER_PROVIDER: ${SIGNER_SOCKET_PATH:-http://0.0.0.0:8000}
SIGNER_SECRET: ${SIGNER_SECRET:-deadbeef}
ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER: ${DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER:-0xACB0BC74E1686D62dE7DC6414C999EA60C09F0eA}
TASKS_TRACE_QUEUE_STATUS: ${TASKS_TRACE_QUEUE_STATUS:-1}
CIC_DEFAULT_TOKEN_SYMBOL: ${CIC_DEFAULT_TOKEN_SYMBOL:-GFT}
depends_on:
- eth
- postgres
- redis
deploy:
restart_policy:
condition: on-failure
volumes:
- signer-data:/run/crypto-dev-signer
- contract-config:/tmp/cic/config/:ro
command: ["python", "/usr/local/bin/crypto-dev-daemon", "-c", "/usr/local/etc/crypto-dev-signer", "-vv"]
#command:
# - /bin/bash
# - -c
# - |
# if [[ -f /tmp/cic/config/env_reset ]]; then source /tmp/cic/config/env_reset; fi
# ./start_tasker.sh --aux-all -q cic-eth -vv
# command: [/bin/sh, "./start_tasker.sh", -q, cic-eth, -vv ]
cic-eth-tracker:
@@ -382,7 +330,7 @@ services:
- /bin/bash
- -c
- |
if [[ -f /tmp/cic/config/env_reset ]]; then source /tmp/cic/config/env_reset; fi
if [[ -f /tmp/cic/config/.env ]]; then source /tmp/cic/config/.env; fi
#./start_tracker.sh -vv -c /usr/local/etc/cic-eth
./start_tracker.sh -vv
# command: "/root/start_manager.sh head -vv"
@@ -428,10 +376,9 @@ services:
- /bin/bash
- -c
- |
if [[ -f /tmp/cic/config/env_reset ]]; then source /tmp/cic/config/env_reset; fi
if [[ -f /tmp/cic/config/.env ]]; then source /tmp/cic/config/.env; fi
./start_dispatcher.sh -q cic-eth -vv
# command: "/root/start_dispatcher.sh -q cic-eth -vv"
cic-eth-retrier:
@@ -476,7 +423,7 @@ services:
- /bin/bash
- -c
- |
if [[ -f /tmp/cic/config/env_reset ]]; then source /tmp/cic/config/env_reset; fi
if [[ -f /tmp/cic/config/.env ]]; then source /tmp/cic/config/.env; fi
./start_retry.sh -vv
# command: "/root/start_retry.sh -q cic-eth -vv"

1
dump.sh
View File

@@ -1 +0,0 @@
docker run -t -v cic-internal-integration_contract-config:/tmp/cic/config cic-internal-integration_contract-migration cat /tmp/cic/config/env_reset

10
kubernetes/cic-auth-proxy/cic-auth-creds-configmap.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cic-auth-proxy-credentials-configmap
namespace: grassroots
data:
credentials.yaml: |
level: 9
items:
user: 1

10
kubernetes/cic-auth-proxy/cic-auth-proxy-acl-configMap.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cic-auth-proxy-acl-configmap
namespace: grassroots
data:
F3FAF668E82EF5124D5187BAEF26F4682343F692: |
- "^/user(/.*)?$":
read:
- user

114
kubernetes/cic-auth-proxy/cic-auth-proxy-meta-deployment.yaml Normal file
View File

@@ -0,0 +1,114 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-auth-proxy-meta
namespace: grassroots
labels:
app: cic-auth-proxy-meta
group: cic
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-auth-proxy-meta
replicas: 1
template:
metadata:
labels:
app: cic-auth-proxy-meta
group: cic
spec:
containers:
- name: cic-auth-proxy-meta
#image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:master-c05fafbf-1627493790 # {"$imagepolicy": "flux-system:cic-auth-proxy"}
image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:latest
imagePullPolicy: Always
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 100m
memory: 200Mi
env:
- name: PROXY_HOST
value: cic-meta-server
- name: PROXY_PORT
value: "80"
- name: PROXY_PATH_PREFIX
value: "/"
- name: HTTP_AUTH_ORIGIN
value: https://meta-auth.dev.grassrootseconomics.net:443
- name: HTTP_AUTH_REALM
value: GE
- name: ACL_CREDENTIALS_ENDPOINT
value: http://key-server:8081/
- name: ACL_PATH
value: /data/acls/F3FAF668E82EF5124D5187BAEF26F4682343F692
- name: GPG_PUBLICKEYS_ENDPOINT
value: http://key-server:8080/.well-known/publickeys/
- name: GPG_SIGNATURE_ENDPOINT
value: http://key-server:8080/.well-known/signature/
- name: GPG_TRUSTED_PUBLICKEY_FINGERPRINT # fingerprint of trusted key
value: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5
- name: GPG_HOMEDIR
value: /usr/local/etc/cic-auth-proxy/.gnupg/
- name: GPG_IMPORT_DIR
value: /usr/local/etc/cic-auth-proxy/import/
- name: GPG_PUBLICKEY_FILENAME
value: publickeys.asc
- name: GPG_SIGNATURE_FILENAME
value: signature.asc
- name: GPG_TRUSTED_PUBLICKEY_MATERIAL
value: /usr/local/etc/cic-auth-proxy/trusted/trustedpublickey.asc
ports:
- containerPort: 8080
name: http
volumeMounts:
- name: acl-config
mountPath: /data/acls/
readOnly: true
- name: credentials-config
mountPath: /data/noop/
readOnly: true
- name: trusted-publickey
mountPath: /usr/local/etc/cic-auth-proxy/trusted/
- name: gpg-homedir
mountPath: /usr/local/etc/cic-auth-proxy/.gnupg
- name: pgp-meta-test
mountPath: /usr/local/etc/cic-auth-proxy/import
volumes:
- name: pgp-meta-test
configMap:
name: pgp-meta-test
- name: acl-config
configMap:
name: cic-auth-proxy-acl-configmap
- name: credentials-config
configMap:
name: cic-auth-proxy-credentials-configmap
- name: trusted-publickey
configMap:
name: pgp-trusted-publickey
- name: gpg-homedir
emptyDir: {}
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-auth-proxy-meta
namespace: grassroots
spec:
selector:
app: cic-auth-proxy-meta
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8080

114
kubernetes/cic-auth-proxy/cic-auth-proxy-user-deployment.yaml Normal file
View File

@@ -0,0 +1,114 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-auth-proxy-user
namespace: grassroots
labels:
app: cic-auth-proxy-user
group: cic
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-auth-proxy-user
replicas: 1
template:
metadata:
labels:
app: cic-auth-proxy-user
group: cic
spec:
containers:
- name: cic-auth-proxy-user
#image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:master-c05fafbf-1627493790 # {"$imagepolicy": "flux-system:cic-auth-proxy"}
image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:latest
imagePullPolicy: Always
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 100m
memory: 200Mi
env:
- name: PROXY_HOST
value: cic-user-server
- name: PROXY_PORT
value: "80"
- name: PROXY_PATH_PREFIX
value: "/"
- name: HTTP_AUTH_ORIGIN
value: https://meta-auth.dev.grassrootseconomics.net:443
- name: HTTP_AUTH_REALM
value: GE
- name: ACL_CREDENTIALS_ENDPOINT
value: http://key-server:8081/
- name: ACL_PATH
value: /data/acls/F3FAF668E82EF5124D5187BAEF26F4682343F692
- name: GPG_PUBLICKEYS_ENDPOINT
value: http://key-server:8080/.well-known/publickeys/
- name: GPG_SIGNATURE_ENDPOINT
value: http://key-server:8080/.well-known/signature/
- name: GPG_TRUSTED_PUBLICKEY_FINGERPRINT # fingerprint of trusted key
value: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5
- name: GPG_HOMEDIR
value: /usr/local/etc/cic-auth-proxy/.gnupg/
- name: GPG_IMPORT_DIR
value: /usr/local/etc/cic-auth-proxy/import/
- name: GPG_PUBLICKEY_FILENAME
value: publickeys.asc
- name: GPG_SIGNATURE_FILENAME
value: signature.asc
- name: GPG_TRUSTED_PUBLICKEY_MATERIAL
value: /usr/local/etc/cic-auth-proxy/trusted/trustedpublickey.asc
ports:
- containerPort: 8080
name: http
volumeMounts:
- name: acl-config
mountPath: /data/acls/
readOnly: true
- name: credentials-config
mountPath: /data/noop/
readOnly: true
- name: trusted-publickey
mountPath: /usr/local/etc/cic-auth-proxy/trusted/
- name: gpg-homedir
mountPath: /usr/local/etc/cic-auth-proxy/.gnupg
- name: pgp-meta-test
mountPath: /usr/local/etc/cic-auth-proxy/import
volumes:
- name: pgp-meta-test
configMap:
name: pgp-meta-test
- name: acl-config
configMap:
name: cic-auth-proxy-acl-configmap
- name: credentials-config
configMap:
name: cic-auth-proxy-credentials-configmap
- name: trusted-publickey
configMap:
name: pgp-trusted-publickey
- name: gpg-homedir
emptyDir: {}
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-auth-proxy-user
namespace: grassroots
spec:
selector:
app: cic-auth-proxy-user
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8080

129
kubernetes/cic-auth-proxy/cic-auth-proxy-ussd-deployment.yaml Normal file
View File

@@ -0,0 +1,129 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-auth-proxy-ussd
namespace: grassroots
labels:
app: cic-auth-proxy-ussd
group: cic
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-auth-proxy-ussd
replicas: 1
template:
metadata:
labels:
app: cic-auth-proxy-ussd
group: cic
spec:
containers:
- name: cic-auth-proxy-ussd
#image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:master-c05fafbf-1627493790 # {"$imagepolicy": "flux-system:cic-auth-proxy"}
image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:latest
imagePullPolicy: Always
command: ["uwsgi", "--wsgi-file", "meta/scripts/proxy-ussd.py", "--http",
":8080"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 100m
memory: 200Mi
env:
- name: PROXY_HOST
value: cic-user-ussd-server
- name: PROXY_PORT
value: "80"
- name: PROXY_PATH_PREFIX
value: "/"
- name: HTTP_AUTH_ORIGIN
value: https://ussd-auth.dev.grassrootseconomics.net:443
- name: HTTP_AUTH_REALM
value: GE
- name: ACL_CREDENTIALS_ENDPOINT
value: http://key-server:8081/
- name: ACL_PATH
value: /data/acls/F3FAF668E82EF5124D5187BAEF26F4682343F692
- name: ACL_QUERYSTRING_USERNAME
valueFrom:
secretKeyRef:
name: cic-ussd-querystring-creds
key: username
- name: ACL_QUERYSTRING_PASSWORD
valueFrom:
secretKeyRef:
name: cic-ussd-querystring-creds
key: password
- name: ACL_WHITELIST
value: "37.188.113.15, 164.177.157.18, 5.79.0.242, 164.177.141.82, 164.177.141.83"
- name: GPG_PUBLICKEYS_ENDPOINT
value: http://key-server:8080/.well-known/publickeys/
- name: GPG_SIGNATURE_ENDPOINT
value: http://key-server:8080/.well-known/signature/
- name: GPG_TRUSTED_PUBLICKEY_FINGERPRINT # fingerprint of trusted key
value: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5
- name: GPG_HOMEDIR
value: /usr/local/etc/cic-auth-proxy/.gnupg/
- name: GPG_IMPORT_DIR
value: /usr/local/etc/cic-auth-proxy/import/
- name: GPG_PUBLICKEY_FILENAME
value: publickeys.asc
- name: GPG_SIGNATURE_FILENAME
value: signature.asc
- name: GPG_TRUSTED_PUBLICKEY_MATERIAL
value: /usr/local/etc/cic-auth-proxy/trusted/trustedpublickey.asc
ports:
- containerPort: 8080
name: http
volumeMounts:
- name: acl-config
mountPath: /data/acls/
readOnly: true
- name: credentials-config
mountPath: /data/noop/
readOnly: true
- name: trusted-publickey
mountPath: /usr/local/etc/cic-auth-proxy/trusted/
- name: gpg-homedir
mountPath: /usr/local/etc/cic-auth-proxy/.gnupg
- name: pgp-meta-test
mountPath: /usr/local/etc/cic-auth-proxy/import
volumes:
- name: pgp-meta-test
configMap:
name: pgp-meta-test
- name: acl-config
configMap:
name: cic-auth-proxy-acl-configmap
- name: credentials-config
configMap:
name: cic-auth-proxy-credentials-configmap
- name: trusted-publickey
configMap:
name: pgp-trusted-publickey
- name: gpg-homedir
emptyDir: {}
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-auth-proxy-ussd
namespace: grassroots
spec:
selector:
app: cic-auth-proxy-ussd
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8080

16
kubernetes/cic-auth-proxy/cic-ussd-querystring-creds.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: cic-ussd-querystring-creds
namespace: grassroots
spec:
encryptedData:
password: AgAO18hv8gZZRoySuTqNOg06imdnfES7io54TEGO501cq8usRcj9Bu3us+7V8zD20DQTZ7xCGCV2eyZ1kMsnFNFUBPMG0raAtwe4dAskYeQxKp0VyE1y+d9TbecvlqRXmAD3lF1exMSS3PD68VZcrDpenXE7Ag74uEJM7YmAKnUXIzBhxZlG7bIwLrRuNiTye83e/jijaPD3+66NrExBM2H//b8u1l8QVNd13XwgAWkJEW9QNMP1b2ir9VWKE4P8Da22SQRIed/Nhyc+aR3izqEpCbeRYmQqlo9r66oXK4Yr5v0IkI38gBGORrPv1OZK01plvGgMoxTe3pSiW5cyMtCXx6GgyIFKII1yYvtlI86Sf4J3DRU6kC3NSvF+2B99yFrbUPyoAGQFd6oSWAQLBI2kYqf6NXuaT3kxBNroAICMlAYygPKG0t6jEzTWk+E5l4F/PHWFD5DM+diHRqQAdDStACcMCl2i2133PPjlK1gUhQkCmeRcKeEqMT5ssBx/KM5p+v8syV4/0VlNtJpnP/aWcbwvVsiHhDE9trM/+p5E6gsVymAIiW20nRnuOSjHCnHOtjtfPtEZ3A8eHAqgJjdE6fY7DvZmwKfx2A4tMcrikz208Pa7JIFE6nj9osTz7eMrWXTmquVRotZ9we3WmGBycgVUuv9hfzUC6srkTIyT9UGHH9UNiRba/73ZDF2Zr2XvN0ofkQz8dN0dKLxy/OptCciV3Rdn/4s/IQ0usSwXLEb2tQtHgy5+twj7IQij6amjLbulRm1U2GLatmvgbjqf
username: AgCJQ9JiJErCGfH3pkX3I3696Garu40pGWgvcUOa9wz3r3Q+5SY0IMnroWO3z66L/HG7DW70upgfJBVyhncrUBrC/z73D++nMz43JvFc39MHcUYVmqvjIw1401705+G7UxxgcMOx09++CBZ97wbEfKc251v98s8G/bLtMcqS/12pVNfMGgjpkE6InlS0n9VD26HDs4A3uNtfN2GK2dsazV05UXs8W+6JOZsJ60QfPJylCpKh+sxPLDlYt4lRIM/6pP7kQXLn+VmWtzuo1dZTaUliMYH+DOXO2V9ePnjTUXGrMgRfuZP2PCmG3usdC45mOPpuURPFUmF8SDQ4IXKhBd7N+8pjZDiqQ2RxK61Qz6MXv851u7HABgVMhtjlZfaD4hVY+mr7KYDVQvrhJ971y84KBHuQFOxwZZnXAx5FdBWmkKkz959bjulJaRe1ZWA01k1SQHiVFeIArbbNSlvH45XoNR8rxFiQE+5Olt9UwdpXAH/sAfH7CRY1SnRrAW3LCyCVqAJcXF9kU+bnezVgWoJ/h9ff6VKRFqh3o+wa6V6J8GNbwC0/oeXo0XyUjbwAUjIRKeWbJ1obkvWDfYILpo2CVt34tzYowiVqmYYB8SqKBPgrca+Xmn9GpggOMibJKk0LC6R04iAajMy73cuxkX+PMV1Wz5xOuF60ccCsdiD15deYOlA34UdfeNQgGA7EKPhsl0kD/xm5
template:
metadata:
creationTimestamp: null
name: cic-ussd-querystring-creds
namespace: grassroots

100
kubernetes/cic-cache/cic-cache-server-deployment.yaml Normal file
View File

@@ -0,0 +1,100 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-cache-server
namespace: grassroots
labels:
app: cic-cache-server
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-cache-server
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-cache-server
group: cic
teir: backend
spec:
containers:
- name: cic-cache-server
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:master-402b968b-1626300208 # {"$imagepolicy": "flux-system:cic-cache"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:latest
imagePullPolicy: Always
command: ["/usr/local/bin/uwsgi", "--wsgi-file=/root/cic_cache/runnable/daemons/server.py",
"--http=:8000", "--pyargv", "-vv"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: DATABASE_NAME
value: cic_cache
- name: SERVER_PORT
value: "8000"
- name: DATABASE_DEBUG
value: "0"
ports:
- containerPort: 8000
name: server
restartPolicy: Always
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-cache-svc
namespace: grassroots
spec:
selector:
app: cic-cache-server
type: ClusterIP
ports:
- name: server
protocol: TCP
port: 80
targetPort: 8000

175
kubernetes/cic-cache/cic-cache-tasker-deployment.yaml Normal file
View File

@@ -0,0 +1,175 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-cache-watchers
namespace: grassroots
labels:
app: cic-cache-watchers
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-cache-watchers
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-cache-watchers
group: cic
tier: queue
spec:
containers:
- name: cic-cache-tasker
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:master-402b968b-1626300208 # {"$imagepolicy": "flux-system:cic-cache"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:latest
imagePullPolicy: Always
command: ["/usr/local/bin/cic-cache-taskerd", "-vv"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: DATABASE_NAME
value: cic_cache
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: cic-cache-tracker
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:master-402b968b-1626300208 # {"$imagepolicy": "flux-system:cic-cache"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:latest
# command: ["/usr/local/bin/cic-cache-trackerd", "-vv", "-c", "/usr/local/etc/cic-cache"]
command: ["./start_tracker.sh", "-c", "/usr/local/etc/cic-cache", "-vv"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
env:
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_cache
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: SERVER_PORT
value: "8000"
- name: ETH_ABI_DIR
value: /usr/local/share/cic/solidity/abi
- name: DATABASE_DEBUG
value: "0"
restartPolicy: Always

221
kubernetes/cic-eth/cic-eth-tasker-deployment.yaml Normal file
View File

@@ -0,0 +1,221 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-eth-tasker
namespace: grassroots
labels:
app: cic-eth-tasker
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-eth-tasker
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-eth-tasker
group: cic
tier: queue
spec:
containers:
- name: cic-eth-tasker
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
imagePullPolicy: Always
# command: ["./start_tasker.sh", "-q", "cic-eth", "-vv"]
command: ["/usr/local/bin/cic-eth-taskerd"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_DB
value: "0"
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: ETH_ABI_DIR
value: /usr/local/share/cic/solidity/abi
- name: DATABASE_NAME
value: cic_eth
- name: DATABASE_POOL_SIZE
value: "0"
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: BANCOR_DIR
value: /usr/local/share/cic/bancor
- name: SIGNER_SOCKET_PATH
value: ipc:///run/crypto-dev-signer/jsonrpc.ipc
- name: SIGNER_SECRET
value: deadbeef
- name: ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER
value: "0xACB0BC74E1686D62dE7DC6414C999EA60C09F0eA"
- name: TASKS_TRACE_QUEUE_STATUS
value: "1"
- name: "DATABASE_DEBUG"
value: "false"
volumeMounts:
- name: socket-path
mountPath: /run/crypto-dev-signer/
- name: cic-eth-signer
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
imagePullPolicy: Always
# command: ["./start_tasker.sh", "-q", "cic-eth", "-vv"]
command: ["python", "/usr/local/bin/crypto-dev-daemon", "-c", "/usr/local/etc/crypto-dev-signer",
"-vv"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: ETH_ABI_DIR
value: /usr/local/share/cic/solidity/abi
- name: DATABASE_NAME
value: cic_eth
- name: DATABASE_POOL_SIZE
value: "0"
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: BANCOR_DIR
value: /usr/local/share/cic/bancor
- name: SIGNER_SOCKET_PATH
value: ipc:///run/crypto-dev-signer/jsonrpc.ipc
- name: SIGNER_SECRET
value: deadbeef
- name: ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER
value: "0xACB0BC74E1686D62dE7DC6414C999EA60C09F0eA"
- name: TASKS_TRACE_QUEUE_STATUS
value: "1"
- name: "DATABASE_DEBUG"
value: "false"
- name: "CIC_DEFAULT_TOKEN_SYMBOL"
value: GFT
volumeMounts:
- name: socket-path
mountPath: /run/crypto-dev-signer/
volumes:
- name: socket-path
emptyDir: {}
restartPolicy: Always

248
kubernetes/cic-eth/cic-eth-tracker.yaml Normal file
View File

@@ -0,0 +1,248 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
# The guardian is composed of:
# cic-manager-head
# cic-dispatch
# cic-retrier
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-eth-tracker
namespace: grassroots
labels:
app: cic-eth-tracker
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-eth-tracker
replicas: 1 # these are all strictly 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-eth-tracker
group: cic
spec:
containers:
- name: cic-eth-tracker
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
imagePullPolicy: Always
command: ["./start_tracker.sh", "-v", "-c", "/usr/local/etc/cic-eth"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: TASKS_TRANSFER_CALLBACKS
value: "cic-eth:cic_eth.callbacks.noop.noop,cic-ussd:cic_ussd.tasks.callback_handler.transaction_callback"
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: DATABASE_NAME
value: cic_eth
- name: DATABASE_DEBUG
value: "0"
- name: ETH_ABI_DIR
value: /usr/local/share/cic/solidity/abi
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: REDIS_HOSTNAME
value: redis-master
- name: cic-eth-dispatcher
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:master-f1917300-1626888924 # {"$imagepolicy": "flux-system:cic-eth"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
imagePullPolicy: Always
command: ["./start_dispatcher.sh", "-q", "cic-eth", "-v"]
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: TASKS_TRANSFER_CALLBACKS
value: "cic-eth:cic_eth.callbacks.noop.noop,cic-ussd:cic_ussd.tasks.callback_handler.transaction_callback"
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: DATABASE_NAME
value: cic_eth
- name: DATABASE_DEBUG
value: "0"
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: REDIS_HOSTNAME
value: redis-master
# - name: cic-eth-retrier
# image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:latest
# command: [ "./start_retry.sh", "-v" ]
# resources:
# requests:
# cpu: 50m
# memory: 100Mi
# limits:
# cpu: 500m
# memory: 250Mi
# env:
# - name: CIC_REGISTRY_ADDRESS
# valueFrom:
# configMapKeyRef:
# name: contract-migration-output
# key: CIC_REGISTRY_ADDRESS
# - name: CIC_TRUST_ADDRESS
# valueFrom:
# configMapKeyRef:
# name: contract-migration-output
# key: CIC_TRUST_ADDRESS
# - name: CIC_TX_RETRY_DELAY # TODO what is this value?
# value: "15"
# - name: TASKS_TRANSFER_CALLBACKS # TODO what is this value?
# value: "taskcall:cic_eth.callbacks.noop.noop"
# - name: ETH_PROVIDER
# value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
# - name: DATABASE_USER
# value: grassroots
# - name: DATABASE_HOST
# value: postgres-helm-postgresqlsql
# - name: DATABASE_PASSWORD
# value: tralala
# - name: DATABASE_NAME
# value: cic_eth
# - name: DATABASE_PORT
# value: "5432"
# - name: DATABASE_ENGINE
# value: postgres
# - name: DATABASE_DRIVER
# value: psycopg2
# - name: DATABASE_DEBUG
# value: "1"
# - name: REDIS_HOSTNAME
# value: grassroots-redis-master
# - name: CIC_CHAIN_SPEC
# value: "evm:bloxberg:8996"
# - name: CELERY_BROKER_URL
# value: redis://grassroots-redis-master
# - name: CELERY_RESULT_URL
# value: redis://grassroots-redis-master
restartPolicy: Always

122
kubernetes/cic-meta/cic-meta-server-deployment.yaml Normal file
View File

@@ -0,0 +1,122 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-meta-server
namespace: grassroots
labels:
app: cic-meta-server
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-meta-server
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-meta-server
group: cic
spec:
containers:
- name: cic-meta-server
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:master-fe017d2b-1625932004 # {"$imagepolicy": "flux-system:cic-meta"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:latest
imagePullPolicy: Always
resources:
requests:
cpu: 50m
memory: 250Mi
limits:
cpu: 100m
memory: 500Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: SCHEMA_SQL_PATH
value: scripts/initdb/server.postgres.sql
- name: DATABASE_NAME
value: cic_meta
- name: SERVER_HOST
value: localhost
- name: SERVER_PORT
value: "8000"
- name: DATABASE_SCHEMA_SQL_PATH
value: ""
- name: PGP_EXPORTS_DIR
value: /tmp/src/keys
- name: PGP_PRIVATEKEY_FILE # Private key here is for enrypting data
value: privatekey.asc
- name: PGP_PASSPHRASE
value: queenmarlena # TODO move to secret
- name: PGP_PUBLICKEY_TRUSTED_FILE
value: publickeys.asc
- name: PGP_PUBLICKEY_ACTIVE_FILE # public key here is to know who to trust
value: publickeys.asc
- name: PGP_PUBLICKEY_ENCRYPT_FILE
value: publickeys.asc
ports:
- containerPort: 8000
name: cic-meta-server
volumeMounts:
- mountPath: /tmp/src/keys
readOnly: true
name: pgp
volumes:
- name: pgp
configMap:
name: pgp-meta-test
items:
restartPolicy: Always
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-meta-server
namespace: grassroots
spec:
selector:
app: cic-meta-server
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8000

17
kubernetes/cic-notify/cic-notify-africastalking-sandbox-sealedsecret.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: cic-notify-africastalking-sandbox-secret
namespace: grassroots
spec:
encryptedData:
api_key: AgC1j5LwcOocVchLac0kPmCqyqljV40RzlCXVrtaxFvFvO+s2KcaUNFrIxfirZ8pbSDPKAUAgQam9tJiZFg4Wdu0x6LDDo6x2/0t/HXqb1eeH+OxO045T0AQZPpqFK+5QZ7y+c0tnUJfppCgOd+PhvB0AyHndWoWmTMGy48zpKaeRZriRRM5+rkNgGzazUNdsQoThOhEStIDCa1+zpq++KckU+VS5Qgsj7X1gOth+XFeyVFuXLY/QTTmvflgXj/YA5HMcJVCO3/l4UGaxHaUWps6IlZ5RgALamavAww7HIT7iecjXbAKx4fQt7bKuQY/FHiwDLAJmfdYUv7YK3EVsW4lSWVxgQ4RKM1dru8Kgs4nE+jmlApeuMl2Y3yT0tyCXSNPBzcsAbeumctsWO2gypQbL/0N1a9OZYgJv4/rfbonl8lK8detZDnAOqhOEiJ2fX/H9bkLc7n5hEHxnIt72sgdurD3r7WkxNsD8/laBx7hDtr7+Zv9RZ8MlyyUd+ZBVax6tO7immo8ya+BRsFKcrr3FqSuvwl3q7y/DNLMU6wqEv+/FmfSW7J1HuGlOJApHM96R6Jfqpw+ZNZ/hS6Z0CDNicLRdRfDaKglOu4UvkiWQ2F1JtqtJEtishbk3bNtZSAOO7Uan/V1XfeUvrYBAyXCoLLwK2pm/eWNZ71BW7TghCNgqRpeALPZy2JrDudnmyoXzcidJeBi5lBEnbXzIcOuos/0xgM/DiKQDO8mxh1ycbiu9XSydxdkLrRFXMtO8KK4qhIdgJp8INjZxIzgm5j3
api_sender_id: AgCTvYXxQNTCcRnMrfcc3D+OY+N8/mFtfI+O3xI45qxdC1n7/OE2MI0XIleYSbbAh3R7+5lNjq3pVhdKpRvCYxUGerCdSeYFQZf0RN71sAtDV8NnHCB6pRIsCWlvjDHw7XRH6PiPrr0xj4rwd1Qou8EMybVQXwT6nvV20kdKhAd6dTTgqT8x1AB5N+L0o1H/ThOKNadjN6oqlROz4in0DTTmis+Ebk4pywFroVWa5pMCjy7Ua5omKqB45lAKDp4FwogSnEUVS1b1pQTO/o0mnCQRObPcOzVjze6oqfUaEPkvtrOkmKuAxEXFKdAzG8bzPwx6EuSCbMmcUekeBGKDZBniE1YyOkPyLZelBEtyXFhQBmKbdW4qhlEJwYwflFBll8eNo2ruMVH7HTJvAqW4p2mxTIoM9Nx+UWDJjZ736aYvDfCgZX0MVKvXjrNtWEhuVBYGZxFIWfj/RqNkcJf+ZlNYK8MripzPReNWDlvhH1jzlPGJozUlYfLY8hY/NDGMbdc+EflLy8p4oRLWUo0Z0W3ARwLM1WQMk8FSXAgCjMmL7m3d310lVO5LLVdj3GTpjfCNPm2m7Re0lsOkLDE8x0vhJnlIUJ8WlY1EdezKfPWR0laNSknCCxfPYU88XiO2DVgUdWBH0Hg13yQQ3IXz49Pnf6LrAx46EgKUzoKnCgA5L/hRAIV3u8vav/5kdSF4CxY=
api_username: AgBQZXCDQY5B1RKfwjih04XSvdPJjmlfuA2bL6qiphYDIM223DJ5HEolHIWlCeSAjDC5JjkkesPmVzxybgD7hRwVuyOyWfmiXBG6+552v/DNv17IfSNNtZMCsEj9jyscHfvRI1NCG5pxywhBfRxhOVIYflbFI/H+13ReAs/6J/uhVfWVPMXzdg7Zj7mYsWzj3otv0npzXc+j2G4JZk53h7fDTY/XsXyZCe+Xpn9auf7Y+m+/shOiaM67CuE+eMWYhpTpTDy6oG3rjSrqhjVnE4wu8fP85nTGK2ctrQ9qgyOdcf1vPdlt1CwP5FZ+zxY8GrhUsYnunQ50znPD55e/8m5AqZhIrCjQ0lfzB2iCn0OzwOjnQpfv0W0QXpw6aDH/GYfMbDBLyXnF5yU0J+R7tv2Q45NKyRHbdO2VQXhXak95YGvK0Er3+8b0Jx4k3L+hM3OTFaJgdGOyb4IsUFG6vfQlfG3Bl4ggYqAGCJo041SpT4gc1XgGkar8WD4sOir61qKde8NnIOdRn1bhaZ8qD2eP+4p20hqsgpAA38SN6qZfrZc5sj/Re2mXxYIbmdALlP6yt1exhtU4QRzF23RDHmwiGtzh0YqIUj62+icrLcn+ZXgpufW9BgxKXilczF/bfsN2v4VFKsrkp+wRtAlFj3riDoles/IhItIJ9KpmSHEsRDRrkrUl+sFQ5xqQvfIuEoy/DHKf/Q3L
template:
metadata:
creationTimestamp: null
name: cic-notify-africastalking-sandbox-secret
namespace: grassroots

17
kubernetes/cic-notify/cic-notify-africastalking-sealedsecret.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: cic-notify-africastalking-secret
namespace: grassroots
spec:
encryptedData:
api_key: AgAbH1KDx0kVxtqPBvkb0w1uYJm0Vwd/eHBMhLJRC9Z5zs/YkHkV+Zrz4Pk0loSIdyV3fFdL+zcqnwWmkYjrkBYUXqB+F6HcfYPlND+zAtv8QMbpmHoF6faqx1MY981Sx7qqURlORCZzkwzrDEC4XK2nwut414PFEQ4Rn9SWe2RWXl75G3+TVkj0jd24rYYlGCmD8krjFLY9IMigKZOr0TqoPhHv9xKPg7+Xpwtd86QpiFcTR0fBtN8FLDuKlYGHvTvaUqT2kyBEXeiSn3V+rB7mD72QtNBwS9KJfQla/Gh1z4kps5DkZNoHKRz3O0SnMND1UrID713g7coYI+3q3Xk4/IFiYH4iTQwls/TZWuu/aAc74Ofs6tNwNfUeGGwa0uX/EdMpQ0cWBsGQXi3wG91kvCbnHQ1IERXgCLzGur9yB7YARy6H3tJkQrjzY2ETmMK6wj8yelKC1LLiVk/UVPiRI3O85JPxDDdtcOWkRtGso5Z1Q4D0AFWhbrhBXZc3cS2MmU1bIXoZ+fsYoZ1Mrg+uFQyuf4XwIq+HZuaYksN6xN0olId/H53Bau/z54pteFwT3VOKJNrLHCnAz0YJG2LO08Iu3FcNIUVh1tf39019QOFW2QGemhxznfPH1Mn4l9GwhE2MNfU2JqbFLnCfPZPoFSY+7YZ8I271aY4sM/OlaE2Nrk9RSsSgpS+WUCijSzZ8Crgc8dffVQryDEc/t+JIW7T4BH16lk+fgx2W1JoU/BMMvaRitHX5XsIs5xchwfuvb5+WbNnT8WbYdomGokEg
api_sender_id: AgBt9Sp+yb1Qek38Imhs4zW4pcujj2ExStcfLgWPXgD3WhIOfMS7AFAe5uDTICZqLEoMnluVTJn8Hk02BIU3quXWjOOgLJRmpNlgqAbchR1XA07BwGeYWMZomC4M+8nknMOHeQvo8HGN/Y5HnXw5N2Gw8Utlm/cLVVJOEYCKGiR8vWpzMMGepxIKVeex93Ev09SQsxbOJ3QO3SGdJiKFBvXgSeGnsdg+uAeC0NG1zzVBbiCgiNoIZgv6ZnwzBZSl7BYAazt4xOoHSRoicgmIX3PWdjIz+lzVHIuEuFZK9heq+MODQhZcvf54JRB1qPURGJobu3IVDAckIvnFlSCRaBp2rAqtyzAtngkau3Et/66eI3SChJFDgnbourQ1QRPzqWipzYQ11JpUbc0luXRfA+HvzrlIf5r/rSL93jepWQS0Exk2VuCrBAS+QPJccmncJYRZ98SU0fAu+5ZcHFVkEpc4iatW6j1tXyxn+tO1pl7yB/9GGfNA72XxVHwLZmTE7LN0Y4VyhdIQYtXX5ZX49bD0Lfk/m1pkwkWtj1Cas7YpFvX0JUN0bjn6JQoJAIh7fCW5O2ATp/eqpsCcfyw+Fy8kNPFVXlfvVmD9aqwYojfCE2CV0lXFGwHLkNp0nxxTPoqrx2YAa9R/nILaUawvMdMU+a8n1Ee79al/eVpqr4WdTkQikrxcoud8PDzNOyk2y8eZY+Kb2dU=
api_username: AgBOCaA5MnRsnGSkQw8Md2XIRsb+9Dg3XiM5yagk1GvAcO+eNnL4i2F4pbA0Ctad0LpQVXwVhppJDqxS7ffy3VJwMdEWxChKN3AiE3e8Eqx8LzD1xXU48OxAfksFKQrXNBVjfBcSgyoTwI5ohYSGxuUL3fWo4/Wp0AWdy92bwNZfhOvkLpfn+Q3nblLX9tQeu/ky6+hqkiyZSWjgykJXGnVnpPMoRS8BLbcxRD1kpJfMORfW7q1JyzheBGByStRvr7i6z3m4KVC/a9H3o0OpIQQTNtvvy4zECQ5NnjrxXYdOJfJZNq1enVqqCeA06h2e3DESfxYPPx6tL8+Ugo+4TorFb5Fw8vqFQRd/1SiGQE++W/MRY4P+fj9hQrxyzdnG5oBq1j2JTpx5VMwkOEk1yVLmRS9nYrZOfFE/6EJJSzRZMbh+xVTEvcag9ZzSzkbKoakR+VKjZ2Rpum6rwXPUUhJ5F6ohIZx2x/qE3QJlmxtnJQGfmNwe6HTiLxqjU3o0SkVQgMPN275Uydlm6Omn9eo2jkYnA5hg4TPoFjcqAmbgV5O372U6ShpNtA2hYi6CdF7K/sbKxhFtHTrPAdF5NhMGZ6N81X1AMWq3a1mojMBJbVTPVzSWPovkiqhQ62gKUUbPp191aLuQlX83dqEuRxyYTprId/ODB7RtaAddDcLsF4z/7i7yh8VtKyqHBs7hA52O1b2sQJwxmhw=
template:
metadata:
creationTimestamp: null
name: cic-notify-africastalking-secret
namespace: grassroots

100
kubernetes/cic-notify/cic-notify-deployment.yaml Normal file
View File

@@ -0,0 +1,100 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-notify-tasker
namespace: grassroots
labels:
app: cic-notify-tasker
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-notify-tasker
replicas: 1
template:
metadata:
labels:
app: cic-notify-tasker
group: cic
spec:
containers:
- name: cic-notify-tasker
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-notify:master-7a3cb7ab-1627053362 # {"$imagepolicy": "flux-system:cic-notify"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-notify:latest
imagePullPolicy: Always
command: ["./start_tasker.sh", "-q", "cic-notify", "-vv"]
resources:
requests:
cpu: 25m
memory: 100Mi
limits:
cpu: 50m
memory: 200Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: DATABASE_POOL_SIZE
value: "0"
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_notify
- name: AFRICASTALKING_API_USERNAME
valueFrom:
secretKeyRef:
name: cic-notify-africastalking-sandbox-secret
key: api_username
- name: AFRICASTALKING_API_KEY
valueFrom:
secretKeyRef:
name: cic-notify-africastalking-sandbox-secret
key: api_key
- name: AFRICASTALKING_API_SENDER_ID
valueFrom:
secretKeyRef:
name: cic-notify-africastalking-sandbox-secret
key: api_sender_id
ports:
- containerPort: 80 # What is this value?
name: cic-eth-manager
restartPolicy: Always

55
kubernetes/cic-staff-client/cic-staff-client-deployment.yaml Normal file
View File

@@ -0,0 +1,55 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-staff-client
namespace: grassroots
labels:
app: cic-staff-client
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-staff-client
replicas: 1
template:
metadata:
labels:
app: cic-staff-client
group: cic
spec:
containers:
- name: cicada
#image: registry.gitlab.com/grassrootseconomics/cic-staff-client:master-858e1e65-1627284988 # {"$imagepolicy": "flux-system:cic-staff-client"}
image: registry.gitlab.com/grassrootseconomics/cic-staff-client:latest
imagePullPolicy: Always
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
ports:
- containerPort: 80
name: http
restartPolicy: Always
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-staff-client
namespace: grassroots
spec:
selector:
app: cic-staff-client
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80

113
kubernetes/cic-ussd/cic-user-server-deployment.yaml Normal file
View File

@@ -0,0 +1,113 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-user-server
namespace: grassroots
labels:
app: cic-user-server
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-user-server
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-user-server
group: cic
tier: backend
spec:
containers:
- name: cic-user-server
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:master-fad0a4b5-1628267359 # {"$imagepolicy": "flux-system:cic-ussd"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:latest
command: ["/root/start_cic_user_server.sh", "-vv"]
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: DATABASE_POOL_SIZE
value: "0"
- name: DATABASE_NAME
value: cic_ussd
- name: HTTP_PORT_CIC_USER_SERVER
value: "9500"
- name: PGP_KEYS_PATH
value: /tmp/src/keys/
- name: PGP_EXPORTS_DIR
value: /tmp/src/keys/
ports:
- containerPort: 9500
name: server
volumeMounts:
- mountPath: /tmp/src/keys
name: pgp
readOnly: true
volumes:
#- name: pgp
# secret:
# secretName: pgp
- name: pgp
configMap:
name: pgp-meta-test
restartPolicy: Always
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-user-server-svc
namespace: grassroots
spec:
selector:
app: cic-user-server
type: ClusterIP
ports:
- name: server
protocol: TCP
port: 80
targetPort: 9500

122
kubernetes/cic-ussd/cic-user-tasker-deployment.yaml Normal file
View File

@@ -0,0 +1,122 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-user-tasker
namespace: grassroots
labels:
app: cic-user-tasker
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-user-tasker
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-user-tasker
group: cic
task: queue
spec:
containers:
- name: cic-user-tasker
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:master-7a3cb7ab-1627053361 # {"$imagepolicy": "flux-system:cic-ussd"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:latest
imagePullPolicy: Always
command: ["/root/start_cic_user_tasker.sh", "-q", "cic-ussd", "-vv"]
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: APP_PASSWORD_PEPPER
valueFrom:
secretKeyRef:
name: cic-ussd-secret
key: app_password_pepper
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: DATABASE_NAME
value: cic_ussd
- name: DATABASE_POOL_SIZE
value: "0"
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_DATABASE
value: "0"
- name: CIC_META_URL
value: http://cic-meta-server:80
- name: PGP_KEYS_PATH
value: /tmp/src/keys/
- name: PGP_EXPORTS_DIR
value: /tmp/src/keys/
- name: PGP_PRIVATE_KEYS
value: privatekey.asc
- name: PGP_PASSPHRASE
value: queenmarlena
- name: CIC_META_URL
value: http://cic-meta-server:80
volumeMounts:
- mountPath: /tmp/src/keys
name: pgp
readOnly: true
volumes:
#- name: pgp
# secret:
# secretName: pgp
- name: pgp
configMap:
name: pgp-meta-test
restartPolicy: Always

139
kubernetes/cic-ussd/cic-user-ussd-server-deployment.yaml Normal file
View File

@@ -0,0 +1,139 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-user-ussd-server
namespace: grassroots
labels:
app: cic-user-ussd-server
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-user-ussd-server
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-user-ussd-server
group: cic
tier: backend
spec:
containers:
- name: cic-user-ussd-server
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:master-7a3cb7ab-1627053361 # {"$imagepolicy": "flux-system:cic-ussd"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:latest
imagePullPolicy: Always
command: ["/root/start_cic_user_ussd_server.sh", "-vv"]
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 500m
memory: 250Mi
env:
- name: APP_PASSWORD_PEPPER
valueFrom:
secretKeyRef:
name: cic-ussd-secret
key: app_password_pepper
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: DATABASE_POOL_SIZE
value: "0"
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_DATABASE
value: "0"
- name: DATABASE_NAME
value: cic_ussd
- name: SERVER_PORT
value: "9000"
- name: APP_ALLOWED_IP
value: "0.0.0.0/0"
- name: CIC_META_URL
value: http://cic-meta-server:80
- name: PGP_KEYS_PATH
value: /tmp/src/keys/
- name: PGP_EXPORTS_DIR
value: /tmp/src/keys/
- name: PGP_PRIVATE_KEYS
value: privatekey.asc
- name: PGP_PASSPHRASE
value: queenmarlena # TODO move to secret
volumeMounts:
- mountPath: /tmp/src/keys
name: pgp
ports:
- containerPort: 9000
name: server
volumes:
- name: pgp
configMap:
name: pgp-meta-test
restartPolicy: Always
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-user-ussd-svc
namespace: grassroots
spec:
selector:
app: cic-user-ussd-server
type: ClusterIP
ports:
- name: server
protocol: TCP
port: 80
targetPort: 9000

15
kubernetes/cic-ussd/cic-ussd-sealedsecret.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: cic-ussd-secret
namespace: grassroots
spec:
encryptedData:
app_password_pepper: AgCrkW9x9iLDjcmmNHTopd1CXAdamuqWkiS3Tviev5OtR5d4FBw9L9Qm8P9ZsBiH9ucQSNu4XLxUuIEgyBLEPQDM5DELl+qvCmPboQ73kPxjEH4/ppqE1QnJHBFcTqfkUVDu4dBkmGPCbYAGrWqDa1bZt1Hujl+ZpWuc919nN2yxFEArs8jt8JIP2bbGKwPl21MDNP53ITtpw1euBswxUzLRcfUrw+6ghce8faFjDEnCS9NKftCwBFMQN2ddNn8aY0K1Dl/DJLTJw9c6L+3YAHzaQAkNz2I6W6ERri6Mmkc1bE1cujvftNxrWkPqh9bJD163xhMbA6vQd8rEpQelilBQpT0plcH5dj11mhAX+n3IR4Xp5kD+fwwPPgoQ5P3TJj4nfAccM/ubVVR6vLCXrO2TV56V8YgQ2pd0H3H8IJYRdU6LE9xLWdG5J32EKrhnhTNaGcFpWq3g4UUv6Fy0z7iZ8TkBce13zCiEf7AXeXzdj2KDgVW6/FBLknJoDd2m/j4GA5UC6MiKXc/X9sgHeSIOstR5nGBuYYr/12FbAPdnvV8zQzfHQsSCysciLQBqFhC5Yeepwu+UYsYCDWKGgvmC284zl52VkK2G6cXi77qcKNc6NtViZpKkJ0vRysgLLpBiDERB/NOrXef+kA6hJXsc5hqAPJjceh0XV0iT/4FA/2qq0A7qfm4meSJAxrj2PssoVQSUQmo2jopTCsa7IEq9opqy0yJaXu+dJG32IHimDLcAm1Sp0uumcd9MOg==
template:
metadata:
creationTimestamp: null
name: cic-ussd-secret
namespace: grassroots

68
kubernetes/contract-migration/contract-migration-envlist-configmap.yaml Normal file
View File

@@ -0,0 +1,68 @@
# https://kubernetes.io/docs/concepts/configuration/configmap/
kind: ConfigMap
apiVersion: v1
metadata:
name: contract-migration-envlist
namespace: grassroots
data:
envlist: |
SYNCER_LOOP_INTERVAL
SSL_ENABLE_CLIENT
SSL_CERT_FILE
SSL_KEY_FILE
SSL_PASSWORD
SSL_CA_FILE
BANCOR_DIR
REDIS_HOST
REDIS_PORT
REDIS_DB
PGP_PRIVATEKEY_FILE
PGP_PASSPHRASE
DATABASE_USER
DATABASE_PASSWORD
DATABASE_NAME
DATABASE_HOST
DATABASE_PORT
DATABASE_ENGINE
DATABASE_DRIVER
DATABASE_DEBUG
TASKS_AFRICASTALKING
TASKS_SMS_DB
TASKS_LOG
TASKS_TRACE_QUEUE_STATUS
TASKS_TRANSFER_CALLBACKS
DEV_MNEMONIC
DEV_ETH_RESERVE_ADDRESS
DEV_ETH_ACCOUNTS_INDEX_ADDRESS
DEV_ETH_RESERVE_AMOUNT
DEV_ETH_ACCOUNT_BANCOR_DEPLOYER
DEV_ETH_ACCOUNT_CONTRACT_DEPLOYER
DEV_ETH_ACCOUNT_GAS_PROVIDER
DEV_ETH_ACCOUNT_RESERVE_OWNER
DEV_ETH_ACCOUNT_RESERVE_MINTER
DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_OWNER
DEV_ETH_ACCOUNT_ACCOUNTS_INDEX_WRITER
DEV_ETH_ACCOUNT_SARAFU_OWNER
DEV_ETH_ACCOUNT_SARAFU_GIFTER
DEV_ETH_ACCOUNT_APPROVAL_ESCROW_OWNER
DEV_ETH_ACCOUNT_SINGLE_SHOT_FAUCET_OWNER
DEV_ETH_SARAFU_TOKEN_NAME
DEV_ETH_SARAFU_TOKEN_SYMBOL
DEV_ETH_SARAFU_TOKEN_DECIMALS
DEV_ETH_SARAFU_TOKEN_ADDRESS
DEV_PGP_PUBLICKEYS_ACTIVE_FILE
DEV_PGP_PUBLICKEYS_TRUSTED_FILE
DEV_PGP_PUBLICKEYS_ENCRYPT_FILE
CIC_REGISTRY_ADDRESS
CIC_APPROVAL_ESCROW_ADDRESS
CIC_TOKEN_INDEX_ADDRESS
CIC_ACCOUNTS_INDEX_ADDRESS
CIC_DECLARATOR_ADDRESS
CIC_CHAIN_SPEC
ETH_PROVIDER
ETH_ABI_DIR
SIGNER_SOCKET_PATH
SIGNER_SECRET
CELERY_BROKER_URL
CELERY_RESULT_URL
META_PROVIDER

122
kubernetes/contract-migration/contract-migration-job.yaml Normal file
View File

@@ -0,0 +1,122 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/job/
apiVersion: batch/v1
kind: Job
metadata:
name: contract-migration
namespace: grassroots
labels:
app: contract-migration
spec:
backoffLimit: 6
template:
spec:
imagePullSecrets:
- name: gitlab-internal-integration-registry
# securityContext:
# runAsUser: 1000
# runAsGroup: 1000
restartPolicy: Never
containers:
- name: contract-migration
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:master-621780e9-1618865959 # {"$imagepolicy": "flux-system:cic-contract-migration"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:latest
command: ["./run_job.sh"]
# command: ["sleep", "3600"]
env:
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_eth
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_DB
value: "0"
- name: DEV_PIP_EXTRA_INDEX_URL
value: https://pip.grassrootseconomics.net:8433
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: ETH_PROVIDER_HOST
value: bloxberg-validator.grassroots.svc.cluster.local
- name: ETH_PROVIDER_PORT
value: "8547"
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: CIC_DATA_DIR
value: /tmp/cic/config
- name: RUN_MASK
value: "3" # bit flags; 1: contract migrations 2: seed data
- name: DEV_FAUCET_AMOUNT
value: "50000000"
- name: CIC_DEFAULT_TOKEN_SYMBOL
value: GFT
- name: DEV_SARAFU_DEMURRAGE_LEVEL
value: "196454828847045000000000000000000"
- name: DEV_ETH_GAS_PRICE
value: "1"
- name: TOKEN_TYPE
value: giftable_erc20_token
- name: WALLET_KEY_FILE
value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
volumeMounts:
- mountPath: /tmp/cic/config
name: migration-output
resources:
requests:
memory: "250Mi"
cpu: "100m"
limits:
memory: "500Mi"
cpu: "250m"
volumes:
- name: migration-output
emptyDir: {}

11
kubernetes/contract-migration/contract-migration-output-configMap.yaml Normal file
View File

@@ -0,0 +1,11 @@
# https://kubernetes.io/docs/concepts/configuration/configmap/
# PURPOSE: These values are *manually* populated after execution of the contract migration container
# The contract migration pod should output these vars among the STDOUT
kind: ConfigMap
apiVersion: v1
metadata:
name: contract-migration-output
namespace: grassroots
data:
CIC_REGISTRY_ADDRESS: "0xea6225212005e86a4490018ded4bf37f3e772161"
CIC_TRUST_ADDRESS: "0xEb3907eCad74a0013c259D5874AE7f22DcBcC95C"

118
kubernetes/contract-migration/contract-seeding-job.yaml Normal file
View File

@@ -0,0 +1,118 @@
# https://kubernetes.io/docs/concepts/workloads/controllers/job/
apiVersion: batch/v1
kind: Job
metadata:
name: contract-seeding
namespace: grassroots
labels:
app: contract-seeding
spec:
backoffLimit: 0
template:
spec:
imagePullSecrets:
- name: gitlab-internal-integration-registry
# securityContext:
# runAsUser: 1000
# runAsGroup: 1000
restartPolicy: Never
containers:
- name: registry-seeder
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:master-621780e9-1618865959 # {"$imagepolicy": "flux-system:cic-contract-migration"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:latest
command: ["./run_job.sh"]
# command: ["sleep", "3600"]
env:
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS # - name: ETH_GAS_PROVIDER_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_eth
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: REDIS_DB
value: "0"
- name: DEV_PIP_EXTRA_INDEX_URL
value: https://pip.grassrootseconomics.net:8433
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: ETH_PROVIDER_HOST
value: bloxberg-validator.grassroots.svc.cluster.local
- name: ETH_PROVIDER_PORT
value: "8547"
- name: CIC_CHAIN_SPEC
value: "evm:bloxberg:8996"
- name: CIC_DATA_DIR
value: /tmp/cic/config
- name: RUN_MASK
value: "2" # bit flags; 1: contract migrations 2: seed data
- name: DEV_FAUCET_AMOUNT
value: "50000000"
- name: CIC_DEFAULT_TOKEN_SYMBOL
value: GFT
- name: DEV_SARAFU_DEMURRAGE_LEVEL
value: "196454828847045000000000000000000"
- name: DEV_ETH_GAS_PRICE
value: "1"
volumeMounts:
- mountPath: /tmp/cic/config
name: migration-output
resources:
requests:
memory: "250Mi"
cpu: "100m"
limits:
memory: "500Mi"
cpu: "250m"
volumes:
- name: migration-output
emptyDir: {}

229
kubernetes/contract-migration/data-seeding-deployment.yaml Normal file
View File

@@ -0,0 +1,229 @@
# https://kubernetes.io/docs/concepts/workloads/pods/
apiVersion: v1
kind: Deployment
metadata:
name: data-seeding
namespace: grassroots
labels:
app: data-seeding
group: cic
spec:
containers:
# This container should stay up for interactive use for now.
- name: data-seeding
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/data-seeding:latest
command: bash -c "while true; do sleep 1; done" # Infinite loop to keep container live doing nothing
resources:
requests:
cpu: 50m
memory: 200Mi
limits:
cpu: 100m
memory: 400Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_eth
- name: META_URL
value: http://cic-meta-server:80
- name: META_HOST
value: cic-meta-server
- name: META_PORT
value: "80"
- name: PGP_PRIVATE_KEY_FILE # Private key here is for enrypting data
value: privatekey.asc
- name: PGP_PUBLIC_KEY_FILE
value: publickeys.asc
- name: PGP_PASSPHRASE
value: queenmarlena # TODO move to secret
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: TOKEN_SYMBOL
value: "GFT"
- name: USER_USSD_HOST
value: cic-user-ussd-svc
- name: USER_USSD_PORT
value: "80"
- name: KEYSTORE_FILE_PATH
value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
volumeMounts:
- mountPath: /tmp/src/keys
readOnly: true
name: pgp
- moutPath: /root/out
name: out-dir
- name: data-seeding-tasker
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/data-seeding:latest
command: bash -c "while true; do sleep 1; done" # Infinite loop to keep container live doing nothing
resources:
requests:
cpu: 50m
memory: 200Mi
limits:
cpu: 100m
memory: 400Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_eth
- name: META_URL
value: http://cic-meta-server:80
- name: META_HOST
value: cic-meta-server
- name: META_PORT
value: "80"
- name: PGP_PRIVATE_KEY_FILE # Private key here is for enrypting data
value: privatekey.asc
- name: PGP_PUBLIC_KEY_FILE
value: publickeys.asc
- name: PGP_PASSPHRASE
value: queenmarlena # TODO move to secret
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: TOKEN_SYMBOL
value: "GFT"
- name: USER_USSD_HOST
value: cic-user-ussd-svc
- name: USER_USSD_PORT
value: "80"
- name: KEYSTORE_FILE_PATH
value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
volumeMounts:
- mountPath: /tmp/src/keys
readOnly: true
name: pgp
- moutPath: /root/out
name: out-dir
volumes:
- name: out-dir
emptyDir: {}
- name: pgp
configMap:
name: pgp-meta-test
restartPolicy: Never

127
kubernetes/contract-migration/data-seeding-pod.yaml Normal file
View File

@@ -0,0 +1,127 @@
# https://kubernetes.io/docs/concepts/workloads/pods/
apiVersion: v1
kind: Pod
metadata:
name: data-seeding
namespace: grassroots
labels:
app: data-seeding
group: cic
spec:
imagePullSecrets:
- name: gitlab-grassroots-registry
containers:
- name: data-seeding
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/data-seeding:latest
command: ["sleep", "360000"]
resources:
requests:
cpu: 50m
memory: 200Mi
limits:
cpu: 100m
memory: 400Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: ETH_PROVIDER
value: http://bloxberg-validator.grassroots.svc.cluster.local:8547
- name: CIC_REGISTRY_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_REGISTRY_ADDRESS
- name: CIC_TRUST_ADDRESS
valueFrom:
configMapKeyRef:
name: contract-migration-output
key: CIC_TRUST_ADDRESS
- name: CELERY_BROKER_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_BROKER_URL
- name: CELERY_RESULT_URL
valueFrom:
configMapKeyRef:
name: redis-conn-common
key: CELERY_RESULT_URL
- name: DATABASE_NAME
value: cic_eth
- name: META_URL
value: http://cic-meta-server:80
- name: META_HOST
value: cic-meta-server
- name: META_PORT
value: "80"
- name: PGP_PRIVATE_KEY_FILE # Private key here is for enrypting data
value: privatekey.asc
- name: PGP_PUBLIC_KEY_FILE
value: publickeys.asc
- name: PGP_PASSPHRASE
value: queenmarlena # TODO move to secret
- name: REDIS_HOST
value: redis-master
- name: REDIS_PORT
value: "6379"
- name: TOKEN_SYMBOL
value: "GFT"
- name: USER_USSD_HOST
value: cic-user-ussd-svc
- name: USER_USSD_PORT
value: "80"
- name: KEYSTORE_FILE_PATH
value: /root/keystore/UTC--2021-01-08T17-18-44.521011372Z--eb3907ecad74a0013c259d5874ae7f22dcbcc95c
- name: PGP_EXPORTS_DIR
value: /tmp/src/keys
- name: OUT_DIR
value: /root/out
- name: NUMBER_OF_USERS
value: "10"
volumeMounts:
- mountPath: /tmp/src/keys
readOnly: true
name: pgp
volumes:
- name: pgp
configMap:
name: pgp-meta-test
restartPolicy: Never

83
kubernetes/eth-node/bloxberg-dev-validator.yaml Normal file
View File

@@ -0,0 +1,83 @@
# See https://github.com/openethereum/openethereum/issues/7288#issuecomment-393500569
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: bloxberg-validator
namespace: grassroots
labels:
app: bloxberg-validator
spec:
replicas: 1
selector:
matchLabels:
app: bloxberg-validator
serviceName: bloxberg-validator
template:
metadata:
labels:
app: bloxberg-validator
name: bloxberg-validator
spec:
terminationGracePeriodSeconds: 20
initContainers:
- name: data-permission-fix
image: busybox
command: ["/bin/sh", "-c"]
args: [ "cp -r /keys /keys-cp ; /bin/chown -R 1000:1000 /data /keys-cp" ]
securityContext:
runAsUser: 0
volumeMounts:
- name: bloxberg-keys
mountPath: /keys/Bloxberg
- name: bloxberg-keys-cp
mountPath: /keys-cp
- name: pv
mountPath: /data
containers:
- image: parity/parity:latest
name: parity
imagePullPolicy: IfNotPresent
args: ["--config=/config/config.toml",
"--keys-path=/keys-cp/keys",
"--password=/secret/validator.pwd"]
ports:
- containerPort: 8547
- containerPort: 8548
- containerPort: 30303
resources:
requests:
cpu: "100m"
memory: "120Mi"
volumeMounts:
- name: bloxberg-keys-cp
mountPath: /keys-cp/
- name: bloxberg-keys
mountPath: /keys/Bloxberg
- name: bloxberg-validator-config
mountPath: /config
readOnly: true
- name: bloxberg-validator-secret
mountPath: /secret
readOnly: true
- name: pv
mountPath: /data
volumes:
- name: bloxberg-keys-cp
emptyDir: {}
- name: bloxberg-validator-config
configMap:
name: bloxberg-validator-config
items:
- name: bloxberg-validator-secret
secret:
secretName: bloxberg-validator-secret
- name: bloxberg-keys
secret:
secretName: bloxberg-keys
defaultMode: 0755
- name: pv
persistentVolumeClaim:
claimName: bloxberg-validator
---

15
kubernetes/eth-node/bloxberg-keys-sealedsecret.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: bloxberg-keys
namespace: grassroots
spec:
encryptedData:
UTC--2021-05-06T18-26-15Z--c083b446-591e-6a78-17ac-b8a99d92ad78: AgAOl4s5nOwdCRf46ufW23L0StYcDy+P81PtlIIsTCnpqAph7AHA/8Wa6QI6qwubUbryL9x+sfM09w6ESgdmWOAuqcLYqO8N3L538kpPWwO8I1/VSE3mv9f9SFYvT20XcVt7qWYa/BoQjt9KCQjIst5VB0qp4HjKjxWY5NWwrPv1x9r7rS+4NLWZ2FV4x+BhNB9aq3jYW+uyNoFnruFHBdKDjCSiX7HrBPEH9MNf5r+9+ND5EcMTk2Wc4WQIeDsiNcpetDkDPZx/Mz7OTwLH8EpYou80Mh/b70x5/VJgNzr5LeO5gGWVNwzgOlWVb+SaTuvnnDqzcCjXQpUqIbh7Eqy4g2ItEXvDE58EWmNqXUKPGflOGXuDT6pzwyCQfvjGGbfyQGH3nP1RFHBtm+DqtlqOcMm/qmg2AX2yGnzSJ2c3Qv+2en7Xakh6LUlHhcWxPaq9vGZOuoWKDHQOO+eDGGA6/Rm5yjZGXwTebYzoW1LZcx1ZvZl1d7AO1xt4aoFNP4/rbQPyYmKAFZmuIXz3bUSVQ3IgeKErRK35Gxx13HCb+8hWcKuXFsmEQJpaxUbFG4RWcdczrEjyYeiRs358h+YhZKYyWyeGq1SVPR0GIKCyzBBQ8cgvl4Vm6VtIMhzFWZproLLwNDjFgMoCBxz5k92uQpNlpHHS4PvQsvfSuPd0a6Iiizcm+aAxSp12B3PotAw4qTDDvY5vyfF2px0BG5YUqNNAZRzcRxNMiLqi/VKYuGBtyrCzN1vnE6bRVgFELj+dbESE096ukdPP6PEuCEpCngrdbOJSy4oS6KPmNg6gG0kgMFo8HrG2kdry632TG4vZIV8QHijuhD4CIN3WEoC7fXvn99GjY36uuRTWnseGhUxbOJWqiTgKJlaChikfSjZ/HfNeQ2f/1Pb1k7enoSFIQsiYKdMcEsuVVV6WoM7re/gm8RAXXUrz2s+rnu0VyVRxC2jpWD0r7jfneYWwgMqS8FDrraa1zUsA8wm9rA7O4fuK9ZWMhyO7JkQOzzBpN0lp7pNkyoyqgqLJNIqjH4Nhb9w3Ijx7Ajfzj2tCYxTvlLX4WyiVWUG40nSenrEoIaxYhpwNZ4+wvdCEBX3JmfSNZ6uuCn1rTb5w3Eqo0+ddFo1hbsxKF0DUTTaYZlzR6+yUSv2HpqqP2K9j83bJB+8go0WySiz0+sUdj8YLBdld/MaWocFTuewC52l1joapMsnNcvBouETwe0jHpvTBcve1TymVlzQl7s8/lpLxp8/iphqCwkvykDehV7J18VTH+zvPBL094WTkPJLv0NWsAEeUnHApjXgyzWY5PLZboL0OW4fCfU8NwlU2r8zryd6txQKeAgzyYghKvUuJ5gOs9U+fw5rdLc16xUA3QQ5qO/2zzC+XmvscQ7Fk
template:
metadata:
creationTimestamp: null
name: bloxberg-keys
namespace: grassroots

250
kubernetes/eth-node/bloxberg-validator-miner-configMap.yaml Normal file
View File

@@ -0,0 +1,250 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: bloxberg-validator-config
namespace: grassroots
data:
config.toml: |
[parity]
base_path = "/data"
chain = "/config/bloxberg.json"
[network]
port = 30303
# reserved_peers = "/config/bootnodes.txt"
nat = "none"
discovery = false
[rpc]
port = 8547
apis = ["all"]
interface = "all"
cors = ["*"]
[websockets]
disable = false
port = 8548
apis = ["all"]
interface = "all"
origins = ["*"]
[mining]
#CHANGE ENGINE SIGNER TO VALIDATOR ADDRESS
engine_signer = "0x494cc42e63f076ff7bc81043ff310255a527b377"
reseal_on_txs = "none"
force_sealing = true
min_gas_price = 1000000
gas_floor_target = "10000000"
[footprint]
tracing = "off"
[misc]
# Logging pattern (`<module>=<level>`, e.g. `own_tx=trace`).
logging = "miner=trace,own_tx=trace"
#bootnodes.txt: |
#MPDL Bootnode and Authority
# enode://a7a53baf91b612b25b84993c964beb987879bfe7430cf6acb55bd721b9c0d96ceb1849049b1dcc0aa6e86fa1e2234280581b16c1265d56644fb09085e6906034@141.5.98.231:30304
# enode://a7a53baf91b612b25b84993c964beb987879bfe7430cf6acb55bd721b9c0d96ceb1849049b1dcc0aa6e86fa1e2234280581b16c1265d56644fb09085e6906034@130.183.206.234:30304
# enode://e6b181c16d20194029c220ce886fdc7a745cb37ee655c3b41ea744ec89143db6731a1c01ff3c40b39f969079090ad34e0e3319e47b0d22a8d510ff1f7b5a9ac7@141.5.98.231:30303
# enode://e6b181c16d20194029c220ce886fdc7a745cb37ee655c3b41ea744ec89143db6731a1c01ff3c40b39f969079090ad34e0e3319e47b0d22a8d510ff1f7b5a9ac7@130.183.206.234:30303
# #GeorgiaTech
# enode://4d9e6925ef3a92315283a655e856aa29dd516172c4f38d2a8fcd58c233a2cd80c57b507fed3bf351b1ac0611e8c7fefd6fb1c49de2d0d15eb1816d43629ac4ba@3.14.148.213:30303
# #CMU
# enode://ce0154eb13c1c038017151dd1ff4d736178ffedc33f5e11fe694c247eb09279886d253c3c775486eb709a65057901e2788098f991c58e6ad26ff957a8f45253e@128.2.25.89:30303
# #UCL
# enode://e41a38d659f13d47f3d88c5178e0cfe97487d3568000b85ae3a4abbcc35404d2628cee8a7e9071b63802542bafd886447ecf1d02fc663be0534779094a3e4fd1@128.16.12.165:30303
# #Sarajevo
# enode://6959137e1c66384e82ce6d9ba7e09bb0e56817f4834416448b98f646a335168c2967760a1daa5e3ec5ac2a3401be1cd05927568cdebf49c25d4770f5bb8fbfd7@195.222.43.21:30303
# #Zurich
# enode://6173beaabd1a82d41e3615da2a755e99f3bd53e04737e2ae2f02a004c42445d8dfd1d87aadfafabc4c45a1df2a80f359ab628c93522d1dac70690a9689912bbc@129.132.178.74:30303
# #Internet Security
# enode://bc50cf41d29f346f43f84ee7d03b21cd2d4176cd759cd0d26ce04c16448d4c8611c4eab4c5543e29075c758c0afc2fd6743fa38f48dc0ed1f016efbb5c5a7654@194.94.127.78:30303
bloxberg.json: |
{
"name": "Bloxberg",
"engine": {
"authorityRound": {
"params": {
"maximumUncleCountTransition": 5006743,
"maximumUncleCount": 0,
"stepDuration": "5",
"validators": {
"list": ["0x494cc42e63f076ff7bc81043ff310255a527b377"]
}
}
}
},
"params": {
"gasLimitBoundDivisor": "0x400",
"maximumExtraDataSize": "0x20",
"minGasLimit": "0x7A1200",
"networkID": "0x2324",
"eip140Transition": "0x0",
"eip211Transition": "0x0",
"eip214Transition": "0x0",
"eip658Transition": "0x0",
"eip145Transition": 5006743,
"eip1014Transition": 5006743,
"eip1052Transition": 5006743,
"eip1283Transition": 5006743,
"eip1344Transition": 5006743,
"eip1706Transition": 5006743,
"eip1884Transition": 5006743,
"eip2028Transition": 5006743
},
"genesis": {
"seal": {
"authorityRound": {
"step": "0x0",
"signature": "0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
}
},
"difficulty": "0x20000",
"gasLimit": "0x7A1200"
},
"accounts": {
"0x0000000000000000000000000000000000000001": {
"balance": "1",
"builtin": {
"name": "ecrecover",
"pricing": {
"linear": {
"base": 3000,
"word": 0
}
}
}
},
"0x0000000000000000000000000000000000000002": {
"balance": "1",
"builtin": {
"name": "sha256",
"pricing": {
"linear": {
"base": 60,
"word": 12
}
}
}
},
"0x0000000000000000000000000000000000000003": {
"balance": "1",
"builtin": {
"name": "ripemd160",
"pricing": {
"linear": {
"base": 600,
"word": 120
}
}
}
},
"0x0000000000000000000000000000000000000004": {
"balance": "1",
"builtin": {
"name": "identity",
"pricing": {
"linear": {
"base": 15,
"word": 3
}
}
}
},
"0x0000000000000000000000000000000000000005": {
"builtin": {
"name": "modexp",
"activate_at": 0,
"pricing": {
"modexp": {
"divisor": 20
}
}
}
},
"0x0000000000000000000000000000000000000006": {
"builtin": {
"name": "alt_bn128_add",
"activate_at": 0,
"pricing": {
"alt_bn128_const_operations": {
"price": 500
}
}
}
},
"0000000000000000000000000000000000000007": {
"builtin": {
"name": "alt_bn128_mul",
"pricing": {
"0": {
"price": {
"alt_bn128_const_operations": {
"price": 40000
}
}
},
"5006743": {
"info": "Istanbul HF",
"price": {
"alt_bn128_const_operations": {
"price": 6000
}
}
}
}
}
},
"0000000000000000000000000000000000000008": {
"builtin": {
"name": "alt_bn128_pairing",
"pricing": {
"0": {
"price": {
"alt_bn128_pairing": {
"base": 100000,
"pair": 80000
}
}
},
"5006743": {
"info": "Istanbul HF",
"price": {
"alt_bn128_pairing": {
"base": 45000,
"pair": 34000
}
}
}
}
}
},
"0x0000000000000000000000000000000000000009": {
"builtin": {
"name": "blake2_f",
"pricing": {
"5006743": {
"info": "Istanbul HF",
"price": {
"blake2_f": {
"gas_per_round": 1
}
}
}
}
}
},
"0xEb3907eCad74a0013c259D5874AE7f22DcBcC95C": {
"balance": "102000000000000000000000000000000"
}
}
}

14
kubernetes/eth-node/bloxberg-validator-pvc.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bloxberg-validator
namespace: grassroots
labels:
app: bloxberg-validator
spec:
storageClassName: do-block-storage
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi

15
kubernetes/eth-node/bloxberg-validator-sealedsecret.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: bloxberg-validator-secret
namespace: grassroots
spec:
encryptedData:
validator.pwd: AgAu6Seh37ELi6AXKetNOGMZpOrzkjukS6FLCGJTzF8jsIlgoCMbZ3krLfDoJqmbidNJRxmGtHbsjHwwfCNdqkOoPDBMKdRGzPD62zro5a8Spw2hr6VtEY/dA/sRswKfwMTCgHxG7eF3SVAOwZ/kqNMSMCJWhxtFDjcwdi2F4S33lR+3Otw7Bbc5dBRSEA7UvC6DRfasx1Tmd4Tcw19W3tRtqG6CM6HgIfmACYLgQucMOZDr5MZK/MzvOngrLc4wLHTO5ilmrdZFWfpX+KhGpYPDS8sUrKjrGTfHpCHpuzdX+Q6wgfVWxK/8X3bCryG+BB4zY4FR+ETpIlaSd4RXCpVVUYdZYXi8OURFAyf/+hCEDucOFpkqSTOATu0bzU5o0Jvpx9XiGOsjYv0GfYpIoc+6Ii9pV9J4EJMxRDKgGJXfFSZPmNJuDU/0Xx+FeKk8/8f7p0C1M12CqBk/XxqveNJTiMC3cfdCULsUKYSmEbxbXjz46RIcTvsu9I3Tc2spgHpagmUnl05MnlWBswV0kQkjy1tfkO3emqzfNWLZeTN5H7B2/vmewdq/3VTROnx9IRG0fRIpkOEPWgzO9MlNfM/ltBRRhyhmbFS1wNWJqxG8IiSVLzegKC33boknmqGP+qI1nQGZ08GFWUNZMhQmRHQCQj/H5rPtzxDzNQtGM0S4ZbZjmuv4M50IM06vJvsVrps1sETbiIt7ojg=
template:
metadata:
creationTimestamp: null
name: bloxberg-validator-secret
namespace: grassroots

18
kubernetes/eth-node/bloxberg-validator-svc.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: bloxberg-validator
namespace: grassroots
spec:
selector:
app: bloxberg-validator
ports:
- name: eth-net
port: 30303
protocol: TCP
- name: rpc #TODO change to rpc
port: 8547
protocol: TCP
- name: websocket # TODO change to websocket
port: 8548
protocol: TCP

16
kubernetes/gitlab-internal-integration-registry-sealedsecret-flux.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: gitlab-internal-integration-registry
namespace: kube-system
spec:
encryptedData:
.dockerconfigjson: AgBBXZyqqPhVZ53L4avFRFQxUmH7pw+fqFQap/4tK+anHhnrbb5sBSPSBJsB4mKzmmdVpaKgrjteFLaDcukWBVLQTB8b3MOKbXB42batIy+7ev0+vpARXUDiBuqw/Suaatqi10D4X6sV+COxXEOgxtZpD9OAiTtUVXWIOHRnenWZztLjtr/LvRJFtBTYuXyj1dFo1HZ8kjDufPjE6K5rVgZNNkudKmk5tAYrIxiE7PTPyRrJ/eO6ybVqtRtahv0sXjTGWTLlUS0OksJbinprCp8mAUFddUxdo+6rX5AIUHqmIupE0KyRyNio4WB/Kkg4zsOPh96C6Gtd1NgjrCwibDxBDUIgKbWVK9b3LQ80FHSmdUC1vQfxplTt+G0zchiaP/HTHjXfrMy5f5w0k6gP5dTLL58/FJtUUF4O1CWqkr9tsPhKtvEAA1t9EIHUYGxsY7fIsUTmZe6vLT5KGD6sbjBFD2I6IHxQsKlzYwO5GBC2OGYQbbmFJZNyVVWShnEMZFRWnx283O9LewM64euJKJ5EVnuLFNOSrrljRS5gJgjS1IwyL3JqG6fzANqBfj+J8Vv3NOEkcNB2j4/1a3DIpqh2gO/ObnQn3TEtbYGCmiLtbv3S8Jx1J/Wvnz3PzwrfxoV6wxPF3qofQkALQWh5jQcj+gG/K30raYOxGFBXCAl7Ms6xmbn6wgsXy8sABXGAQsuvPie8422KeZ1J3nd3DUfzMUeGNy2clDVgDTvfttmPlPeS4RdQCQZ9tbos8TsJIKWlHGRy+77cXmqvA+QYNvmUk5CAPaGL0gWktChvdRz8VHC736OXQzEN6kKFZKNzEo0xYjRUgMCuzy0c10mE4C59FyqQi9wjqmukzaUh2lCMgxXpueGNZQHDBT6pZYlO7gYDtkgq7eyVXhcHW2xVhYh8yaQMDANAhSad6oGEqmf812tgpCq8sM4zWysX6bU+7MPRkWXTcRPJh6EtTrw2wMED8Op0pQ==
template:
metadata:
creationTimestamp: null
name: gitlab-internal-integration-registry
namespace: kube-system
type: kubernetes.io/dockerconfigjson

129
kubernetes/grassroots-ingress.yaml Normal file
View File

@@ -0,0 +1,129 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grassroots-ingress
namespace: grassroots
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-production
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-headers: "x-cic-automerge, authorization, content-type"
spec:
tls:
- hosts:
- meta-auth.dev.grassrootseconomics.net
- meta.dev.grassrootseconomics.net
- user.dev.grassrootseconomics.net
- ussd.dev.grassrootseconomics.net
- ussd-auth.dev.grassrootseconomics.net
- cache.dev.grassrootseconomics.net
- dev.grassrootseconomics.net
- cicada.dev.grassrootseconomics.net
- bloxberg-rpc.dev.grassrootseconomics.net
- bloxberg-ws.dev.grassrootseconomics.net
secretName: dev-grassrootseconomics-net-tls
rules:
- host: cicada.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-staff-client
port:
name: http
- host: dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: key-server
port:
name: http
- host: meta.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-meta-server
port:
name: http
- host: meta-auth.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-auth-proxy-meta
port:
name: http
- host: user.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-user-server-svc
port:
name: server
- host: ussd.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-user-ussd-svc
port:
name: server
- host: ussd-auth.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-auth-proxy-ussd
port:
name: http
- host: cache.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cic-cache-svc
port:
name: server
- host: bloxberg-rpc.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: bloxberg-validator
port:
name: rpc
- host: bloxberg-ws.dev.grassrootseconomics.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: bloxberg-validator
port:
name: websocket

57
kubernetes/key-server/key-server-pod.yaml Normal file
View File

@@ -0,0 +1,57 @@
# https://kubernetes.io/docs/concepts/workloads/pods/
apiVersion: v1
kind: Pod
metadata:
name: "key-server"
namespace: grassroots
labels:
app: "key-server"
spec:
imagePullSecrets:
- name: grassroots-registry-dev
containers:
- name: key-server
image: registry.gitlab.com/grassrootseconomics/devops/key-server:latest
resources:
limits:
cpu: 100m
memory: 200Mi
requests:
cpu: 50m
memory: 100Mi
ports:
- containerPort: 8080
name: http
- containerPort: 8081
name: http-internal
volumeMounts:
- name: pgp-meta-test
mountPath: "/etc/nginx/html/"
volumes:
- name: pgp-meta-test
configMap:
name: pgp-meta-test
items:
- key: publickeys.asc
path: publickeys/index.html
- key: signature.asc
path: signature/index.html
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: key-server
namespace: grassroots
spec:
selector:
app: key-server
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
- name: http-internal
port: 8081
targetPort: 8081

2
kubernetes/kustomization.yaml Normal file
View File

@@ -0,0 +1,2 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

260
kubernetes/pgp-meta-test-configmap.yaml Normal file
View File

@@ -0,0 +1,260 @@
apiVersion: v1
data:
privatekey.asc: |
-----BEGIN PGP PRIVATE KEY BLOCK-----
lQWGBGCufzABDADb+aeREhuVWeqoWyeGosQeDypDnFFPlutXUtfEBMjp05gt+zhq
o0TCmS6U5XIRTsKimEQepvuZ6MmWznv9mhSEYFNHfJkrzoQSstw7YNbzMR8hhjqV
T9xaumSbOhxKXIdioZi8xk/z4PFxxCd8V16oS3+s6/n40f1aNaz4onB8ATNoRl3g
Qn+bn4FNOpQWGEI8zXqzFQduuXwDfBJ7ZuQYlh0o8vIowml3xcJjLlRz068nYRR5
yX1MTCJmxTC028Ep/EcIi5hgsnXqAMCweYCnMCAft+7a4lVSziNQc+4lhG4hQaIO
zNUcr3iPsyGEd3/PZi+AdGStX7nnHr34b/M59LGAvtoMEXi4z6UjMEoYDKdm9GJ8
0z5CFwElj28RgVilawDufluycmfmRTY5B+1Oq6ugN30xEjgPEoGKbZHwm9+9WRek
81YV7GhgwOO7UYbSK4rsgD/B+Cse7ADXD0o9DGvULYjvD5BpMG0jdRkFBTFFZ3UN
kb4UZtILMyPQA7cAEQEAAf4HAwIUu1QuUtT4sOClIovUmBqdEwQ4uzir883YkCQ+
p2zfZVNWjnMqWv2UnVVelumWlkLXFe5eYbYVfl+VN563xZremkZp1/pxUMeH48FT
M3xb2rTulthQLydwDftq1mTmcMaXKoeoHmbEqM7AtmVTN7NnsGYZ+2bmL6JYo54V
/C9dtc4ZLrVtHkJAI2TqxebpYEzBUFM+l0G6xUo8r5SaDWCU6WEtY5zD1m86b1yT
PZ0IyvfUEOCKE9zs+gG/CjTmYrZPnLIHTeFcLuexB4OJBnJ+n4P92PJlDXNkBmSp
fyGFykRtT6rgiBmW2mu6pA52Yn9sonrYREvxIUsk57ADvTFPWQxEan94QBKVb363
ADzOaluuxlD9y30P5FgJNQGoamPlfN8haMRCjHuWjfb3KVc1E+SaEHubF532/QxN
BtujSE1O4ieymilCBHdcBOazi5+89h1zwcj2QWo9+VKnYXqIWnmH4T94d64wkPht
4rCpyWlTsAWvJTUBpoeIyofTB3uRx+nogvLBJisdaahPOyGHxmj3ARwa43WH4xZj
rkkeCSd6bCtnTIHWrscYeNkmp+yg75uW30Rs5litKYZ/TwsYrHPOVHyDax0f/mOH
4L9Jy2pT68i6AON0H57oET+lNZmfWSi9nCvoJNYkbAYuApnQM75zwgZuvPed3uAN
NxlYaWxPhL7CzyVZYPdX5LdfN1sGK1nHE38G0k82NNkNJH7Bqz55ar2cLPxDWJjD
iso4mBO/9bEOTGrpfI7EhuuQIk6pML20yD1v/Pmrqkys58gxJ8GrLucv7b1J2mB2
b1wVxi8ftcttpSni6uDjUPRoEEAOAojyuwOfNcUhq07mvjPwg2JBCi4LJsRVL7jc
jKJBa73Ez9WvgkwbW1d5w9yDEdos6MBMHZQueKrWKhOiFnToAce3PSwUh4jx3tN6
eVKkBnc/r48Q5ZvJP4JfVqq9tmO55GeXp5UYQtSIHYwAKNpxt9OdGR8qNvgMO3xu
CCibusYv6Jis4QnnFUl+KsZZLk0afq7KvXdfvBs0QNfGzd5IdGFXXa7+hwlHaRG5
j8k3T/5DjzTdE59r7PA5l5aUcN+SamkhGNaJMm4TRSJBGwxUkvX3rSfinA8WCh19
8BSoFMWSYP18CEDsHqZKs9QgKTFx+KiYmh/nAcTZrSrgLWCz0Bzox097zUurwDs9
ZBtcZonVBnUOYX/YT1oqSVXJEpynZ5HfdkZ4l2jfp3ixMeuE4gJvELzOA2Y8FaM/
oDYt+Danj1bcKNcXWKOPyW7qL1LjiD1VC5oVlhUiw32YSLh4blP5SrHQTGyetLVi
TWaTh7z2Rhyf+PGpfnUWu2Hsp1V1WdfzArRMUXVlZW4gTWFybGVuYSAoU2hlIGlz
IHRoZSBxdWVlbiBhbmQgaXMgdHJ1c3RlZCkgPHF1ZWVubWFybGVuYUBncmV5c2N1
bGwuY29tPokBzgQTAQgAOBYhBMzi4dLQ42reBAXi0JlbshgWMTvVBQJgrn8wAhsD
BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJlbshgWMTvVLqQL/jnG2Y3ua7d9
CC83VFeOkMOVkZs1Vl4/2o9fsdo2Ji4YxaozKatboJubwpO3NjLaFYQx6+C/6btm
IZ5kFVBHxDB4sw8rKfkl56DqQMKXjAyWYLcC/UNcZdfV4w0+Woj+KgL1uh1bxpiU
My7NNnxvPzo2YGMrOg0xbjhwuPuXHv0bywrJS8kFnHEz2o75afHmwIZmmzZci4Fw
pFDYxOWszFRF7XcQu0tlJj/eRzr/T9eOlhtTOs5/Fjt007TNOjBBHsF9U3zkf1AX
xn3kxFcdgbdYXEMp2uSr+sMSFqSsnm9KAqwC+RU8iG2Sv9Ff5YnOvg7CfqymGGFi
eLvplMxpqdlOpywMrhpXqT/a54vqzxeJ3axTKkg/c3T4Gek0P0IAsM6nTWa43zVm
BKhkFNdP3TuTvqQFy4ZqLFDNHCk4SfNSYW1Dei+irvcysdFb6+ZDXAYNdk0N+Ajl
rwxcQSQaA6maufgcO/sA+b7e0JOMgM2Dr5LrND4Uz16zMGYgeQQp/p0FhgRgrn8w
AQwAtwZKgIDeylKFox3edzPBTS5ZF5Rs46Wp6e+OF1ecvfbQmPV8vHPZkLrNYTt5
UODKJJLJO5hopNgJigMHmAbrXqFSZB/XrkkwfuZ6yY3Fyxa7qaSeyEdDX0SH3533
EP7vDFryZEt5bO9g1aUbPeBYamSMfrkgGdj7M+ToERuvpVV2LhgBAJeAbnk+2a0S
/Jcx873mWax/TmFLz2yO2TZFT74iMC2CyQMLPbjq/r5gaMsMzRj20jJ4+matT88X
L4lr3JkytkWx5H9G+n0kuNXmq6GTklwMXyV7XIux9iUvqhr7+cSqJFniVbiGbWTo
zfBk/rJrCCcCN+zUh+iQUtVbw4WsrBvo7Po+urlw0bbf/BptOmhQ+bICAApxVR/F
0teNe82LaFHrRXcQOm/F4cJqMPtZvBz/iOJO+nqGDgRsgUR8gA48RZdRgYxS5ePR
bWEKUhlmtyju9162CP2c24FqBuUb+nYz0F3vnRhRC9n5MO7ZjtNFkQwl6O+wJ0UA
wnqdABEBAAH+BwMCtM/xijzS4N3gHy+0b+fuxTijqtNa/w4U3efhzEByB43uK465
i/mNLD/JaAcegWEdi1kAhxJchemlxtnNYyXo00KVFoEkU8nMCwfSbuXuVDTcRHUp
7ruHgI0s+71q1M/IfVrr43UxwWNzMAahJT2Nl3NDgRSU4lPRnDAhSEknw93J/6w4
DcvOZZjvmVsxA/95S8JqO4sdPnfv/aod1+UI8s03vN17WKlvMYU4OJnfGhkw3dfI
sC7JYF/l/VrZ+rRSLsMitMRqlNJndIR4h0ph8dg/LfIhOJK8h/41MPliw1w32qyN
m1d/fQgkLBi3dTgZPIxFEjH2povCErYmzOt/axHAp8o3Fhj4leXq8noTuX5aQ7MT
Ccp9xt5bQdpTkb2ZPCS28DrKqKHOFyK9NQJe37qzoDedF5HqDECo/bE7dnYb+xZc
Wa91CTdlzWrlVRPvQ0NhnxWoUuveG5ytVWpMScQIsqt13PL4H1pDaPG6I8kHrWjJ
BW+7iVafvb6rRQCQXs3ZX56X8syDZh+wVzXsiCpojWH8ydgpltr4AjN7iCMcsHqI
Gd+OOB9DOdAbZU2xbBQ74vQZS/hfrswMdSixeOYRFCtfNqCHRrifryPSG2po+OkB
AJ+JJECvIFxLZwgMxT4AH2fDP7ULa8IDj+5oIwziGuqX6qbQQsRiExvWOOP281M7
AaVcOjeEGgc+puNxM9PzwIZWHxETi7ks2QDJQHQqD+MxdkLztqAnR+ln+hZ/WAQD
197wu4WG6OSpjaw+khMSl2tAOKZzeyhZGanC3VhFe1Z9CzWmwSgeO6aOXejFTzeE
A2ZRD9QjvdIIFj0aaLshsFcF/inO9HHRlmJMYmue4PLJYJTBvs/N4/XWdWUhMWxG
YJTBp335WtGsuqCWVZPzJb5lkcdC8yUa4FO3Z/fmHT3tKZSrvwROa7YBqDkUfhuP
64/4n1TVXcgRMA4IgEJNYt5mVVgOb8o/0G13LqoByI9/V8sHrW0TTIZPblyaoFah
BfnWekdgWzeyYJWgm+IzqVAWOgrkQAzalFuZuBF0qoYb2SDdqohNw/erTcd3CM35
dgQozqFpKeT31HRVYOjA0ZyjBllY3EYTCU5mFtfH45Ao7d2C3lbRiHzXOxS0sF0+
fIDKZXHXAnt141Ni1vNrs+WxyfJ5yMZHEQ5R0o749I67rg9x3hXnwDUw+mzibBOx
U/7xxcuRe5PkITjk2EwjkZvrM4KEHsuVvRQF7cJ9AhqYFaVZKOBGAvKJ5OGaijaF
oiKNP1vIpmCvFHS2kD8mi8oMx786f8Tks6r9gCFq+nnSbFV3W2hzzwD6825V3wMB
d28RBBk8wtyD2G5mAWQNHISJAbYEGAEIACAWIQTM4uHS0ONq3gQF4tCZW7IYFjE7
1QUCYK5/MAIbDAAKCRCZW7IYFjE71fmOC/9zly33PS50gR6kcFtN8KBgfNcwd/Yz
ZzI8A2o5nAFhcHwWH/f25hGXxbh3hGoz8NaiGFFktiefaQ+9M2Usb15OSjTeKT6H
KoBxSkn641fkV77Ed+a0rGtOhrelKviqQJtS/5509LbIpiYPpfSEw0OwlHfY7ZeA
l3PCOZHkiyOwR/hmj2gbHpbSqxSJdWftTLMUDaCTzqfSkIjkB6pTgJkLPM4eUnTL
xFP4VckDhbnj1a92AjI0BoUVRlQUKDwhquDlP4XjOmRSRZh4Yi8cQh0MDN3SR72x
wP3953xYOYanABMcANqV0wPRm1tLXORT/kQDBVsDsYATS9a5Kt4QyF6FnR16rcK5
lAqXet1/O1rvVvaJDzXnzoQOa0ORgdFcti+2pdCbwNy3LY2LvJDl+I4PDGTqk32H
/HUuCprWkcZu2dLCP0TeEVRg95wyCFc4C0G1eL6yeIKcH/l6Dp5ToLfqpaIt6LXL
HpfJD0o0eOq46T+IQlOFsqLmeqZTM7wRlwM=
=8eSx
-----END PGP PRIVATE KEY BLOCK-----
publickeys.asc: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBF+hSOgBDACpkPQEjADjnQtjmAsdPYpx5N+OMJBYj1DAoIYsDtV6vbcBJQt9
4Om3xl7RBhv9m2oLgzPsiRwjCEFRWyNSu0BUp5CFjcXfm0S4K2egx4erFnTnSSC9
S6tmVNrVNEXvScE6sKAnmJ7JNX1ExJuEiWPbUDRWJ1hoI9+AR+8EONeJRLo/j0Np
+S4IFDn0PsxdT+SB0GY0z2cEgjvjoPr4lW9IAb8Ft9TDYp+mOzejn1Fg7CuIrlBR
SAv+sj7bVQw15dh1SpbwtS5xxubCa8ExEGI4ByXmeXdR0KZJ+EA5ksO0iSsQ/6ip
SOdSg+i0niOClFNm1P/OhbUsYAxCUfiX654FMn2zoxVBEjJ3e7l0pH7ktodaxEct
PofQLBA9LSDUIejqJsU0npw/DHDD2uvxG+/A6lgV9L8ETlvgp8RzeOCf2bHuiKYY
z87txvkFwsXgU1+TZxbk+mtCBbngsVPLNarY/KGkVJL+yhcHRD0Pl4wXUd6auQuY
6vQ9AuKiCT1We2sAEQEAAbQeTWVyIE1hbiA8bWVybWFuQGdyZXlza3VsbC5jb20+
iQHUBBMBCAA+FiEE8/r2aOgu9RJNUYe67yb0aCND9pIFAl+hSOgCGwMFCQPCZwAF
CwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ7yb0aCND9pLwiwwAhFJbAyUK05TJ
KfDz81757N472STtB8sfr0auwmRr8Zs1utHRVM0b/jkjTuo4uJNr7YVVKTKgE7+r
J+pwhm3wlTQ44LVLjByWAi/7NWg3E9b2elm+qkfgm/RfFt3vkuOxGSyZyIFFh+/t
wv6iABPvr6w7MZwrFaS0UP3g1VGa5TFqg6KNxod9H/gPLxv45lutXf3VvBZTJpr1
pxn7aLHlFzEyIgNZbP/N1QF44GSrN/k0DfL631sZjauUXaZXbi5xGsKKCYwJ1g3q
587pi6mTdTV3n0hKgVuipO8hGy5++YeOv+hXsCxDwyZ+Shv+qavd/SapxYgCdEue
uwONIFfsIsWCd3SCcjKXicTTEFMu8nvBmf7xuo2hv6vEOxoijlXV+4LkGrskdB8Z
Mg8PywEx6DLmDokgnAhTLrTc1ShbkOtQ3yNjjyFK7BDpqobsJal6d8SpbhccUJLe
paSmsk0CgJsTjhAl6EwX0EYgTo3kP5fScqrbD8VwQaT8CcE4rCV4uQGNBF+hSOgB
DADHtpTT1k4x+6FN5OeURpKAaIsoPHghkJ2lb6yWmESCa+DaR6GXAKlbd0L9UMcX
LqnaCn4SpZvbf8hP4fJRgWdRl5uVN/rmyVbZLUVjM8NcVdFRIrTsNyu4mLBmydc3
iA/90sCTEOj9e7DSvxLmmLFjpwM5xXLd6z0l6+9G+woNmARXVS3V/RryFntyKC3A
TCqVlJoQBG45Tj2gMIunpadTJXWmdioooeGW3sLeUv5MM98mSB4SjKRlJqGPNjx5
lO6MmJbZeXZ/L/aO6EsXUQD2h82Wphll4rpGYWPiHTCYqZYiqNYr6E3xUpzcvWVp
3uCYVJWP6Ds117p7BoyKVz00yxC9ledF3eppktZWqFVowCMihQE3676L3DDTZsnJ
f1/8xKUh5U2Mj3lBvjlvCECKi00qo8b1mn/OklQjJ5T4WzTrH6X+/zpez8ZkmtcO
ayHdUKD/64roZ9dXbXG/hp5A+UWj8oSVYKg2QNAwAnZ+aiZ2KVRE/Y61DCgFg6Cc
x/cAEQEAAYkBvAQYAQgAJhYhBPP69mjoLvUSTVGHuu8m9GgjQ/aSBQJfoUjoAhsM
BQkDwmcAAAoJEO8m9GgjQ/aSIPcL/3jqL2A2SmC+s0BO4vMPEfCpa2gZ/vo1azzj
UieZu5WhIxb5ik0V6T75EW5F0OeZj9qXI06gW+IM8+C6ImUgaR3l47UjBiBPq+uK
O9QuT/nOtbSs2dXoTNCLMQN7MlrdUBix+lnqZZGSDgh6n/uVyAYw8Sh4c3/3thHU
iR7xzVKGxAKDT8LoVjhHshTzYuQq8MqlfvwVI4eESLaryQ+Y+j5+VLDzSLgPAnnI
qF/ui2JQjefJxm/VLoYNaPAGdqoz/u/R0Tmz94bZUfLjgQaDoUpnxYywK2JGlf3m
PZ3PNWjxJzuQTF5Ge5bz/TylnRYIyBT7KD7oaKHO62fhDbYPJ4f94iZN4B6nnTAe
P34zFDlkUbX4AHudXU7bvxT5OUk9x9c2tj7xwxQHaEhq2+JsYW0EVw27RLhbymnB
fLjVVUktNF0nQGvU2TEocw4pr2ZkDHQkSnlbNa4kujlL7VzbpnEgyOmi5er9GaIu
VSVADovBu+pz/Ov1y/3jUe8hZ/KleZkBjQRfoUkaAQwA2r2HiLvpnclyZMoeck1L
FoVyEU/CjPcYWF1B76ekO9mrlYvbKsnsyL0WcuEqwCmHdLk70i743Fn21WQK4uvv
lvrEpev9aj9DihyLctv4qrPm6wAU/Xibf75tg1iRL+muMQfv6hQhjdhwkYFx/7XQ
6UWkEibqFS7xJwrhz9lHL4KTA4sO5PeW713+mpz7tM5RmGV6NOQAyEEfAv6OawlW
k0f5o8xngIoyo2BS5qIeEBO+iz45+GG8GQC6XufOIx7VVl++ZpsxZKtDq/AXfAsk
xfLRwZMqH9Db5pPMzrL1bPV16AwoWqhAGd2HIMkODLEC5XTGIKCqO5+n288rHhAJ
TqFmE7TpAo+Eb0Tkk4jfm6LyRonmQGpu/Zxa53n5D6d+AgYWAMeHkEthWJkES4mK
pZu4nV21+n9mynnPg8wzthL705Q6IBjtlxX8EP6eeRFE1BUCNp2RZttTSdI+8iwz
YsGOJdJeeXeLOGhvU9/PLkRj9jgZLgCLAo1QGo2oxetZABEBAAG0IkJlYXN0IE1h
biA8YmVhc3RtYW5AZ3JleXNrdWxsLmNvbT6JAdQEEwEIAD4WIQT2ReBH7lvE4oJM
lNtC3JHPqKugKwUCX6FJGgIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIX
gAAKCRBC3JHPqKugK25hC/9VF1fekj0IKnrOJRUcK/Cv4RBowl60V91w27ApsoP2
awEJiFhY7qRijtkA3NKrT3tke7aTnC3yAJ8SFOmvIAC94ijb7Iv97xkG+1IIz8pv
ru9y+dzd2NnvCkts8gFF0CI/xtEME90rU3Pay9B5IyrpP++UdmSmnp3Neuwi94BZ
DfMlqkeiYOzWWSeYbmSSVfKTXeBdUuTyfRI4m/bPbh6gegOB/XdgSIrNY74D0nR3
np0I+s0IGZepK24kgBKfUPwRDk7f98PXCh29iL3xH+TBxu30WHq7xKmPoXxCRyFL
tnKF0MN5Ib276fHnJZM+hXf5i/1EPi4NLnk86e7fNI69hwiUd1msEt3VmZWe7anJ
e/1p3sSXwbQGhhGWM5K41/rQ1CZ9qD95d6wkHRSc0n4z78qxgYV73yJHinN8xIFn
PWbopPPIJbELSoM3IEpHobsj95pH4hzZAPSmDfOfLzV1G2ec1QPfWnTqUriUt7ed
Ds4//7Cczj6sRh2B6ax2diC5AY0EX6FJGgEMAMqxn5io6fWKnMz8h5THqp4gEzDu
oImapfMKbAKcxEtJmcLkvn+4ufEP/hcll66InqJHsqMOrdb+zbduCruYWpizhqCI
GSsuRu7+ZEEkQFmF5juCOV/5qKQJgZZmxSKbRtboapMRR/jmg1pvhnUG7wJOGWi7
qv+iRdsWKskDO7tUQE34+ID7IwfDZe2fbFKxf66nPlUunF8aMglsvGmtCEzm/xwj
unHnmoqZBQIzTdEXIaEwhVosbgY7A1iwOJ/gT2dcF2KJa7tygrtcbgdVzYCibynw
tlvDGXukweuYLQFsObyBG3UHRhJg61p7n344sy1U9uwCP3/pVCr9bNY9mLZpCgHF
kqxErmB8cWouQkbwnqxQFm21KtGFzjUawuKBXVtDEeA8C5Ha0sx7lw5JrX8GD3EL
60qKWjqujJsR1kyijXx1No7Xr9NWWuPoIDYH06ZoYE+j065VTRqZIGr3NjUZnqT7
s9M41roQMnKAzRBXousRXRW9dXfS5YIG4nWTlwARAQABiQG8BBgBCAAmFiEE9kXg
R+5bxOKCTJTbQtyRz6iroCsFAl+hSRoCGwwFCQPCZwAACgkQQtyRz6iroCt8igwA
gopqy+UgxJ7oTL2zvOgL1ez7bv+E/U1/7Rdy5MHwr4WF6oZRpIBlgv3GXXeIFH9b
FdDhgyPKgh+Tz24JBL+7YjUtWGe/G/pmmNK1YazB/OxrwiGFpTCyk1zhxEkhMu7H
u3LgD571K+4TUUpaPCqEeoBBg6O3T29DH1AxpWpEPGXlOrRDHYgVziEpLdUNahAj
F53auNWvya+Vc2qZwM4NFt608LLf7J5yIA2vbsvf6+gVopPE3whXESKXo08B2hC1
f3Pr9/Tgt6oIvy9/dAcTMalxRyyc42E2wX5kyzDlfhY9kqaNNfaGMZJO5g//gB7B
dtrAfo/LhWtary/YfAOtbbnMYkf+HODAPZItaIjMZngBM0c0m78YoCetAQE8uBFK
6aXmht3BZGPOwgyZpK5QT6ClYst2N9ca3tPUEfnddotKySmCEk/JWtu5/0lFl75W
zHulc7iUNGJmnUffVZyH12CjBWsTtqombHDkdEKFocavqpVcCCbKbtW5GZhuZC65
mQGNBF+hSUIBDADStlWquV7SdREZtxXBVVzdCkV1xkeHYfo2Z244W0LTwmvpbO+o
6P5GCAW2c336qWElsMO9ujeV2nuUZy3k3AtJLx19iWC+ywYVzJ8f878XAxq0ya1V
BBnfsBc7iRI3umf2JSi+fHXf9l+rJ8Zr5AkLrUo3tQoxX8xWQIfUVY481nlkOvuM
txEI6h1t+z7PWjAJsdKKdevRPApPIBGXX0iGE/98ATsLYtvh9ln26j1SrSdtKpPk
tuYve3zkphlZAdf5ReViicik6gpEdyEfIxNab6nyV8LTbSeCHe+6/cz+AEqA+cr3
K3MwriaapPzNhRV8izzGnIWChIZptGBKH5nLivfIAB/hbOgU6tM+YgUKrpJCXXA1
My2q68o2kARJxh6s0tuuT6pFEAG9RmzS3ywrPz4PAgkwrJA1uUa9fy9ngkOnQN3C
EeVQTUU55b+6zVhW1Qq8PII6AGqj1lSY9jLpjxEr3q227OlTaxfgg19x5o9rcycc
AZlQqzL2p3Z7HZ0AEQEAAbQcSGUgTWFuIDxoZW1hbkBncmV5c2t1bGwuY29tPokB
1AQTAQgAPhYhBIYPcR68MZb6cOhv9wDz8yhlQWZrBQJfoUlCAhsDBQkDwmcABQsJ
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEADz8yhlQWZrD0YMAJp6WkrSzghIgrGm
EquhUPu4n8dnaGraGxu1Om9Z6HrUvphBvm/yZMlZxYbsQRvd8DUCuQD7fScBS12W
X3AYe001REfAbj0kDAdDQ0Z8sFCeCDSBJ9ulX07FzTHH0qROcSv6NONjGYVeTFic
L2W0rATygnFzzjjSGboMq1qA8u6/5JNM7MAxJcIS0Dr8Fhdwv8TwTJrVg6ZzJDHN
8OVAUkPaciQI5lDDP5+kOVqbZZ92Ua8byxKtNACCdSsWZr2OvYyjUz4JKMp5X6yH
bDQB3vlwRkRS7Voo3pUGsdLwiBWiryklSa++DIbBemrALFLc5YnLgfCV0frPOEqs
dDwWECRxwN4r+2DjY6TYCEEDfhM2Hm7MoMx/jM4uhI4KwPdOKmHsBPVBeXqBRXz3
2NMMZg6to0HRjDapR8AkbfdC5vjiuwnDA6llmxnVtx2oPX3g8RVOIw65f8KfWzWS
fzEqhoKTccsHMMza8J1ax6T6HXkqa/Tt/B/3d7nUzp53V3luG7kBjQRfoUlCAQwA
4rFxmKwr4RAoVEqhDDWl8ecd/KQXEg0iCpkkmED6mEpPE9qAi8ORNId66E+rveS1
SsbmbqVlrN9iHphtvYqvlwwb2IkgPaFpmVSqWrQ3yzEPrL5CLAWiiEq7M4ux7pue
YKcOmv3wQSta9eMgy9jaGUXrxFl4qotCevcEsLzkKC045OdVxkL++NFsiQUSfMYO
tgGKXuBh0ycI/pOb66lY186zPT0tR+QA18uzeCizEjhCZmPIlPHjN8NOEM7ZLU4U
QrLdSrm1quhO6DvGEoO5FulvGtp5hVHdJL5oB7svzNurXB3WVjdXCnRijoaCR07A
/X9JVZY2+kRxdl6ZkuLZxb5UE6usW7pTA5DKiuFG/w6CSGZA1Dv3+yoZnjN8KhnG
mIWmEJgvddWWoaJ3wFvSAGkYa3qBLX3noV3ZCm0c/r2LBcyFGyuyddEhg9wrqWU9
vM7W/4BkTqSJdeMRlS9FD803V9GqxAJBJ1KOSFt2s6b+ekYCI/d+Buso8GPp8eUH
ABEBAAGJAbwEGAEIACYWIQSGD3EevDGW+nDob/cA8/MoZUFmawUCX6FJQgIbDAUJ
A8JnAAAKCRAA8/MoZUFma/gCC/9xkH8EF1Ka3TUa1kiBdcII4dyoX7gs/dA/os0+
fLb/iZZcG+bJZcKLma7DRiyDGXYc7nG3uPvho7/cOCUUg5P/EG5z0CDXzLbmBrk2
WlRnREmK/5NTcisCyezRMXHOxpya4pmExVMqSPGA0QbKGwdHqfbHQv2OyI3PYBKv
lN+eu6e5SEbT76AQijj5RSPcgbko24/sSqJylD1lnRocQK1p4XelosBraty4wzYS
vQY9dRD4nafxPHI3YjKiAG0I7nJDQ0d1jDaW5FP0BkMvn51SmfGsuSg1s46h9JlG
RZvS0enjBb1Ic9oBmHAWGQhlD1hvILlqIZOCdj8oWVjwmpZ7BK3/82wOdVkUxy09
IdIot+AIH+F/LA3KKgfDmjldyhXjI/HDrpmXwSUkJOBHebNLz5t1EdauF+4DY5BH
MsgtyyiYJBzRGT5pgrXMt4yCqZP+0jZwKt1Ech/Q6djIKjt+9wOGe9UB1VrzRbOS
5ymseDJcjejtMxuCOuSTN9R5KuSZAY0EYK5/MAEMANv5p5ESG5VZ6qhbJ4aixB4P
KkOcUU+W61dS18QEyOnTmC37OGqjRMKZLpTlchFOwqKYRB6m+5noyZbOe/2aFIRg
U0d8mSvOhBKy3Dtg1vMxHyGGOpVP3Fq6ZJs6HEpch2KhmLzGT/Pg8XHEJ3xXXqhL
f6zr+fjR/Vo1rPiicHwBM2hGXeBCf5ufgU06lBYYQjzNerMVB265fAN8Entm5BiW
HSjy8ijCaXfFwmMuVHPTrydhFHnJfUxMImbFMLTbwSn8RwiLmGCydeoAwLB5gKcw
IB+37triVVLOI1Bz7iWEbiFBog7M1RyveI+zIYR3f89mL4B0ZK1fuecevfhv8zn0
sYC+2gwReLjPpSMwShgMp2b0YnzTPkIXASWPbxGBWKVrAO5+W7JyZ+ZFNjkH7U6r
q6A3fTESOA8SgYptkfCb371ZF6TzVhXsaGDA47tRhtIriuyAP8H4Kx7sANcPSj0M
a9QtiO8PkGkwbSN1GQUFMUVndQ2RvhRm0gszI9ADtwARAQABtExRdWVlbiBNYXJs
ZW5hIChTaGUgaXMgdGhlIHF1ZWVuIGFuZCBpcyB0cnVzdGVkKSA8cXVlZW5tYXJs
ZW5hQGdyZXlzY3VsbC5jb20+iQHOBBMBCAA4FiEEzOLh0tDjat4EBeLQmVuyGBYx
O9UFAmCufzACGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQmVuyGBYxO9Uu
pAv+OcbZje5rt30ILzdUV46Qw5WRmzVWXj/aj1+x2jYmLhjFqjMpq1ugm5vCk7c2
MtoVhDHr4L/pu2YhnmQVUEfEMHizDysp+SXnoOpAwpeMDJZgtwL9Q1xl19XjDT5a
iP4qAvW6HVvGmJQzLs02fG8/OjZgYys6DTFuOHC4+5ce/RvLCslLyQWccTPajvlp
8ebAhmabNlyLgXCkUNjE5azMVEXtdxC7S2UmP95HOv9P146WG1M6zn8WO3TTtM06
MEEewX1TfOR/UBfGfeTEVx2Bt1hcQyna5Kv6wxIWpKyeb0oCrAL5FTyIbZK/0V/l
ic6+DsJ+rKYYYWJ4u+mUzGmp2U6nLAyuGlepP9rni+rPF4ndrFMqSD9zdPgZ6TQ/
QgCwzqdNZrjfNWYEqGQU10/dO5O+pAXLhmosUM0cKThJ81JhbUN6L6Ku9zKx0Vvr
5kNcBg12TQ34COWvDFxBJBoDqZq5+Bw7+wD5vt7Qk4yAzYOvkus0PhTPXrMwZiB5
BCn+uQGNBGCufzABDAC3BkqAgN7KUoWjHd53M8FNLlkXlGzjpanp744XV5y99tCY
9Xy8c9mQus1hO3lQ4Mokksk7mGik2AmKAweYButeoVJkH9euSTB+5nrJjcXLFrup
pJ7IR0NfRIffnfcQ/u8MWvJkS3ls72DVpRs94FhqZIx+uSAZ2Psz5OgRG6+lVXYu
GAEAl4BueT7ZrRL8lzHzveZZrH9OYUvPbI7ZNkVPviIwLYLJAws9uOr+vmBoywzN
GPbSMnj6Zq1PzxcviWvcmTK2RbHkf0b6fSS41earoZOSXAxfJXtci7H2JS+qGvv5
xKokWeJVuIZtZOjN8GT+smsIJwI37NSH6JBS1VvDhaysG+js+j66uXDRtt/8Gm06
aFD5sgIACnFVH8XS1417zYtoUetFdxA6b8Xhwmow+1m8HP+I4k76eoYOBGyBRHyA
DjxFl1GBjFLl49FtYQpSGWa3KO73XrYI/ZzbgWoG5Rv6djPQXe+dGFEL2fkw7tmO
00WRDCXo77AnRQDCep0AEQEAAYkBtgQYAQgAIBYhBMzi4dLQ42reBAXi0JlbshgW
MTvVBQJgrn8wAhsMAAoJEJlbshgWMTvV+Y4L/3OXLfc9LnSBHqRwW03woGB81zB3
9jNnMjwDajmcAWFwfBYf9/bmEZfFuHeEajPw1qIYUWS2J59pD70zZSxvXk5KNN4p
PocqgHFKSfrjV+RXvsR35rSsa06Gt6Uq+KpAm1L/nnT0tsimJg+l9ITDQ7CUd9jt
l4CXc8I5keSLI7BH+GaPaBseltKrFIl1Z+1MsxQNoJPOp9KQiOQHqlOAmQs8zh5S
dMvEU/hVyQOFuePVr3YCMjQGhRVGVBQoPCGq4OU/heM6ZFJFmHhiLxxCHQwM3dJH
vbHA/f3nfFg5hqcAExwA2pXTA9GbW0tc5FP+RAMFWwOxgBNL1rkq3hDIXoWdHXqt
wrmUCpd63X87Wu9W9okPNefOhA5rQ5GB0Vy2L7al0JvA3LctjYu8kOX4jg8MZOqT
fYf8dS4KmtaRxm7Z0sI/RN4RVGD3nDIIVzgLQbV4vrJ4gpwf+XoOnlOgt+qloi3o
tcsel8kPSjR46rjpP4hCU4WyouZ6plMzvBGXAw==
=Mjei
-----END PGP PUBLIC KEY BLOCK-----
signature.asc: |
-----BEGIN PGP SIGNATURE-----
iQGzBAABCAAdFiEEzOLh0tDjat4EBeLQmVuyGBYxO9UFAmC4Be8ACgkQmVuyGBYx
O9W36Qv/amj4XpRAZfa5VAGKWWQq7RKtAsD7cIsygenG1BYUXFWSSQc4wnnbdmZF
vizM7j9ibWwhXIJuslA9oZaH2V+8Lt+69xUhN1EEKbYKZ45Amxm5Hi23Y9myUIFF
+uvgkayLHKIFH8vy5snVsll8QmmZvwPtu/+VuUWMHMeVqSbWQmAwz1+rwTAqGbbO
bVt2cqVYPO1HQWGzc6E2S4TDUR6HZUuSSDUDL17bejMEy0cFgySxBji5p9UQXmfN
7I82QdAB5wEuUE5zFr/GdvzBpbeAiLNz7rn0uhW5zbzZVMnaRfMmVl8fR7vgveXE
ILii5JYjJ0FJbO9xRoDhOlnqvMzfLCrHtwcnUd82b9iFvlt5NiiZQDrleIqvDC9S
ntY3ZrxhhaVh6qa59hJkEASzU06i120w+1hMc+6DU1e2DjwUCbEtWaDDG6iVdD2S
13QIXmo9EgCSVsrYRGv3k8LcdZFQQ2sypP1PvktFoqPz144nw8RIqLBUFS60mj5m
JBGF3FnI
=M69r
-----END PGP SIGNATURE-----
kind: ConfigMap
metadata:
creationTimestamp: null
name: pgp-meta-test
namespace: grassroots

50
kubernetes/pgp-trusted-publickey-configmap.yaml Normal file
View File

@@ -0,0 +1,50 @@
apiVersion: v1
data:
trustedpublickey.asc: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGCufzABDADb+aeREhuVWeqoWyeGosQeDypDnFFPlutXUtfEBMjp05gt+zhq
o0TCmS6U5XIRTsKimEQepvuZ6MmWznv9mhSEYFNHfJkrzoQSstw7YNbzMR8hhjqV
T9xaumSbOhxKXIdioZi8xk/z4PFxxCd8V16oS3+s6/n40f1aNaz4onB8ATNoRl3g
Qn+bn4FNOpQWGEI8zXqzFQduuXwDfBJ7ZuQYlh0o8vIowml3xcJjLlRz068nYRR5
yX1MTCJmxTC028Ep/EcIi5hgsnXqAMCweYCnMCAft+7a4lVSziNQc+4lhG4hQaIO
zNUcr3iPsyGEd3/PZi+AdGStX7nnHr34b/M59LGAvtoMEXi4z6UjMEoYDKdm9GJ8
0z5CFwElj28RgVilawDufluycmfmRTY5B+1Oq6ugN30xEjgPEoGKbZHwm9+9WRek
81YV7GhgwOO7UYbSK4rsgD/B+Cse7ADXD0o9DGvULYjvD5BpMG0jdRkFBTFFZ3UN
kb4UZtILMyPQA7cAEQEAAbRMUXVlZW4gTWFybGVuYSAoU2hlIGlzIHRoZSBxdWVl
biBhbmQgaXMgdHJ1c3RlZCkgPHF1ZWVubWFybGVuYUBncmV5c2N1bGwuY29tPokB
zgQTAQgAOBYhBMzi4dLQ42reBAXi0JlbshgWMTvVBQJgrn8wAhsDBQsJCAcCBhUK
CQgLAgQWAgMBAh4BAheAAAoJEJlbshgWMTvVLqQL/jnG2Y3ua7d9CC83VFeOkMOV
kZs1Vl4/2o9fsdo2Ji4YxaozKatboJubwpO3NjLaFYQx6+C/6btmIZ5kFVBHxDB4
sw8rKfkl56DqQMKXjAyWYLcC/UNcZdfV4w0+Woj+KgL1uh1bxpiUMy7NNnxvPzo2
YGMrOg0xbjhwuPuXHv0bywrJS8kFnHEz2o75afHmwIZmmzZci4FwpFDYxOWszFRF
7XcQu0tlJj/eRzr/T9eOlhtTOs5/Fjt007TNOjBBHsF9U3zkf1AXxn3kxFcdgbdY
XEMp2uSr+sMSFqSsnm9KAqwC+RU8iG2Sv9Ff5YnOvg7CfqymGGFieLvplMxpqdlO
pywMrhpXqT/a54vqzxeJ3axTKkg/c3T4Gek0P0IAsM6nTWa43zVmBKhkFNdP3TuT
vqQFy4ZqLFDNHCk4SfNSYW1Dei+irvcysdFb6+ZDXAYNdk0N+AjlrwxcQSQaA6ma
ufgcO/sA+b7e0JOMgM2Dr5LrND4Uz16zMGYgeQQp/rkBjQRgrn8wAQwAtwZKgIDe
ylKFox3edzPBTS5ZF5Rs46Wp6e+OF1ecvfbQmPV8vHPZkLrNYTt5UODKJJLJO5ho
pNgJigMHmAbrXqFSZB/XrkkwfuZ6yY3Fyxa7qaSeyEdDX0SH3533EP7vDFryZEt5
bO9g1aUbPeBYamSMfrkgGdj7M+ToERuvpVV2LhgBAJeAbnk+2a0S/Jcx873mWax/
TmFLz2yO2TZFT74iMC2CyQMLPbjq/r5gaMsMzRj20jJ4+matT88XL4lr3JkytkWx
5H9G+n0kuNXmq6GTklwMXyV7XIux9iUvqhr7+cSqJFniVbiGbWTozfBk/rJrCCcC
N+zUh+iQUtVbw4WsrBvo7Po+urlw0bbf/BptOmhQ+bICAApxVR/F0teNe82LaFHr
RXcQOm/F4cJqMPtZvBz/iOJO+nqGDgRsgUR8gA48RZdRgYxS5ePRbWEKUhlmtyju
9162CP2c24FqBuUb+nYz0F3vnRhRC9n5MO7ZjtNFkQwl6O+wJ0UAwnqdABEBAAGJ
AbYEGAEIACAWIQTM4uHS0ONq3gQF4tCZW7IYFjE71QUCYK5/MAIbDAAKCRCZW7IY
FjE71fmOC/9zly33PS50gR6kcFtN8KBgfNcwd/YzZzI8A2o5nAFhcHwWH/f25hGX
xbh3hGoz8NaiGFFktiefaQ+9M2Usb15OSjTeKT6HKoBxSkn641fkV77Ed+a0rGtO
hrelKviqQJtS/5509LbIpiYPpfSEw0OwlHfY7ZeAl3PCOZHkiyOwR/hmj2gbHpbS
qxSJdWftTLMUDaCTzqfSkIjkB6pTgJkLPM4eUnTLxFP4VckDhbnj1a92AjI0BoUV
RlQUKDwhquDlP4XjOmRSRZh4Yi8cQh0MDN3SR72xwP3953xYOYanABMcANqV0wPR
m1tLXORT/kQDBVsDsYATS9a5Kt4QyF6FnR16rcK5lAqXet1/O1rvVvaJDzXnzoQO
a0ORgdFcti+2pdCbwNy3LY2LvJDl+I4PDGTqk32H/HUuCprWkcZu2dLCP0TeEVRg
95wyCFc4C0G1eL6yeIKcH/l6Dp5ToLfqpaIt6LXLHpfJD0o0eOq46T+IQlOFsqLm
eqZTM7wRlwM=
=irpP
-----END PGP PUBLIC KEY BLOCK-----
kind: ConfigMap
metadata:
creationTimestamp: null
name: pgp-trusted-publickey
namespace: grassroots

12
kubernetes/postgresql-conn-configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: postgresql-conn-common
namespace: grassroots
data:
DATABASE_USER: grassroots
DATABASE_HOST: postgresql
DATABASE_PORT: "5432"
DATABASE_ENGINE: postgres
DATABASE_DRIVER: psycopg2
DATABASE_PASSWORD: tralala

16
kubernetes/postgresql/postgres-db-sealedsecrets.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: postgres-db-secrets
namespace: grassroots
spec:
encryptedData:
postgresql-password: AgAE+2sX6nGxEeSDEZ6oOShpGqyEi0p8A1QIUNl99WBU/Dg/djdEF2F36SLcw48c2sO47/1Z4Ry4I0qk12GhVv6MPBpQYm1O8Unj822DpT1PW25G1dyRuZZjIE2zuIRoX/4Xvt+5T3Zfhan5ORFsY2H2tj4+v+I+VKdmOOICeffDCb45NPShfR8yWHTlQyvlvlukQBpyiefBTme6EDWo2658ik8Z/CvwXK49w8y+H02wJ5RMavaAplZTi0K5VibM95AiyLEVgGdrtn+ibXFdeWDaZTOgmL4XHqREbWokLHioRsje0nvp6gYZhTjFr8BAgVudbfkmxHZr4Z0EkJsPibznVbVU/gjbTk2mNvrbzoDYbVONAz5YKdCSPlY3f8+a75GfDts+nLGyiNgq2+6zAMn6FkeIGQtqJCy54vqO24wpwGBVXv+ifdBN7n8ifF7/Erd2G1Zt2zz19AQPwo9rAwdM4d2xgCR4t6lxDax2vWMlNdX9f85W6Yn52x57CxCNjqOzlnB/BUF/MnCKlO1NjZwnlzSV40W68HKNdW4XGZL03HgEeZFsgIb92cSL+blp27fn/DnL1jiSZQiktwfHSwHPJb6lYpMysjB/ST/iRTnzlQ8dQcHl+HC35/dH9YL0hU5ZXx7Qh/cRzJDT9hpPaHFVmmuiKG9ZdBICm4BOavQ+vUyRaJqXkTPDO/7SNVUM6U54H7oy2UXCZCrG
postgresql-replication-password: AgB5QMqB/htvwFHOwONjwE+Iqvu0opAQ/Wa0oKWb1Lt7oXCRF7wJ2n1xmpNIjFib3gVfGUb/hIt0nBS//B8CDYmz/WiJvylSLdStZhC7gMo6OfK7XD1BubwM2oj4/31eepBRfPMD7OkPXtFcBYpcE7nOq3I1bbbYq3uGjO0vaCozawqKG0ytMpNgcRVHLhuKY8rcIrCiqyZ/Z7DUjG4J7+HtvpBAkC9MFL1t03nEABZocwsf5AF9xzqSJsyVfJq0pmwxYPsu/tZdaUhh2dk64YBgap0VL3Xz5EzMVsu+2PKizafwOXlsxEoeEbdaxcqduVwTl9xIr6p/b+MBVMbuzV8VrsBgDStCijrRFB3Yjep5MRZrumISJG/s9/V77A1lQ2zdPk6dWRbdneScuJhYyG85zZr+B0ThwDxO7eOsL70s0fsebeVh+TVWj/rUE1bT5QDw5nXaXxAj/qx+z/c/urh+X8wmR6ztVj2IhGT4rnxtBzdKGDtpnS4Zm0IJbCaz8fI6c0YJW6Sqmvmh7GmA0j6BARugOcpkM5U8GavKBcEDPPJWPvATpZ4NJLG9yL3fddDO1hGGd0rPvxOIG8iF6fVFJlGWES7Zv8VHEDtAcP26QDjrP/mKcaXr9V/RvtSXVcN/pNCxkiWOYicMeeJ1XqWwFHELcZreBCav0aEDO+vqRIsJWewbX/8ESsOO0GaB+werenNwRXHJeCe7
template:
metadata:
creationTimestamp: null
name: postgres-db-secrets
namespace: grassroots

35
kubernetes/postgresql/postgres-helmrelease.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: postgresql
namespace: grassroots
spec:
# The interval at which to reconcile the Helm release
interval: 10m
chart:
spec:
# The name of the chart as made available by the HelmRepository
# (without any aliases)
chart: postgresql
# A fixed SemVer, or any SemVer range
# (i.e. >=4.0.0 <5.0.0)
version: 10.3.17
# The reference to the HelmRepository
sourceRef:
kind: HelmRepository
name: bitnami
# Optional, defaults to the namespace of the HelmRelease
namespace: default
values:
image:
tag: 12.5.0
existingSecret: postgres-db-secrets
postgresqlDatabase: postgres
volumePermissions: # related to permissions error on file postgres/data when pod restart
enabled: true
initdbScriptsConfigMap: postgres-initdb-scipts
initdbUser: postgres
replication:
readReplicas: 0
metrics:
enabled: true

21
kubernetes/postgresql/postgres-initdb-scripts-configMap.yaml Normal file
View File

@@ -0,0 +1,21 @@
# https://kubernetes.io/docs/concepts/configuration/configmap/
kind: ConfigMap
apiVersion: v1
metadata:
name: postgres-initdb-scipts
namespace: grassroots
data:
create_db.sql: |
CREATE ROLE common_role;
CREATE USER grassroots WITH PASSWORD 'tralala' CREATEDB;
CREATE DATABASE "cic_cache";
CREATE DATABASE "cic_eth";
CREATE DATABASE "cic_notify";
CREATE DATABASE "cic_meta";
CREATE DATABASE "cic_signer";
CREATE DATABASE "cic_ussd";
CREATE DATABASE "cic_syncer";
GRANT ALL PRIVILEGES
ON DATABASE "cic_cache", "cic_eth", "cic_notify", "cic_meta", "cic_signer", "cic_ussd", "cic_syncer"
TO grassroots;

28
kubernetes/pub-sealed-secrets.pem Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN CERTIFICATE-----
MIIErTCCApWgAwIBAgIQQ/6gWxjyWjlUu/orGmbkkTANBgkqhkiG9w0BAQsFADAA
MB4XDTIxMDQxNjEzMzk1N1oXDTMxMDQxNDEzMzk1N1owADCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBALlHzjP+WopinMhSgNRMywms5IJ4u2UuY8k6YAnZ
dVeA9wBg+dPuhLqrOgfYSCPfwK+18ZaKpNw9qOUZBr/hRyWIQZrMc5rd6IMcm7aM
35Fxs5GPigMvp6GxBd/btfUxept/Ro1egwtl7U+6w4AfHrjOAqwnOgDib8U6wK9w
3+5BlhqPia3HmjE9XzvNp0SKl+C40xv6oGQ2RmU62ESN1uB5FL0+jbmhNZk/chhd
thhNQ9jo/QqROB/VeRh8LaX7MLzC2caI1fICXE4/4Mcr+rRnqr4dljKtQHobW5/4
lgH85XqeioFHpaB1cgKg0tgHAk6/UHNThy9aMaXjn/I1s5E8ZvwshWBWw7r14+Vt
dZaGzhw4RE0RQ8ubYQTiB0b+hXQhY4OdQnAm/yCkf9XODsuxJV9Dr+9coI7ftnyt
uU0JBBi6Jg9eZdkQjO3E7hyhVUyeer0LbE6W3BHTpz5ZZjp7aiCe94Q5BpqXBmU2
3JbYjasrGr/5F9YX7sCVdTkfe9I/NzeigAEgNKf+3nxMJB+bFsJ26kDFxREYOxni
NmDFwczZmUArowDaObh6yXAKz56s2bNJApzkKmKtdq7dpErz0XPOwyPzGoKeMO2p
8MUapopuCUVW20GR7YCmuTu/xBxfT3ocAS3u3kwYvwzYLeagpl+0Sh1q+6CZBAtK
jl6FAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwIAATAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4ICAQBYtcMUaxO5yX8fsn1LPm0CAZqTeI3xjkrHGDGXDQqv
9DHElHkjvWKjNem923hKBwbPdzhKbFQg2Dy93b6LeHj0cCOSQ21bvDrfpfBK3yit
AlvtuIIn4ktuIvegCDX/e9rxeIQPz3IhrKAnK36UpnMj8L+g2fz9+HYWowiGjx7n
lCik7ang8rtpbetU1BiXaLo58bJnbjoHxuVryTkSKiPiJ9nK+K2WP7IB+Uunr4c0
MlCoFrXCEfuShzW3lFRStfc4sazv2wv3utozukmrSWr9y5PXVPQxl8CUmTGG8Bnl
51RyaldiKRQ0J7LEMv+2fanDoOAZE8gjUVu0NqNahZwK3ya186AUCyUkoVVD7Wnv
R77SdeuVw0ULn4bpy9n4iXYzRXDha/q3Y2PP5yeBN1NhggxZ6Cyj8s9KeusVw5Oz
CueAczTlU3VUHI1VEtaacIon/5yuJRz4wW7opLbv1G8kh2v1zDtpWbbb2tnj3foq
Yt8UIeAkBIW4GPClM5A/Bzv2Gl3Gijp6dDF1Tim1w/6t4C/OBlEbzWII8wvdUTwn
NBKnmgsnErkSekYuNsGYl4Ua5gu05Bef4dQ7ShAkJcbXTKKPNdTyJmv4I99wRL1l
WaKawKjnMoO71c6lHuxt/D3p0jjdnsH4BAAMlUrIQ+Jlp+JHa/xcVjAMTvij14fT
Eg==
-----END CERTIFICATE-----

8
kubernetes/redis-conn-common-configmap.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: redis-conn-common
namespace: grassroots
data:
CELERY_BROKER_URL: redis://redis-master
CELERY_RESULT_URL: redis://redis-master

29
kubernetes/redis/redis-helmrelease.yaml Normal file
View File

@@ -0,0 +1,29 @@
# hhttps://github.com/bitnami/charts/tree/master/bitnami/redis
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: redis
namespace: grassroots
spec:
# The interval at which to reconcile the Helm release
interval: 10m
chart:
spec:
# The name of the chart as made available by the HelmRepository
# (without any aliases)
chart: redis
# A fixed SemVer, or any SemVer range
# (i.e. >=4.0.0 <5.0.0)
version: 12.8.3
# The reference to the HelmRepository
sourceRef:
kind: HelmRepository
name: bitnami
# Optional, defaults to the namespace of the HelmRelease
namespace: default
values:
cluster:
slaveCount: 0
usePassword: false
metrics:
enabled: true

21
scripts/set-image.sh Executable file
View File

@@ -0,0 +1,21 @@
#! /bin/bash
set -e
cd kubernetes/
kustomize edit set image registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-cache:$TAG
kustomize edit set image registry.gitlab.com/grassrootseconomics/cic-internal-integration/bloxberg-node:$TAG
kustomize edit set image registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:$TAG
kustomize edit set image registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth:$TAG
kustomize edit set image registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-notify:$TAG
kustomize edit set image registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:$TAG
kustomize edit set image registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-ussd:$TAG
echo "kustomize set image to ${TAG? no variable TAG set}"