input-output-hk/bitte input-output-hk/bitte

  • Stars
    star
    151
  • Rank 237,235 (Top 5 %)
  • Language
    Nix
  • License
    Apache License 2.0
  • Created almost 4 years ago
  • Updated 9 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
input-output-hk/bitte
github

input-output-hk

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Nix Ops for Terraform, Consul, Vault, Nomad

Bitte

Bitte is designed to run Nomad tasks large-scale on AWS.

Overview

The current stack consists of:

Provisioning and deployment is done with Nix and Hashicorp Terraform. The Terraform configuration consists of JSON generated by Nix.

The project is structured into clusters, modules, profiles, and jobs.

Cluster instances import profiles, that configure modules. Once the cluster is deployed, Nomad jobs can be scheduled.

Each cluster contains 3 core nodes that run server instances of Consul & Vault & Nomad. Alongside the core nodes, you can specify auto-scaling groups spread across regions and availability zones that in turn host the client instances and actually run the Nomad jobs.

The Terraform configuration can be found under modules/terraform and each file specifies a Terraform workspace.

To help manage this complexity, we also provide the bitte-cli tool. Please note that this is still under heavy development and the CLI options may break in newer versions.

We haven't fully automated deployments yet, there are some manual steps involved, mostly due to inherent complexity and security:

  • Create NS entries pointing to the generated route53 zone.
  • Generate or choose a KMS key.
  • Ensure you have the necessary permissions for your IAM user.

Usage

Nix

First you'll need to have Nix installed. We're using an experimental feature called flakes which increases speed of development and deployment drastically, but still requires a bit of preparation.

To enable flake support, add the following line to ~/.config/nix/nix.conf:

experimental-features = nix-command flakes

If you don't use nixUnstable or nixFlakes system-wide yet, you can simply invoke nix-shell --run 'nix develop' to get all required dependencies in scope.

Terraform

Prerequisites

Set your cluster name in the BITTE_CLUSTER environment variable. It's also convenient to set the AWS_PROFILE and have proper default values for the region. Let's assume we want to work on the atala-testnet. Then we need to have these settings:

cat ~/.aws/config
[profile atala-testnet]
region = eu-central-1

cat ~/.aws/credentials
[atala-testnet]
aws_access_key_id=XXXXXXXXXXXXXXXXXXXX
aws_secret_access_key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

export BITTE_CLUSTER=atala-testnet
export AWS_PROFILE="$BITTE_CLUSTER"

To create new deployment from scratch, run the following commands:

bitte terraform network
bitte terraform core
bitte terraform consul
bitte terraform clients

Rebuild

This is the equivalent to nixos-rebuild. In the core workspace it will only rebuild the core instances. In the clients workspace it will include the instances in all auto-scaling groups.

The --dirty flag is used for rebuilds that use the current directory as base, and doesn't require committing all files.

bitte rebuild --dirty
bitte rebuild --dirty --only monitoring

Debugging

To establish a connection to an instance, you can use bitte ssh and pass the name. This also works in the core and clients workspaces.

bitte ssh monitoring
bitte ssh monitoring -- date

Consul

It's responsible for simple distributed KV storage, service discovery, and service mesh communication. In particular we use Consul Connect to facilitate inter-job communication in Nomad, Consul DNS for discovery, and Consul KV for Vault.

Nomad

A workload orchestrator that makes sure our jobs run as efficiently as possible.

Jobs

Nomad jobs should be stored in the jobs directory.

Administration

Vault

Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data.

secrets:

/etc/ssl/certs/ca.pem

cfssl gencert -initca | cfssljson -bare ca

/etc/ssl/certs/cert.pem

/etc/ssl/certs/cert-key.pem

  cfssl gencert \
    -ca ca.pem \
    -ca-key ca-key.pem \
    -config "${caConfigJson}" \
    -profile bootstrap \
    cert.config

/etc/ssl/certs/full.pem

/etc/consul.d/secrets.json

{
    "acl": {
        "tokens": {
            "master": "uuid"
        }
    },
    "encrypt": "consul keygen"
}

/etc/consul.d/tokens.json

{
  "acl": {
    "tokens": {
      "default": "consul generated",
      "agent": "consul generated"
    }
  }
}

/etc/nomad.d/consul-token.json

{
  "consul": {
    "token": "consul generated"
  }
}

/etc/nomad.d/secrets.json

{
  "encrypt": "nomad operator keygen"
}

More Repositories

1

cardano-sl

Cryptographic currency implementing Ouroboros PoS protocol
Haskell
3,757
star
2

cardano-node

The core component that is used to participate in a Cardano decentralised blockchain.
Haskell
2,934
star
3

plutus

The Plutus language implementation and tools
Haskell
1,472
star
4

plutus-pioneer-program

This repository hosts the lectures of the Plutus Pioneers Program. This program is a training course that the IOG Education Team provides to recruit and train software developers in Plutus, the native smart contract language for the Cardano ecosystem.
Haskell
1,385
star
5

daedalus

The open source cryptocurrency wallet for ada, built to grow with the community
TypeScript
1,227
star
6

essential-cardano

Repository for the Essential Cardano list
738
star
7

haskell.nix

Alternative Haskell Infrastructure for Nixpkgs
Nix
524
star
8

Scorex

Modular blockchain framework. Public domain
JavaScript
503
star
9

nami

Nami Wallet is a browser based wallet extension to interact with the Cardano blockchain. Support requests: https://iohk.zendesk.com/hc/en-us/requests/new
JavaScript
368
star
10

jormungandr

privacy voting blockchain node
Rust
366
star
11

plutus-apps

The Plutus application platform
Haskell
304
star
12

rust-byron-cardano

rust client libraries to deal with the current cardano mainnet (byron / cardano-sl)
Rust
276
star
13

cardano-db-sync

A component that follows the Cardano chain and stores blocks and transactions in PostgreSQL
Haskell
254
star
14

cardano-documentation

TypeScript
254
star
15

ouroboros-network

An implementation of the Ouroboros family of consensus algorithms, with its networking support
Haskell
254
star
16

hydra

Implementation of the Hydra Head protocol
Haskell
241
star
17

mantis

A Scala based client for Ethereum-like Blockchains.
Scala
227
star
18

cardano-ledger

The ledger implementation and specifications of the Cardano blockchain.
Haskell
223
star
19

cardano-js-sdk

JavaScript SDK for interacting with Cardano, providing various key management options, with support for popular hardware wallets
TypeScript
206
star
20

scrypto

Cryptographic primitives for Scala
Scala
202
star
21

plutus-starter

A starter project for Plutus apps
Nix
197
star
22

lobster-challenge

Simple Plutus contract to help give Charles' stuffed lobster a name
Haskell
177
star
23

adrestia

APIs & SDK for interacting with Cardano.
Markdown
175
star
24

marlowe

Prototype implementation of domain-specific language for the design of smart-contracts over cryptocurrencies
Isabelle
170
star
25

symphony-2

Immersive 3D Blockchain Explorer
JavaScript
127
star
26

cardano-addresses

Addresses and mnemonic manipulation & derivations
Haskell
125
star
27

iohk-ops

NixOps deployment configuration for IOHK devops
Nix
118
star
28

cardano-tutorials

ARCHIVED-This content in this repository is now located at https://docs.cardano.org/projects/cardano-node/
Makefile
114
star
29

Alonzo-testnet

repository for the Alonzo testnet
Haskell
113
star
30

mithril

Stake-based threshold multi-signatures protocol
Rust
110
star
31

stack2nix

Generate nix expressions for Haskell projects
Nix
99
star
32

iodb

Multiversioned key-value database, especially useful for blockchain
Scala
96
star
33

nix-tools

Translate Cabals Generic Package Description to a Nix expression
95
star
34

marlowe-cardano

Marlowe smart contract language Cardano implementation
Haskell
88
star
35

cardano-base

Code used throughout the Cardano eco-system
Haskell
83
star
36

cardano-byron-cli

Cardano Command Line Interface (CLI) (Deprecated)
Rust
83
star
37

lace

The Lace Wallet.
TypeScript
82
star
38

react-polymorph

React components with highly customizable logic, markup and styles.
JavaScript
79
star
39

high-assurance-legacy

Legacy code connected to the high-assurance implementation of the Ouroboros protocol family
Haskell
78
star
40

shelley-testnet

Support triage for the Shelley testnet
70
star
41

cardano-crypto

This repository provides cryptographic libraries that are used in the Byron era of the Cardano node
C
67
star
42

plutus-use-cases

Plutus Use Cases
64
star
43

cardano-ops

NixOps deployment configuration for IOHK/Cardano devops
Nix
63
star
44

iohk-nix

nix scripts shared across projects
Nix
59
star
45

cardano-rt-view

RTView: real-time watching for Cardano nodes (ARCHIVED)
Haskell
59
star
46

nix-hs-hello-windows

Cross compiling Hello World (haskell) to Windows using nix.
Nix
58
star
47

symphony

Symphony v1
JavaScript
53
star
48

spongix

Proxy for Nix Caching
Go
53
star
49

cardano-ledger-byron

A re-implementation of the Cardano ledger layer, replacing the Byron release
Haskell
52
star
50

rscoin-haskell

Haskell implementation of RSCoin
Haskell
51
star
51

cardano-node-tests

System and end-to-end (E2E) tests for cardano-node.
Python
51
star
52

project-icarus

Icarus, a reference implementation for a lightweight wallet developed by the IOHK Engineering Team.
45
star
53

cardano-rest

HTTP interfaces for interacting with the Cardano blockchain.
Haskell
44
star
54

offchain-metadata-tools

Tools for creating, submitting, and managing off-chain metadata such as multi-asset token metadata
Haskell
42
star
55

medusa

3D github repository visualiser
JavaScript
41
star
56

cicero

event-driven automation for Nomad
Go
40
star
57

nothunks

Haskell
39
star
58

bech32

Haskell implementation of the Bech32 address format (BIP 0173).
Haskell
37
star
59

foliage

🌿 Foliage is a tool to create custom Haskell package repositories, in a fully reproducible way.
Haskell
37
star
60

smash

Stakepool Metadata Aggregation Server
Haskell
36
star
61

chain-libs

blockchain libs
Rust
35
star
62

cardanodocs.com-archived

Cardano Settlement Layer Documentation
HTML
35
star
63

catalyst-core

βš™οΈ Core Catalyst Governance Engine and utilities.
Rust
35
star
64

iohk-monitoring-framework

This framework provides logging, benchmarking and monitoring.
Haskell
33
star
65

mallet

JavaScript
32
star
66

project-icarus-chrome

Icarus, a reference implementation for a lightweight wallet developed by the IOHK Engineering Team.
JavaScript
32
star
67

js-cardano-wasm

various cardano javascript using wasm bindings
Rust
31
star
68

cardano-shell

Node shell, a thin layer for running the node and it's modules.
Haskell
31
star
69

cardano-launcher

Shelley cardano-node and cardano-wallet launcher for NodeJS applications
TypeScript
31
star
70

cardano-world

Cardano world provides preprod and preview cardano networks, configuration documentation and miscellaneous automation.
Nix
30
star
71

rscoin-core

Haskell
29
star
72

io-sim

Haskell's IO simulator which closely follows core packages (base, async, stm).
Haskell
28
star
73

stakepool-management-tools

JavaScript
27
star
74

devx

The Developer Experience Shell - This repo contains a nix develop shell for haskell. Its primary purpose is to help get a development shell for haskell quickly and across multiple operating systems (and architectures).
Nix
27
star
75

cardano-haskell-packages

Metadata for Cardano's Haskell package repository
Shell
24
star
76

cardano-haskell

Top level repository for building the Cardano Haskell node and related components and dependencies.
Shell
24
star
77

quickcheck-dynamic

A library for stateful property-based testing
Haskell
23
star
78

cardano-transactions

Library utilities for constructing and signing Cardano transactions.
Haskell
23
star
79

Developer-Experience-working-group

22
star
80

psg-cardano-wallet-api

Scala client to the Cardano wallet REST API
Scala
22
star
81

pvss-haskell

Haskell
21
star
82

cardano-wallet-legacy

Official Wallet Backend & API for Cardano-SL
Haskell
21
star
83

scalanet

Scala
20
star
84

cardano-explorer

Backend solution powering the cardano-explorer. ⚠️ See disclaimer below. ⚠️
Haskell
20
star
85

formal-ledger-specifications

Formal specifications of the cardano ledger
Agda
19
star
86

marlowe-ts-sdk

Marlowe TypeScript SDK
TypeScript
19
star
87

casino

Demo / PoC / implementation of IOHK MPC protocols
Haskell
19
star
88

hackage.nix

Automatically generated Nix expressions for Hackage
19
star
89

cardano-configurations

A common place for finding / maintaining configurations of various services of the Cardano eco-system
19
star
90

js-chain-libs

chain-libs javascript SDK
Rust
18
star
91

metadata-registry-testnet

Nix
18
star
92

cardano-coin-selection

A library of algorithms for coin selection and fee balancing.
Haskell
18
star
93

ouroboros-consensus

Implementation of a Consensus Layer for the Ouroboros family of protocols
Haskell
18
star
94

sanchonet

Sources for the SanchoNet website
TypeScript
18
star
95

jormungandr-nix

jormungandr nix scripts
Nix
18
star
96

marlowe-pioneer-program

Lectures, documentation, and examples for Marlowe Pioneer Program.
Haskell
18
star
97

cardano-clusterlib-py

Python wrapper for cardano-cli for working with cardano cluster
Python
18
star
98

jortestkit

jormungandr QA
Rust
17
star
99

chain-wallet-libs

Rust
17
star
100

marlowe-starter-kit

This repository contains lessons for using Marlowe via REST and at the command line. It is meant to be used with demeter.run or with a Docker deployment of Marlowe Runtime.
Jupyter Notebook
17
star