Merge pull request #2455 from ahhda/automated-deployments

DevOps - Make RPC node accessible over TLS endpoint

devops/infrastructure/deploy-infra.sh

@@ -45,6 +45,9 @@ aws cloudformation deploy \
 
 # If the deploy succeeded, get the IP, create inventory and configure the created instances
 if [ $? -eq 0 ]; then
+  # Install additional Ansible roles from requirements
+  ansible-galaxy install -r requirements.yml
+
   VALIDATORS=$(aws cloudformation list-exports \
     --profile $CLI_PROFILE \
     --query "Exports[?starts_with(Name,'${NEW_STACK_NAME}PublicIp')].Value" \

devops/infrastructure/main.yml

@@ -51,6 +51,14 @@ Resources:
           FromPort: 9944
           ToPort: 9944
           CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: 30333
+          ToPort: 30333
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: 443
+          ToPort: 443
+          CidrIp: 0.0.0.0/0
         - IpProtocol: tcp
           FromPort: 22
           ToPort: 22

devops/infrastructure/requirements.yml

@@ -0,0 +1,3 @@
+---
+roles:
+- caddy_ansible.caddy_ansible

devops/infrastructure/roles/rpc/tasks/main.yml

@@ -20,3 +20,18 @@
     name: joystream-node
     state: started
   become: yes
+
+- name: Install and configure Caddy
+  include_role:
+    name: caddy_ansible.caddy_ansible
+    apply:
+      become: yes
+  vars:
+    caddy_config: "{{ lookup('template', 'templates/Caddyfile.j2') }}"
+    caddy_systemd_capabilities_enabled: true
+    ws_rpc: "{{ inventory_hostname }}.nip.io/ws-rpc"
+    http_rpc: "{{ inventory_hostname }}.nip.io/http-rpc"
+
+- name: Print RPC node DNS
+  debug:
+    msg: "RPC Endpoint: wss://{{ inventory_hostname }}.nip.io/ws-rpc"

devops/infrastructure/roles/rpc/templates/Caddyfile.j2

@@ -0,0 +1,7 @@
+{{ ws_rpc }} {
+    reverse_proxy localhost:9944
+}
+
+{{ http_rpc }} {
+    reverse_proxy localhost:9933
+}