mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-20 09:17:43 +03:00
fdde5353f4
Hoogle has been down for at least 24h accoridng to user reports. What seems to be happening is that our nixpkgs pinning is not taking effect, and the nixpkgs version of Hoogle already includes the patch we are trying to add. This confuses nix, which fails, and thus the boot sequence is broken. I've applied the minimal possible patch here (i.e. enforce the pin), which gets things running again. I've already deployed this change. We may want to look at bumping the nixpkgs snapshot. CHANGELOG_BEGIN CHANGELOG_END
317 lines
8.2 KiB
HCL
317 lines
8.2 KiB
HCL
# Copyright (c) 2021 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
resource "google_compute_network" "hoogle" {
|
|
name = "hoogle-network"
|
|
}
|
|
|
|
resource "google_compute_firewall" "hoogle" {
|
|
name = "hoogle-firewall"
|
|
network = google_compute_network.hoogle.name
|
|
target_tags = ["hoogle"]
|
|
|
|
source_ranges = ["130.211.0.0/22", "35.191.0.0/16"]
|
|
|
|
allow {
|
|
protocol = "tcp"
|
|
ports = ["8080", "8081"]
|
|
}
|
|
}
|
|
|
|
resource "google_compute_firewall" "hoogle-ssh" {
|
|
count = 0
|
|
name = "hoogle-ssh"
|
|
network = google_compute_network.hoogle.name
|
|
log_config {
|
|
metadata = "INCLUDE_ALL_METADATA"
|
|
}
|
|
allow {
|
|
protocol = "tcp"
|
|
ports = ["22"]
|
|
}
|
|
source_ranges = [
|
|
"35.194.81.56/32", # North Virginia
|
|
"35.189.40.124/32", # Sydney
|
|
"35.198.147.95/32", # Frankfurt
|
|
]
|
|
}
|
|
|
|
locals {
|
|
h_clusters = [
|
|
{
|
|
suffix = "-blue",
|
|
ubuntu_version = "2004",
|
|
size = 3,
|
|
},
|
|
{
|
|
suffix = "-green",
|
|
ubuntu_version = "2004",
|
|
size = 0,
|
|
}
|
|
]
|
|
}
|
|
|
|
resource "google_compute_instance_template" "hoogle" {
|
|
count = length(local.h_clusters)
|
|
name_prefix = "hoogle${local.h_clusters[count.index].suffix}-"
|
|
machine_type = "n1-standard-1"
|
|
tags = ["hoogle"]
|
|
labels = local.machine-labels
|
|
|
|
disk {
|
|
boot = true
|
|
disk_size_gb = 20
|
|
source_image = "ubuntu-os-cloud/ubuntu-${local.h_clusters[count.index].ubuntu_version}-lts"
|
|
}
|
|
|
|
metadata_startup_script = <<STARTUP
|
|
#! /bin/bash
|
|
set -euo pipefail
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
apt-get update
|
|
apt-get -y upgrade
|
|
### stackdriver
|
|
curl -sSL https://dl.google.com/cloudagents/install-logging-agent.sh | bash
|
|
### nginx
|
|
apt-get -y install nginx
|
|
cat > /etc/nginx/nginx.conf <<NGINX
|
|
user www-data;
|
|
worker_processes auto;
|
|
pid /run/nginx.pid;
|
|
events {
|
|
worker_connections 768;
|
|
}
|
|
http {
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
access_log /var/log/nginx/access.log;
|
|
error_log /var/log/nginx/error.log;
|
|
server {
|
|
listen 8081 default_server;
|
|
server_name _;
|
|
return 307 https://hoogle.daml.com\$request_uri;
|
|
}
|
|
}
|
|
NGINX
|
|
service nginx restart
|
|
### hoogle
|
|
apt-get -y install curl git
|
|
useradd hoogle
|
|
mkdir /home/hoogle
|
|
chown hoogle:hoogle /home/hoogle
|
|
cd /home/hoogle
|
|
mkdir /nix
|
|
chown hoogle:hoogle /nix
|
|
runuser -l hoogle <<'HOOGLE_SETUP'
|
|
curl -sSfL https://nixos.org/nix/install | sh
|
|
. /home/hoogle/.nix-profile/etc/profile.d/nix.sh
|
|
# Feel free to bump the commit, this was the latest
|
|
# # at the time of creation.
|
|
export NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs/archive/c50e680b03adecae01fdd1ea4e44c82e641de0cf.tar.gz
|
|
cat << EOF > /home/hoogle/hoogle_overlay.nix
|
|
super:
|
|
{
|
|
haskellPackages = super.haskellPackages.override {
|
|
overrides = haskellSelf: haskellSuper: {
|
|
hoogle = super.haskell.lib.appendPatch haskellSuper.hoogle
|
|
(super.fetchurl {
|
|
url = "https://patch-diff.githubusercontent.com/raw/ndmitchell/hoogle/pull/367.patch";
|
|
sha256 = "1p0xdnfjicl5zp6g0fkqjk9mgm6fqzl7sz0v5m51chzd7lwx181y";
|
|
});
|
|
};
|
|
};
|
|
}
|
|
EOF
|
|
HOOGLE_PATH=$(nix-build --no-out-link -E '((import /home/hoogle/hoogle_overlay.nix) (import <nixpkgs> {})).haskellPackages.hoogle')
|
|
mkdir -p /home/hoogle/.local/bin
|
|
ln -s $HOOGLE_PATH/bin/hoogle /home/hoogle/.local/bin/hoogle
|
|
cat > /home/hoogle/refresh-db.sh <<MAKE_DB
|
|
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
log() {
|
|
echo "[\$(date -Is)] \$1" >> /home/hoogle/cron_log.txt
|
|
}
|
|
log "Checking for new DAML version..."
|
|
cd /home/hoogle
|
|
mkdir new-daml
|
|
curl -s https://docs.daml.com/hoogle_db.tar.gz --output db.tar.gz
|
|
tar xzf db.tar.gz -C new-daml --strip-components=1
|
|
if ! diff -rq daml new-daml; then
|
|
log "New version detected. Creating database..."
|
|
rm -rf daml
|
|
mv new-daml daml
|
|
rm -f daml.hoo
|
|
/home/hoogle/.local/bin/hoogle generate --database=daml.hoo --local=daml
|
|
log "Killing running instance..."
|
|
killall hoogle || true
|
|
log "Starting new server..."
|
|
nohup /home/hoogle/.local/bin/hoogle server --database=daml.hoo --log=.log.txt --port=8080 >> out.txt &
|
|
log "New server started."
|
|
else
|
|
log "No change detected."
|
|
rm -rf new-daml
|
|
fi
|
|
log "Done."
|
|
MAKE_DB
|
|
chmod +x /home/hoogle/refresh-db.sh
|
|
./refresh-db.sh
|
|
echo "*/5 * * * * /home/hoogle/refresh-db.sh" | crontab -
|
|
echo "Successfully ran startup script."
|
|
tail -f cron_log.txt
|
|
HOOGLE_SETUP
|
|
STARTUP
|
|
|
|
network_interface {
|
|
network = google_compute_network.hoogle.name
|
|
access_config {}
|
|
}
|
|
|
|
service_account {
|
|
email = "log-writer@da-dev-gcp-daml-language.iam.gserviceaccount.com"
|
|
scopes = ["cloud-platform"]
|
|
}
|
|
|
|
scheduling {
|
|
automatic_restart = false
|
|
on_host_maintenance = "TERMINATE"
|
|
preemptible = true
|
|
}
|
|
|
|
lifecycle {
|
|
create_before_destroy = true
|
|
}
|
|
}
|
|
|
|
resource "google_compute_instance_group_manager" "hoogle" {
|
|
provider = google-beta
|
|
count = length(local.h_clusters)
|
|
name = "hoogle${local.h_clusters[count.index].suffix}"
|
|
base_instance_name = "hoogle${local.h_clusters[count.index].suffix}"
|
|
zone = local.zone
|
|
target_size = local.h_clusters[count.index].size
|
|
|
|
version {
|
|
name = "hoogle${local.h_clusters[count.index].suffix}"
|
|
instance_template = google_compute_instance_template.hoogle[count.index].self_link
|
|
}
|
|
|
|
named_port {
|
|
name = "https"
|
|
port = "8080"
|
|
}
|
|
|
|
named_port {
|
|
name = "http"
|
|
port = "8081"
|
|
}
|
|
|
|
auto_healing_policies {
|
|
health_check = google_compute_health_check.hoogle-https.self_link
|
|
|
|
# Compiling hoogle takes some time
|
|
initial_delay_sec = 600
|
|
}
|
|
|
|
update_policy {
|
|
type = "PROACTIVE"
|
|
minimal_action = "REPLACE"
|
|
max_unavailable_fixed = 1
|
|
}
|
|
}
|
|
|
|
resource "google_compute_global_address" "hoogle" {
|
|
name = "hoogle"
|
|
ip_version = "IPV4"
|
|
}
|
|
|
|
resource "google_compute_health_check" "hoogle-http" {
|
|
name = "hoogle-http"
|
|
check_interval_sec = 1
|
|
timeout_sec = 1
|
|
|
|
tcp_health_check {
|
|
port = 8081
|
|
}
|
|
}
|
|
|
|
resource "google_compute_backend_service" "hoogle-http" {
|
|
name = "hoogle-http"
|
|
health_checks = [google_compute_health_check.hoogle-http.self_link]
|
|
port_name = "http"
|
|
|
|
dynamic backend {
|
|
for_each = local.h_clusters
|
|
content {
|
|
group = google_compute_instance_group_manager.hoogle[backend.key].instance_group
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "google_compute_url_map" "hoogle-http" {
|
|
name = "hoogle-http"
|
|
default_service = google_compute_backend_service.hoogle-http.self_link
|
|
}
|
|
|
|
resource "google_compute_target_http_proxy" "hoogle-http" {
|
|
name = "hoogle-http"
|
|
url_map = google_compute_url_map.hoogle-http.self_link
|
|
}
|
|
|
|
resource "google_compute_global_forwarding_rule" "hoogle_http" {
|
|
name = "hoogle-http"
|
|
target = google_compute_target_http_proxy.hoogle-http.self_link
|
|
ip_address = google_compute_global_address.hoogle.address
|
|
port_range = "80"
|
|
}
|
|
|
|
resource "google_compute_health_check" "hoogle-https" {
|
|
name = "hoogle-https"
|
|
check_interval_sec = 1
|
|
timeout_sec = 1
|
|
|
|
tcp_health_check {
|
|
port = 8080
|
|
}
|
|
}
|
|
|
|
resource "google_compute_backend_service" "hoogle-https" {
|
|
name = "hoogle-https"
|
|
health_checks = [google_compute_health_check.hoogle-https.self_link]
|
|
port_name = "https"
|
|
|
|
dynamic backend {
|
|
for_each = local.h_clusters
|
|
content {
|
|
group = google_compute_instance_group_manager.hoogle[backend.key].instance_group
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "google_compute_url_map" "hoogle-https" {
|
|
name = "hoogle-https"
|
|
default_service = google_compute_backend_service.hoogle-https.self_link
|
|
}
|
|
|
|
resource "google_compute_target_https_proxy" "hoogle-https" {
|
|
name = "hoogle-https"
|
|
url_map = google_compute_url_map.hoogle-https.self_link
|
|
|
|
ssl_certificates = [local.ssl_certificate_hoogle]
|
|
}
|
|
|
|
resource "google_compute_global_forwarding_rule" "hoogle_https" {
|
|
name = "hoogle-https"
|
|
target = google_compute_target_https_proxy.hoogle-https.self_link
|
|
ip_address = google_compute_global_address.hoogle.address
|
|
port_range = "443"
|
|
}
|
|
|
|
output "hoogle_address" {
|
|
value = google_compute_global_address.hoogle.address
|
|
}
|