ee

backend/Dockerfile

@@ -13,7 +13,7 @@ RUN apt-get update -y && apt-get install -y \
     libtiff5-dev libjpeg62 libopenjp2-7-dev zlib1g-dev \
     libfreetype6-dev liblcms2-dev libwebp-dev tcl8.6-dev tk8.6-dev python3-tk \
     libharfbuzz-dev libfribidi-dev libxcb1-dev libldap2-dev libldap-2.5-0 \
-    ffmpeg libsm6 libxext6 libglib2.0-0
+    ffmpeg libsm6 libxext6 libglib2.0-0 curl
 
 ENV LIBRARY_PATH=/lib:/usr/lib
 

infrastructure/applications/pretix_arm/task_web.tf

@@ -177,6 +177,16 @@ resource "aws_ecs_task_definition" "pretix_web" {
         "traefik.http.routers.pretix-web.rule" = "Host(`${local.domain}`)"
       }
 
+      healthCheck = {
+        retries = 3
+        command = [
+          "CMD-SHELL",
+          "curl -f http://localhost/healthcheck/ || exit 1"
+        ]
+        timeout  = 3
+        interval = 10
+      }
+
       systemControls = [
         {
           "namespace" : "net.core.somaxconn",

infrastructure/applications/pretix_arm/task_worker.tf

@@ -1,131 +1,92 @@
-# resource "aws_ecs_task_definition" "pretix_web" {
-#   family = "pythonit-${terraform.workspace}-pretix"
-#   container_definitions = jsonencode([
-#     {
-#       name              = "pretix"
-#       image             = "${data.aws_ecr_repository.repo.repository_url}@${data.aws_ecr_image.image.image_digest}"
-#       memoryReservation = 200
-#       essential         = true
-#       environment = [
-#         {
-#           name  = "DATABASE_NAME"
-#           value = "pretix"
-#         },
-#         {
-#           name  = "DATABASE_USERNAME"
-#           value = data.aws_db_instance.database.master_username
-#         },
-#         {
-#           name  = "DATABASE_PASSWORD"
-#           value = module.common_secrets.value.database_password
-#         },
-#         {
-#           name  = "DATABASE_HOST"
-#           value = data.aws_db_instance.database.address
-#         },
-#         {
-#           name  = "MAIL_USER"
-#           value = module.secrets.value.mail_user
-#         },
-#         {
-#           name  = "MAIL_PASSWORD"
-#           value = module.secrets.value.mail_password
-#         },
-#         {
-#           name  = "PRETIX_SENTRY_DSN"
-#           value = module.secrets.value.sentry_dsn
-#         },
-#         {
-#           name  = "SECRET_KEY"
-#           value = module.secrets.value.secret_key
-#         },
-#         {
-#           name  = "PRETIX_REDIS_LOCATION",
-#           value = "redis://${data.aws_instance.redis.private_ip}/0"
-#         },
-#         {
-#           name  = "PRETIX_REDIS_SESSIONS",
-#           value = "false"
-#         },
-#         {
-#           name  = "PRETIX_CELERY_BROKER",
-#           value = "redis://${data.aws_instance.redis.private_ip}/1"
-#         },
-#         {
-#           name  = "PRETIX_CELERY_BACKEND",
-#           value = "redis://${data.aws_instance.redis.private_ip}/2"
-#         },
-#         {
-#           name  = "PRETIX_PRETIX_URL",
-#           value = "https://tickets.pycon.it/"
-#         },
-#         {
-#           name  = "PRETIX_PRETIX_TRUST_X_FORWARDED_PROTO",
-#           value = "true"
-#         }
-#       ]
-#       portMappings = [
-#         {
-#           containerPort = 80
-#           hostPort      = 0
-#         }
-#       ]
-#       dockerLabels = {
-#         "traefik.enable" = "true"
-#         "traefik.http.routers.backend.rule" = "Host(`tickets.pycon.it`)"
-#       }
-#       mountPoints = [
-#         {
-#           sourceVolume  = "media"
-#           containerPath = "/data/media"
-#         },
-#         {
-#           sourceVolume  = "data"
-#           containerPath = "/var/pretix-data"
-#         }
-#       ]
-#       systemControls = [
-#         {
-#           "namespace" : "net.core.somaxconn",
-#           "value" : "4096"
-#         }
-#       ]
-#       logConfiguration = {
-#         logDriver = "awslogs"
-#         options = {
-#           "awslogs-group"         = aws_cloudwatch_log_group.pretix.name
-#           "awslogs-region"        = "eu-central-1"
-#           "awslogs-stream-prefix" = "ecs"
-#         }
-#       }
-#     },
-#   ])
+resource "aws_cloudwatch_log_group" "pretix_worker" {
+  name              = "/ecs/pythonit-${terraform.workspace}-pretix-worker"
+  retention_in_days = 7
+}
 
-#   volume {
-#     name      = "media"
-#     host_path = "/var/pretix/data/media"
-#   }
+resource "aws_ecs_task_definition" "pretix_worker" {
+  family = "pythonit-${terraform.workspace}-pretix-worker"
+  container_definitions = jsonencode([
+    {
+      name              = "worker"
+      image             = "${data.aws_ecr_repository.repo.repository_url}@${data.aws_ecr_image.image.image_digest}"
+      memoryReservation = 200
+      essential         = true
+      environment       = local.env_vars
 
-#   volume {
-#     name      = "data"
-#     host_path = "/var/pretix-data"
-#   }
+      entrypoint       = ["pretix"]
+      command          = ["taskworker"]
 
-#   requires_compatibilities = []
-#   tags                     = {}
-# }
+      workingDirectory = "/pretix/src"
+      user             = "pretixuser"
 
-# resource "aws_ecs_service" "pretix_web" {
-#   name                               = "pretix-worker"
-#   cluster                            = data.aws_ecs_cluster.server.id
-#   task_definition                    = aws_ecs_task_definition.pretix_web.arn
-#   desired_count                      = 1
-#   deployment_minimum_healthy_percent = 100
-#   deployment_maximum_percent         = 200
+      healthCheck = {
+        retries = 3
+        command = [
+          "CMD-SHELL",
+          "celery -A pretix.celery_app inspect ping"
+        ]
+        timeout  = 3
+        interval = 10
+      }
 
-#   lifecycle {
-#     ignore_changes = [
-#       capacity_provider_strategy
-#     ]
-#   }
-# }
+      logConfiguration = {
+        logDriver = "awslogs"
+        options = {
+          "awslogs-group"         = aws_cloudwatch_log_group.pretix_worker.name
+          "awslogs-region"        = "eu-central-1"
+          "awslogs-stream-prefix" = "ecs"
+        }
+      }
+    },
+    {
+      name              = "cron"
+      image             = "${data.aws_ecr_repository.repo.repository_url}@${data.aws_ecr_image.image.image_digest}"
+      memoryReservation = 200
+      essential         = true
+      environment       = local.env_vars
+
+      entrypoint       = ["bash", "-c"]
+      command          = ["while true; do pretix cron; sleep 60; done"]
+
+      healthCheck = {
+        retries = 3
+        command = [
+          "CMD-SHELL",
+          "echo 1"
+        ]
+        timeout  = 3
+        interval = 10
+      }
+
+      workingDirectory = "/pretix/src"
+      user             = "pretixuser"
+
+      logConfiguration = {
+        logDriver = "awslogs"
+        options = {
+          "awslogs-group"         = aws_cloudwatch_log_group.pretix_worker.name
+          "awslogs-region"        = "eu-central-1"
+          "awslogs-stream-prefix" = "ecs"
+        }
+      }
+    },
+  ])
+
+  requires_compatibilities = []
+  tags                     = {}
+}
+
+resource "aws_ecs_service" "pretix_worker" {
+  name                               = "pretix-worker"
+  cluster                            = data.aws_ecs_cluster.server.id
+  task_definition                    = aws_ecs_task_definition.pretix_worker.arn
+  desired_count                      = 1
+  deployment_minimum_healthy_percent = 100
+  deployment_maximum_percent         = 200
+
+  lifecycle {
+    ignore_changes = [
+      capacity_provider_strategy
+    ]
+  }
+}

infrastructure/applications/pycon_backend/main.tf

@@ -1,8 +1,8 @@
 locals {
-  is_prod           = terraform.workspace == "production"
-  db_connection     = var.enable_proxy ? "postgres://${data.aws_db_instance.database.master_username}:${module.common_secrets.value.database_password}@${data.aws_db_proxy.proxy[0].endpoint}:${data.aws_db_instance.database.port}/pycon" : "postgres://${data.aws_db_instance.database.master_username}:${module.common_secrets.value.database_password}@${data.aws_db_instance.database.address}:${data.aws_db_instance.database.port}/pycon"
-  cdn_url           = local.is_prod ? "cdn.pycon.it" : "${terraform.workspace}-cdn.pycon.it"
-  web_domain = local.is_prod ? "admin.pycon.it" : "${terraform.workspace}-admin.pycon.it"
+  is_prod       = terraform.workspace == "production"
+  db_connection = var.enable_proxy ? "postgres://${data.aws_db_instance.database.master_username}:${module.common_secrets.value.database_password}@${data.aws_db_proxy.proxy[0].endpoint}:${data.aws_db_instance.database.port}/pycon" : "postgres://${data.aws_db_instance.database.master_username}:${module.common_secrets.value.database_password}@${data.aws_db_instance.database.address}:${data.aws_db_instance.database.port}/pycon"
+  cdn_url       = local.is_prod ? "cdn.pycon.it" : "${terraform.workspace}-cdn.pycon.it"
+  web_domain    = local.is_prod ? "admin.pycon.it" : "${terraform.workspace}-admin.pycon.it"
 }
 
 data "aws_vpc" "default" {
@@ -113,8 +113,8 @@ module "lambda" {
     CELERY_RESULT_BACKEND                     = local.is_prod ? "redis://${data.aws_instance.redis.private_ip}/6" : "redis://${data.aws_instance.redis.private_ip}/15"
     PLAIN_INTEGRATION_TOKEN                   = module.secrets.value.plain_integration_token
     HASHID_DEFAULT_SECRET_SALT                = module.secrets.value.hashid_default_secret_salt
-    MEDIA_FILES_STORAGE_BACKEND = "pycon.storages.CustomS3Boto3Storage"
-    SNS_WEBHOOK_SECRET = module.common_secrets.value.sns_webhook_secret
-    AWS_SES_CONFIGURATION_SET = data.aws_sesv2_configuration_set.main.configuration_set_name
+    MEDIA_FILES_STORAGE_BACKEND               = "pycon.storages.CustomS3Boto3Storage"
+    SNS_WEBHOOK_SECRET                        = module.common_secrets.value.sns_webhook_secret
+    AWS_SES_CONFIGURATION_SET                 = data.aws_sesv2_configuration_set.main.configuration_set_name
   }
 }

infrastructure/applications/pycon_backend/providers.tf

@@ -2,7 +2,6 @@ terraform {
   required_providers {
     aws = {
       source                = "hashicorp/aws"
-      version               = "5.66.0"
       configuration_aliases = [aws.us]
     }
   }

infrastructure/applications/pycon_backend/task_web.tf

@@ -25,7 +25,7 @@ resource "aws_ecs_task_definition" "backend" {
       ]
 
       dockerLabels = {
-        "traefik.enable" = "true"
+        "traefik.enable"                        = "true"
         "traefik.http.routers.backend-web.rule" = "Host(`${local.web_domain}`)"
       }
 
@@ -58,7 +58,7 @@ resource "aws_ecs_task_definition" "backend" {
         retries = 3
         command = [
           "CMD-SHELL",
-          "echo 1"
+          "curl -f http://localhost:8000/health/ || exit 1"
         ]
         timeout  = 3
         interval = 10

infrastructure/applications/pycon_backend/worker.tf → infrastructure/applications/pycon_backend/task_worker.tf

@@ -173,11 +173,11 @@ locals {
       value = module.secrets.value.hashid_default_secret_salt
     },
     {
-      name = "MEDIA_FILES_STORAGE_BACKEND",
+      name  = "MEDIA_FILES_STORAGE_BACKEND",
       value = "pycon.storages.CustomS3Boto3Storage"
     },
     {
-      name = "CLAMAV_HOST",
+      name  = "CLAMAV_HOST",
       value = module.secrets.value.clamav_host
     },
     {
@@ -192,15 +192,15 @@ locals {
       })
     },
     {
-      name = "ECS_SERVICE_ROLE",
+      name  = "ECS_SERVICE_ROLE",
       value = aws_iam_role.ecs_service.arn
     },
     {
-      name = "AWS_SES_CONFIGURATION_SET"
+      name  = "AWS_SES_CONFIGURATION_SET"
       value = data.aws_sesv2_configuration_set.main.configuration_set_name
     },
     {
-      name = "SNS_WEBHOOK_SECRET"
+      name  = "SNS_WEBHOOK_SECRET"
       value = module.common_secrets.value.sns_webhook_secret
     }
   ]
@@ -291,8 +291,8 @@ resource "aws_instance" "instance_1" {
       market_type = "spot"
 
       spot_options {
-        max_price = 0.0031
-        spot_instance_type = "persistent"
+        max_price                      = 0.0031
+        spot_instance_type             = "persistent"
         instance_interruption_behavior = "stop"
       }
     }
@@ -352,7 +352,7 @@ resource "aws_ecs_task_definition" "worker" {
         retries = 3
         command = [
           "CMD-SHELL",
-          "echo 1"
+          "celery -A pycon inspect ping"
         ]
         timeout  = 3
         interval = 10

infrastructure/applications/pycon_backend/worker_heavy_processing.tf

@@ -13,20 +13,20 @@ resource "aws_cloudwatch_log_group" "heavy_processing_worker_logs" {
 }
 
 resource "aws_ecs_task_definition" "heavy_processing_worker" {
-  family = "pythonit-${terraform.workspace}-heavy-processing-worker"
+  family                   = "pythonit-${terraform.workspace}-heavy-processing-worker"
   requires_compatibilities = ["FARGATE"]
   cpu                      = 4096
   memory                   = 16384
   network_mode             = "awsvpc"
-  execution_role_arn = aws_iam_role.worker.arn
-  task_role_arn = aws_iam_role.worker.arn
+  execution_role_arn       = aws_iam_role.worker.arn
+  task_role_arn            = aws_iam_role.worker.arn
 
   ephemeral_storage {
     size_in_gib = 21
   }
   runtime_platform {
     operating_system_family = "LINUX"
-    cpu_architecture = "ARM64"
+    cpu_architecture        = "ARM64"
   }
   container_definitions = jsonencode([
     {
@@ -83,9 +83,9 @@ resource "aws_ecs_task_definition" "heavy_processing_worker" {
   ])
 
   volume {
-    name = "storage"
+    name                = "storage"
     configure_at_launch = true
   }
 
-  tags                     = {}
+  tags = {}
 }