feat: Added redoer service. (#33)

Author: jamesiarmes

.github/actions/setup-opentofu/action.yaml

@@ -36,7 +36,8 @@ runs:
           "database_skip_final_snapshot" "deletion_protection"
           "deployment_environments" "environment" "export_expiration"
           "image_tags_mutable" "key_recovery_period" "log_level" "program"
-          "project" "region" "repository"
+          "project" "redoer_container_count" "redoer_cpu" "redoer_memory"
+          "region" "repository"
         )
         for var in ${variables[@]}; do
           name="TF_VAR_$(echo $var | tr '[:lower:]' '[:upper:]')"

.github/workflows/deploy.yaml

@@ -54,6 +54,9 @@ jobs:
       TF_VAR_LOG_LEVEL: ${{ secrets.TF_VAR_LOG_LEVEL }}
       TF_VAR_PROGRAM: ${{ secrets.TF_VAR_PROGRAM }}
       TF_VAR_PROJECT: ${{ secrets.TF_VAR_PROJECT }}
+      TF_VAR_REDOER_CONTAINER_COUNT: ${{ secrets.TF_VAR_REDOER_CONTAINER_COUNT }}
+      TF_VAR_REDOER_CPU: ${{ secrets.TF_VAR_REDOER_CPU }}
+      TF_VAR_REDOER_MEMORY: ${{ secrets.TF_VAR_REDOER_MEMORY }}
       TF_VAR_REPO_OIDC_ARN: ${{ secrets.TF_VAR_REPO_OIDC_ARN }}
       TF_VAR_REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }}
       TF_VAR_VPC_CIDR: ${{ secrets.TF_VAR_VPC_CIDR }}
@@ -105,6 +108,9 @@ jobs:
           TF_VAR_LOG_LEVEL: ${{ secrets.TF_VAR_LOG_LEVEL }}
           TF_VAR_PROJECT: ${{ secrets.TF_VAR_PROJECT }}
           TF_VAR_PROGRAM: ${{ secrets.TF_VAR_PROGRAM }}
+          TF_VAR_REDOER_CONTAINER_COUNT: ${{ secrets.TF_VAR_REDOER_CONTAINER_COUNT }}
+          TF_VAR_REDOER_CPU: ${{ secrets.TF_VAR_REDOER_CPU }}
+          TF_VAR_REDOER_MEMORY: ${{ secrets.TF_VAR_REDOER_MEMORY }}
           TF_VAR_REPO_OIDC_ARN: ${{ secrets.TF_VAR_REPO_OIDC_ARN }}
           TF_VAR_REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }}
           TF_VAR_VPC_CIDR: ${{ secrets.TF_VAR_VPC_CIDR }}

.github/workflows/plan.yaml

@@ -54,6 +54,12 @@ on:
         required: false
       TF_VAR_PROJECT:
         required: false
+      TF_VAR_REDOER_CONTAINER_COUNT:
+        required: false
+      TF_VAR_REDOER_CPU:
+        required: false
+      TF_VAR_REDOER_MEMORY:
+        required: false
       TF_VAR_REPOSITORY:
         required: false
   workflow_dispatch:
@@ -120,6 +126,9 @@ jobs:
           TF_VAR_LOG_LEVEL: ${{ secrets.TF_VAR_LOG_LEVEL }}
           TF_VAR_PROJECT: ${{ secrets.TF_VAR_PROJECT }}
           TF_VAR_PROGRAM: ${{ secrets.TF_VAR_PROGRAM }}
+          TF_VAR_REDOER_CONTAINER_COUNT: ${{ secrets.TF_VAR_REDOER_CONTAINER_COUNT }}
+          TF_VAR_REDOER_CPU: ${{ secrets.TF_VAR_REDOER_CPU }}
+          TF_VAR_REDOER_MEMORY: ${{ secrets.TF_VAR_REDOER_MEMORY }}
           TF_VAR_REPO_OIDC_ARN: ${{ secrets.TF_VAR_REPO_OIDC_ARN }}
           TF_VAR_REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }}
           TF_VAR_VPC_CIDR: ${{ secrets.TF_VAR_VPC_CIDR }}

.github/workflows/pull-request.yaml

@@ -77,6 +77,9 @@ jobs:
       TF_VAR_KEY_RECOVERY_PERIOD: ${{ secrets.TF_VAR_KEY_RECOVERY_PERIOD }}
       TF_VAR_LOG_LEVEL: ${{ secrets.TF_VAR_LOG_LEVEL }}
       TF_VAR_PROGRAM: ${{ secrets.TF_VAR_PROGRAM }}
+      TF_VAR_REDOER_CONTAINER_COUNT: ${{ secrets.TF_VAR_REDOER_CONTAINER_COUNT }}
+      TF_VAR_REDOER_CPU: ${{ secrets.TF_VAR_REDOER_CPU }}
+      TF_VAR_REDOER_MEMORY: ${{ secrets.TF_VAR_REDOER_MEMORY }}
       TF_VAR_REPO_OIDC_ARN: ${{ secrets.TF_VAR_REPO_OIDC_ARN }}
       TF_VAR_REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }}
       TF_VAR_VPC_CIDR: ${{ secrets.TF_VAR_VPC_CIDR }}

Dockerfile.redoer

@@ -21,6 +21,10 @@ ENV PYTHONPATH=/opt/senzing/er/sdk/python:/app
 # Flush buffer - helps with print statements.
 ENV PYTHONUNBUFFERED=1
 
+# Define volumes necessary to support a read-only root filesystem on ECS
+# Fargate.
+VOLUME ["/home/senzing", "/var/lib/amazon", "/var/log"]
+
 HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 CMD ./healthcheck.sh redoer.py || exit 1
 
 CMD ["python3", "redoer.py"]

tofu/config/service/main.tf

@@ -24,20 +24,23 @@ module "system" {
   key_recovery_period = var.key_recovery_period
   logging_bucket      = module.inputs.values["logging/bucket"]
   logging_key_arn     = module.inputs.values["logging/key"]
+  log_level           = var.log_level
   tags                = merge({ awsApplication : module.inputs.values["application/tag"] }, var.tags)
   vpc_id              = module.inputs.values["vpc/id"]
-  database_subnets    = split(",", module.inputs.values["vpc/private_subnets"])
-  container_subnets   = split(",", module.inputs.values["vpc/private_subnets"])
 
+  database_subnets                   = split(",", module.inputs.values["vpc/private_subnets"])
   apply_database_updates_immediately = var.apply_database_updates_immediately
   database_instance_count            = var.database_instance_count
   database_skip_final_snapshot       = var.database_skip_final_snapshot
   deletion_protection                = var.deletion_protection
   image_tag                          = local.image_tag
   image_tags_mutable                 = var.image_tags_mutable
-  log_level                          = var.log_level
 
+  container_subnets        = split(",", module.inputs.values["vpc/private_subnets"])
   consumer_container_count = var.consumer_container_count
   consumer_cpu             = var.consumer_cpu
   consumer_memory          = var.consumer_memory
+  redoer_container_count   = var.redoer_container_count
+  redoer_cpu               = var.redoer_cpu
+  redoer_memory            = var.redoer_memory
 }

tofu/config/service/variables.tf

@@ -103,6 +103,24 @@ variable "project" {
   default     = "sqs-senzing"
 }
 
+variable "redoer_container_count" {
+  type        = number
+  description = "Desired number of redoer containers to run."
+  default     = 1
+}
+
+variable "redoer_cpu" {
+  type        = number
+  description = "Number of virtual CPUs to allocate to each redoer container."
+  default     = 1
+}
+
+variable "redoer_memory" {
+  type        = number
+  description = "Amount of memory (in MiB) to allocate to each redoer container."
+  default     = 4096
+}
+
 variable "region" {
   type        = string
   description = "AWS region where resources should be deployed."

tofu/modules/system/ecs.tf

@@ -121,6 +121,42 @@ module "consumer" {
   tags = var.tags
 }
 
+module "redoer" {
+  source     = "../persistent_service"
+  depends_on = [aws_iam_policy.secrets]
+
+  project                = var.project
+  environment            = var.environment
+  service                = "redoer"
+  image_tag              = var.image_tag
+  image_tags_mutable     = var.image_tags_mutable
+  force_delete           = !var.deletion_protection
+  container_key_arn      = aws_kms_key.container.arn
+  logging_key_id         = var.logging_key_arn
+  otel_ssm_parameter_arn = module.otel_config.ssm_parameter_arn
+  execution_policies     = [aws_iam_policy.secrets.arn]
+  task_policies          = [aws_iam_policy.queue.arn]
+  security_groups        = [module.task_security_group.security_group_id]
+  cluster_arn            = module.ecs.arn
+  container_subnets      = var.container_subnets
+  desired_containers     = var.redoer_container_count
+  cpu                    = var.redoer_cpu
+  memory                 = var.redoer_memory
+  dockerfile             = "Dockerfile.redoer"
+  docker_context         = "${path.module}/../../../"
+
+  environment_variables = {
+    LOG_LEVEL : var.log_level
+    Q_URL : module.sqs.queue_url
+  }
+
+  environment_secrets = {
+    SENZING_ENGINE_CONFIGURATION_JSON = module.senzing_config.ssm_parameter_arn
+  }
+
+  tags = var.tags
+}
+
 module "exporter" {
   source     = "../ephemeral_service"
   depends_on = [aws_iam_policy.exports, aws_iam_policy.secrets]

tofu/modules/system/variables.tf

@@ -157,6 +157,24 @@ variable "project" {
   default     = "sqs-senzing"
 }
 
+variable "redoer_container_count" {
+  type        = number
+  description = "Desired number of redoer containers to run."
+  default     = 1
+}
+
+variable "redoer_cpu" {
+  type        = number
+  description = "Number of virtual CPUs to allocate to each redoer container."
+  default     = 1
+}
+
+variable "redoer_memory" {
+  type        = number
+  description = "Amount of memory (in MiB) to allocate to each redoer container."
+  default     = 4096
+}
+
 variable "tags" {
   type        = map(string)
   description = "Tags to apply to resources."