feat: Added consumer container. (#26)

Author: jamesiarmes

.github/workflows/deploy.yaml

@@ -41,6 +41,9 @@ jobs:
       AWS_REGION: ${{ secrets.AWS_REGION }}
       AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }}
       TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY: ${{ secrets.TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY }}
+      TF_VAR_CONSUMER_CONTAINER_COUNT: ${{ secrets.TF_VAR_CONSUMER_CONTAINER_COUNT }}
+      TF_VAR_CONSUMER_CPU: ${{ secrets.TF_VAR_CONSUMER_CPU }}
+      TF_VAR_CONSUMER_MEMORY: ${{ secrets.TF_VAR_CONSUMER_MEMORY }}
       TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT: ${{ secrets.TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT }}
       TF_VAR_DELETION_PROTECTION: ${{ secrets.TF_VAR_DELETION_PROTECTION }}
       TF_VAR_DEPLOYMENT_ENVIRONMENTS: ${{ secrets.TF_VAR_DEPLOYMENT_ENVIRONMENTS }}
@@ -88,6 +91,9 @@ jobs:
           # For any of these that have a value, the corresponding TF_VAR_*
           # environment variable will be set.
           APPLY_DATABASE_UPDATES_IMMEDIATELY: ${{ secrets.TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY }}
+          TF_VAR_CONSUMER_CONTAINER_COUNT: ${{ secrets.TF_VAR_CONSUMER_CONTAINER_COUNT }}
+          CONSUMER_CPU: ${{ secrets.TF_VAR_CONSUMER_CPU }}
+          CONSUMER_MEMORY: ${{ secrets.TF_VAR_CONSUMER_MEMORY }}
           DATABASE_SKIP_FINAL_SNAPSHOT: ${{ secrets.TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT }}
           DELETION_PROTECTION: ${{ secrets.TF_VAR_DELETION_PROTECTION }}
           DEPLOYMENT_ENVIRONMENTS: ${{ secrets.TF_VAR_DEPLOYMENT_ENVIRONMENTS }}
@@ -100,7 +106,8 @@ jobs:
           REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }}
         run: |
           variables=(
-            "apply_database_updates_immediately" "database_skip_final_snapshot"
+            "apply_database_updates_immediately" "consumer_container_count"
+            "consumer_cpu" "consumer_memory" "database_skip_final_snapshot"
             "deletion_protection" "deployment_environments" "environment"
             "export_expiration" "image_tags_mutable" "key_recovery_period"
             "program" "project" "repository"

.github/workflows/plan.yaml

@@ -22,6 +22,12 @@ on:
       AWS_ROLE_ARN:
       TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY:
         required: false
+      TF_VAR_CONSUMER_CONTAINER_COUNT:
+        required: false
+      TF_VAR_CONSUMER_CPU:
+        required: false
+      TF_VAR_CONSUMER_MEMORY:
+        required: false
       TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT:
         required: false
       TF_VAR_DELETION_PROTECTION:
@@ -99,6 +105,9 @@ jobs:
           # For any of these that have a value, the corresponding TF_VAR_*
           # environment variable will be set.
           APPLY_DATABASE_UPDATES_IMMEDIATELY: ${{ secrets.TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY }}
+          TF_VAR_CONSUMER_CONTAINER_COUNT: ${{ secrets.TF_VAR_CONSUMER_CONTAINER_COUNT }}
+          CONSUMER_CPU: ${{ secrets.TF_VAR_CONSUMER_CPU }}
+          CONSUMER_MEMORY: ${{ secrets.TF_VAR_CONSUMER_MEMORY }}
           DATABASE_SKIP_FINAL_SNAPSHOT: ${{ secrets.TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT }}
           DELETION_PROTECTION: ${{ secrets.TF_VAR_DELETION_PROTECTION }}
           DEPLOYMENT_ENVIRONMENTS: ${{ secrets.TF_VAR_DEPLOYMENT_ENVIRONMENTS }}
@@ -111,7 +120,8 @@ jobs:
           REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }}
         run: |
           variables=(
-            "apply_database_updates_immediately" "database_skip_final_snapshot"
+            "apply_database_updates_immediately" "consumer_container_count"
+            "consumer_cpu" "consumer_memory" "database_skip_final_snapshot"
             "deletion_protection" "deployment_environments" "environment"
             "export_expiration" "image_tags_mutable" "key_recovery_period"
             "program" "project" "repository"

.github/workflows/pull-request.yaml

@@ -67,6 +67,9 @@ jobs:
       AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }}
       TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY: ${{ secrets.TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY }}
       TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT: ${{ secrets.TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT }}
+      TF_VAR_CONSUMER_CONTAINER_COUNT: ${{ secrets.TF_VAR_CONSUMER_CONTAINER_COUNT }}
+      TF_VAR_CONSUMER_CPU: ${{ secrets.TF_VAR_CONSUMER_CPU }}
+      TF_VAR_CONSUMER_MEMORY: ${{ secrets.TF_VAR_CONSUMER_MEMORY }}
       TF_VAR_DELETION_PROTECTION: ${{ secrets.TF_VAR_DELETION_PROTECTION }}
       TF_VAR_DEPLOYMENT_ENVIRONMENTS: ${{ secrets.TF_VAR_DEPLOYMENT_ENVIRONMENTS }}
       TF_VAR_EXPORT_EXPIRATION: ${{ secrets.TF_VAR_EXPORT_EXPIRATION }}

Dockerfile.consumer

@@ -19,4 +19,8 @@ ENV PYTHONPATH=/opt/senzing/er/sdk/python:/app
 # Flush buffer - helps with print statements.
 ENV PYTHONUNBUFFERED=1
 
+# Define volumes necessary to support a read-only root filesystem on ECS
+# Fargate.
+VOLUME ["/home/senzing", "/var/lib/amazon", "/var/log"]
+
 CMD ["python3", "consumer.py"]

tofu/config/service/main.tf

@@ -34,4 +34,8 @@ module "system" {
   deletion_protection                = var.deletion_protection
   image_tag                          = var.image_tag != null ? var.image_tag : sha256(timestamp())
   image_tags_mutable                 = var.image_tags_mutable
+
+  consumer_container_count = var.consumer_container_count
+  consumer_cpu             = var.consumer_cpu
+  consumer_memory          = var.consumer_memory
 }

tofu/config/service/variables.tf

@@ -4,6 +4,24 @@ variable "apply_database_updates_immediately" {
   default     = false
 }
 
+variable "consumer_container_count" {
+  type        = number
+  description = "Desired number of consumer containers to run."
+  default     = 1
+}
+
+variable "consumer_cpu" {
+  type        = number
+  description = "Number of virtual CPUs to allocate to each consumer container."
+  default     = 1
+}
+
+variable "consumer_memory" {
+  type        = number
+  description = "Amount of memory (in MiB) to allocate to each consumer container."
+  default     = 4096
+}
+
 variable "database_skip_final_snapshot" {
   type        = bool
   description = "Whether to skip the final snapshot when the database cluster is deleted."

tofu/modules/ephemeral_service/main.tf

@@ -24,7 +24,7 @@ module "ecs_task" {
   version = "~> 5.3"
 
   name   = local.prefix
-  cpu    = var.cpu
+  cpu    = (var.cpu * 1024)
   memory = var.memory
   # TODO: These roles?
   daemon_role              = aws_iam_role.execution.arn
@@ -37,8 +37,8 @@ module "ecs_task" {
   container_definitions = jsonencode(yamldecode(templatefile(
     "${path.module}/templates/container-definitions.yaml.tftpl", {
       name              = local.prefix
-      cpu               = var.cpu - 256
-      memory            = var.memory - 512
+      cpu               = (var.cpu * 1024)
+      memory            = var.memory
       image             = "${module.ecr.repository_url}:${var.image_tag}"
       container_command = var.container_command
       container_port    = var.container_port

tofu/modules/ephemeral_service/variables.tf

@@ -17,8 +17,8 @@ variable "container_port" {
 
 variable "cpu" {
   type        = number
-  description = "CPU unit for this task."
-  default     = 512
+  description = "Number of virtual CPUs to allocate to the container."
+  default     = 1
 }
 
 variable "docker_context" {
@@ -55,6 +55,7 @@ variable "ephemeral_volumes" {
   type        = map(string)
   description = "Map of ephemeral volume names to mount paths."
   default = {
+    logs         = "/var/log"
     senzing-home = "/home/senzing"
   }
 }
@@ -91,7 +92,7 @@ variable "logging_key_id" {
 variable "memory" {
   type        = number
   description = "Memory for this task."
-  default     = 1024
+  default     = 4096
 }
 
 variable "otel_ssm_parameter_arn" {

tofu/modules/persistent_service/main.tf

@@ -0,0 +1,50 @@
+module "task" {
+  source = "../ephemeral_service"
+
+  project                  = var.project
+  service                  = var.service
+  image_tag                = var.image_tag
+  image_tags_mutable       = var.image_tags_mutable
+  force_delete             = var.force_delete
+  memory                   = var.memory
+  otel_ssm_parameter_arn   = var.otel_ssm_parameter_arn
+  otel_log_level           = var.otel_log_level
+  logging_key_id           = var.logging_key_id
+  task_policies            = var.task_policies
+  untagged_image_retention = var.untagged_image_retention
+  execution_policies       = var.execution_policies
+  container_key_arn        = var.container_key_arn
+  container_command        = var.container_command
+  docker_context           = var.docker_context
+  dockerfile               = var.dockerfile
+  environment_secrets      = var.environment_secrets
+  environment_variables    = var.environment_variables
+  ephemeral_volumes        = var.ephemeral_volumes
+  cpu                      = var.cpu
+
+  tags = var.tags
+}
+
+module "service" {
+  source  = "HENNGE/ecs/aws//modules/core/service"
+  version = "5.3.0"
+
+  cluster                = var.cluster_arn
+  name                   = join("-", compact([var.project, var.environment, var.service]))
+  create_task_definition = false
+  task_definition_arn    = module.task.task_definition_arn
+  desired_count          = var.desired_containers
+
+  launch_type                   = "FARGATE"
+  task_requires_compatibilities = ["FARGATE"]
+  enable_execute_command        = var.enable_execute_command
+  propagate_tags                = "SERVICE"
+
+  network_configuration = {
+    subnets          = var.container_subnets
+    security_groups  = var.security_groups
+    assign_public_ip = false
+  }
+
+  tags = var.tags
+}

tofu/modules/persistent_service/outputs.tf

@@ -0,0 +1,19 @@
+output "container_name" {
+  description = "Name of the container in the ECS task definition."
+  value       = module.task.container_name
+}
+
+output "docker_push" {
+  description = "Commands to push a Docker image to the container repository."
+  value       = module.task.docker_push
+}
+
+output "service_name" {
+  description = "Name of the ECS service."
+  value       = module.service.name
+}
+
+output "task_definition_arn" {
+  description = "ARN of the ECS task definition."
+  value       = module.task.task_definition_arn
+}