diff --git a/.github/workflows/gateway_commons.yml b/.github/workflows/gateway_commons.yml index 96b8c97fb..0f2b9e6c0 100644 --- a/.github/workflows/gateway_commons.yml +++ b/.github/workflows/gateway_commons.yml @@ -115,4 +115,3 @@ jobs: tags: | ${{ env.GATEWAY_ECR_REPOSITORY }}:bootstrap ${{ env.GATEWAY_GHCR_REPOSITORY }}:bootstrap - diff --git a/components/app/config/app_settings.yml b/components/app/config/app_settings.yml index 17427f8fe..4d3d81fdd 100644 --- a/components/app/config/app_settings.yml +++ b/components/app/config/app_settings.yml @@ -17,12 +17,12 @@ production: &production sentry_dsn: "<%= AppSettings.credentials.fetch('sentry_dsn') %>" ahn_core_password: "<%= ENV.fetch('AHN_CORE_PASSWORD') %>" ahn_http_password: "<%= AppSettings.credentials.fetch('ahn_http_password') %>" - call_platform_host: "https://api.somleng.org" + call_platform_host: "https://api.internal.somleng.org" call_platform_password: "<%= AppSettings.credentials.fetch('call_platform_password') %>" staging: <<: *production - call_platform_host: "https://api-staging.somleng.org" + call_platform_host: "https://api-staging.internal.somleng.org" development: &development <<: *default diff --git a/components/app/spec/lib/call_platform/client_spec.rb b/components/app/spec/lib/call_platform/client_spec.rb index 840a6618a..22fa45b51 100644 --- a/components/app/spec/lib/call_platform/client_spec.rb +++ b/components/app/spec/lib/call_platform/client_spec.rb @@ -6,9 +6,9 @@ module CallPlatform it "creates a media stream" do stub_request( :post, - "https://api.somleng.org/services/media_streams" + "https://api.internal.somleng.org/services/media_streams" ).to_return(body: { "sid" => "393a227f-0602-4024-b38a-dcbbeed4d5a0" }.to_json) - client = Client.new(http_client_options: { url: "https://api.somleng.org" }) + client = Client.new(http_client_options: { url: "https://api.internal.somleng.org" }) response = client.create_media_stream( url: "wss://example.com/audio", @@ -19,7 +19,7 @@ module CallPlatform ) expect(response.id).to eq("393a227f-0602-4024-b38a-dcbbeed4d5a0") - expect(WebMock).to(have_requested(:post, "https://api.somleng.org/services/media_streams").with { |request| + expect(WebMock).to(have_requested(:post, "https://api.internal.somleng.org/services/media_streams").with { |request| request_body = JSON.parse(request.body) expect(request_body).to eq( "url" => "wss://example.com/audio", diff --git a/components/freeswitch_event_logger/Dockerfile b/components/freeswitch_event_logger/Dockerfile index cc614b20e..df02eb7ee 100644 --- a/components/freeswitch_event_logger/Dockerfile +++ b/components/freeswitch_event_logger/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:alpine AS builder +FROM public.ecr.aws/docker/library/golang:alpine AS builder WORKDIR /app COPY . ./ RUN CGO_ENABLED=0 GOOS=linux go build -ldflags "-s -w" . diff --git a/components/opensips_scheduler/Dockerfile b/components/opensips_scheduler/Dockerfile index 15bcf6d6e..be71a6274 100644 --- a/components/opensips_scheduler/Dockerfile +++ b/components/opensips_scheduler/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:latest +FROM public.ecr.aws/docker/library/alpine:latest COPY docker-entrypoint.sh /docker-entrypoint.sh COPY opensips_scheduler.sh /usr/local/bin/opensips_scheduler diff --git a/infrastructure/modules/somleng_switch/client_gateway.tf b/infrastructure/modules/somleng_switch/client_gateway.tf index 35519efd9..16fb8543b 100644 --- a/infrastructure/modules/somleng_switch/client_gateway.tf +++ b/infrastructure/modules/somleng_switch/client_gateway.tf @@ -1,14 +1,14 @@ # Container Instances -module client_gateway_container_instances { +module "client_gateway_container_instances" { source = "../container_instances" - app_identifier = var.client_gateway_identifier - vpc = var.vpc - instance_subnets = var.vpc.public_subnets + app_identifier = var.client_gateway_identifier + vpc = var.vpc + instance_subnets = var.vpc.public_subnets associate_public_ip_address = true - max_capacity = var.client_gateway_max_tasks * 2 - cluster_name = aws_ecs_cluster.cluster.name - security_groups = [var.db_security_group] + max_capacity = var.client_gateway_max_tasks * 2 + cluster_name = aws_ecs_cluster.cluster.name + security_groups = [var.db_security_group] user_data = var.assign_client_gateway_eips ? [ { path = "/opt/assign_eip.sh", @@ -25,13 +25,13 @@ module client_gateway_container_instances { # EIP resource "aws_eip" "client_gateway" { - count = var.assign_client_gateway_eips ? var.client_gateway_max_tasks : 0 - domain = "vpc" + count = var.assign_client_gateway_eips ? var.client_gateway_max_tasks : 0 + domain = "vpc" tags = { - Name = "${var.client_gateway_identifier} ${count.index + 1}" + Name = "${var.client_gateway_identifier} ${count.index + 1}" (var.client_gateway_identifier) = "true" - Priority = count.index + 1 + Priority = count.index + 1 } } @@ -42,7 +42,7 @@ resource "aws_ecs_capacity_provider" "client_gateway" { auto_scaling_group_provider { auto_scaling_group_arn = module.client_gateway_container_instances.autoscaling_group.arn managed_termination_protection = "ENABLED" - managed_draining = "ENABLED" + managed_draining = "ENABLED" managed_scaling { maximum_scaling_step_size = 1000 @@ -61,7 +61,7 @@ resource "aws_security_group_rule" "client_gateway_healthcheck" { protocol = "tcp" from_port = var.sip_port security_group_id = module.client_gateway_container_instances.security_group.id - cidr_blocks = data.aws_ip_ranges.route53_healthchecks.cidr_blocks + cidr_blocks = data.aws_ip_ranges.route53_healthchecks.cidr_blocks } resource "aws_security_group_rule" "client_gateway_sip" { @@ -70,7 +70,7 @@ resource "aws_security_group_rule" "client_gateway_sip" { protocol = "udp" from_port = var.sip_port security_group_id = module.client_gateway_container_instances.security_group.id - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = ["0.0.0.0/0"] } resource "aws_security_group_rule" "client_gateway_icmp" { @@ -79,7 +79,7 @@ resource "aws_security_group_rule" "client_gateway_icmp" { protocol = "icmp" from_port = -1 security_group_id = module.client_gateway_container_instances.security_group.id - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = ["0.0.0.0/0"] } # IAM @@ -107,7 +107,7 @@ EOF } resource "aws_iam_role_policy_attachment" "client_gateway_container_instance_custom_policy" { - role = module.client_gateway_container_instances.iam_role.id + role = module.client_gateway_container_instances.iam_role.id policy_arn = aws_iam_policy.client_gateway_container_instance_custom_policy.arn } @@ -152,49 +152,121 @@ EOF } resource "aws_iam_role_policy_attachment" "client_gateway_task_execution_custom_policy" { - role = aws_iam_role.client_gateway_task_execution_role.id + role = aws_iam_role.client_gateway_task_execution_role.id policy_arn = aws_iam_policy.client_gateway_task_execution_custom_policy.arn } resource "aws_iam_role_policy_attachment" "client_gateway_task_execution_role_amazon_ecs_task_execution_role_policy" { - role = aws_iam_role.client_gateway_task_execution_role.id + role = aws_iam_role.client_gateway_task_execution_role.id policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" } # Log Groups resource "aws_cloudwatch_log_group" "client_gateway" { - name = var.client_gateway_identifier + name = var.client_gateway_identifier retention_in_days = 7 } # ECS -data "template_file" "client_gateway" { - template = file("${path.module}/templates/client_gateway.json.tpl") - - vars = { - client_gateway_image = var.client_gateway_image - opensips_scheduler_image = var.opensips_scheduler_image - - logs_group = aws_cloudwatch_log_group.client_gateway.name - logs_group_region = var.aws_region - app_environment = var.app_environment - - sip_port = var.sip_port - - database_password_parameter_arn = var.db_password_parameter_arn - database_name = var.client_gateway_db_name - database_username = var.db_username - database_host = var.db_host - database_port = var.db_port - } -} resource "aws_ecs_task_definition" "client_gateway" { family = var.client_gateway_identifier network_mode = "host" requires_compatibilities = ["EC2"] - execution_role_arn = aws_iam_role.client_gateway_task_execution_role.arn - container_definitions = data.template_file.client_gateway.rendered + execution_role_arn = aws_iam_role.client_gateway_task_execution_role.arn + container_definitions = jsonencode([ + { + name = "client_gateway", + image = "${var.client_gateway_image}:latest", + logConfiguration = { + logDriver = "awslogs", + options = { + awslogs-group = aws_cloudwatch_log_group.client_gateway.name, + awslogs-region = var.aws_region, + awslogs-stream-prefix = var.app_environment + } + }, + essential = true, + portMappings = [ + { + containerPort = var.sip_port, + hostPort = var.sip_port, + protocol = "udp" + }, + { + containerPort = var.sip_port, + hostPort = var.sip_port, + protocol = "tcp" + } + ], + healthCheck = { + command = ["CMD-SHELL", "nc -z -w 5 $(hostname -i) $SIP_PORT"], + interval = 10, + retries = 10, + timeout = 5 + }, + mountPoints = [ + { + sourceVolume = "opensips", + containerPath = "/var/opensips" + } + ], + secrets = [ + { + name = "DATABASE_PASSWORD", + valueFrom = var.db_password_parameter_arn + } + ], + environment = [ + { + name = "FIFO_NAME", + value = var.opensips_fifo_name, + }, + { + name = "DATABASE_NAME", + value = var.client_gateway_db_name + }, + { + name = "DATABASE_USERNAME", + value = var.db_username + }, + { + name = "DATABASE_HOST", + value = var.db_host + }, + { + name = "DATABASE_PORT", + value = tostring(var.db_port), + }, + { + name = "SIP_PORT", + value = tostring(var.sip_port) + } + ] + }, + { + name = "opensips_scheduler", + image = "${var.opensips_scheduler_image}:latest", + essential = true, + mountPoints = [ + { + sourceVolume = "opensips", + containerPath = "/var/opensips" + } + ], + environment = [ + { + name = "FIFO_NAME", + value = var.opensips_fifo_name + }, + { + name = "MI_COMMANDS", + value = "lb_reload,domain_reload,rtpengine_reload" + } + ] + } + ]) + memory = module.client_gateway_container_instances.ec2_instance_type.memory_size - 512 volume { @@ -203,20 +275,20 @@ resource "aws_ecs_task_definition" "client_gateway" { } resource "aws_ecs_service" "client_gateway" { - name = aws_ecs_task_definition.client_gateway.family - cluster = aws_ecs_cluster.cluster.id - task_definition = aws_ecs_task_definition.client_gateway.arn - desired_count = var.client_gateway_min_tasks + name = aws_ecs_task_definition.client_gateway.family + cluster = aws_ecs_cluster.cluster.id + task_definition = aws_ecs_task_definition.client_gateway.arn + desired_count = var.client_gateway_min_tasks deployment_minimum_healthy_percent = 50 - deployment_maximum_percent = 100 + deployment_maximum_percent = 100 capacity_provider_strategy { capacity_provider = aws_ecs_capacity_provider.client_gateway.name - weight = 1 + weight = 1 } placement_constraints { - type = "distinctInstance" + type = "distinctInstance" } depends_on = [ @@ -241,8 +313,8 @@ resource "aws_appautoscaling_policy" "client_gateway_policy" { predefined_metric_type = "ECSServiceAverageCPUUtilization" } - target_value = 30 - scale_in_cooldown = 300 + target_value = 30 + scale_in_cooldown = 300 scale_out_cooldown = 60 } } @@ -260,10 +332,10 @@ resource "aws_appautoscaling_target" "client_gateway_scale_target" { resource "aws_route53_health_check" "client_gateway" { for_each = { for index, eip in aws_eip.client_gateway : index => eip } - reference_name = "${var.client_gateway_subdomain}-${each.key + 1}" - ip_address = each.value.public_ip - port = var.sip_port - type = "TCP" + reference_name = "${var.client_gateway_subdomain}-${each.key + 1}" + ip_address = each.value.public_ip + port = var.sip_port + type = "TCP" request_interval = 30 tags = { @@ -273,19 +345,19 @@ resource "aws_route53_health_check" "client_gateway" { resource "aws_route53_record" "client_gateway" { for_each = aws_route53_health_check.client_gateway - zone_id = var.route53_zone.zone_id - name = var.client_gateway_subdomain - type = "A" - ttl = 300 - records = [each.value.ip_address] + zone_id = var.route53_zone.zone_id + name = var.client_gateway_subdomain + type = "A" + ttl = 300 + records = [each.value.ip_address] multivalue_answer_routing_policy = true - set_identifier = "${var.client_gateway_identifier}-${each.key + 1}" - health_check_id = each.value.id + set_identifier = "${var.client_gateway_identifier}-${each.key + 1}" + health_check_id = each.value.id } resource "aws_lambda_invocation" "create_domain" { - for_each = aws_route53_record.client_gateway + for_each = aws_route53_record.client_gateway function_name = aws_lambda_function.services.function_name input = jsonencode({ diff --git a/infrastructure/modules/somleng_switch/media_proxy.tf b/infrastructure/modules/somleng_switch/media_proxy.tf index c9dbd78f2..5106f53e0 100644 --- a/infrastructure/modules/somleng_switch/media_proxy.tf +++ b/infrastructure/modules/somleng_switch/media_proxy.tf @@ -1,15 +1,15 @@ # Container Instances -module media_proxy_container_instances { +module "media_proxy_container_instances" { source = "../container_instances" - app_identifier = var.media_proxy_identifier - vpc = var.vpc - instance_subnets = var.vpc.public_subnets + app_identifier = var.media_proxy_identifier + vpc = var.vpc + instance_subnets = var.vpc.public_subnets associate_public_ip_address = true - cluster_name = aws_ecs_cluster.cluster.name - max_capacity = var.media_proxy_max_tasks * 2 - architecture = "arm64" - instance_type = "t4g.small" + cluster_name = aws_ecs_cluster.cluster.name + max_capacity = var.media_proxy_max_tasks * 2 + architecture = "arm64" + instance_type = "t4g.small" user_data = var.assign_media_proxy_eips ? [ { path = "/opt/assign_eip.sh", @@ -27,13 +27,13 @@ module media_proxy_container_instances { # EIP resource "aws_eip" "media_proxy" { - count = var.assign_media_proxy_eips ? var.media_proxy_max_tasks : 0 - domain = "vpc" + count = var.assign_media_proxy_eips ? var.media_proxy_max_tasks : 0 + domain = "vpc" tags = { - Name = "Media Proxy ${count.index + 1}" + Name = "Media Proxy ${count.index + 1}" (var.media_proxy_identifier) = "true" - Priority = count.index + 1 + Priority = count.index + 1 } } @@ -44,7 +44,7 @@ resource "aws_ecs_capacity_provider" "media_proxy" { auto_scaling_group_provider { auto_scaling_group_arn = module.media_proxy_container_instances.autoscaling_group.arn managed_termination_protection = "ENABLED" - managed_draining = "ENABLED" + managed_draining = "ENABLED" managed_scaling { maximum_scaling_step_size = 1000 @@ -63,7 +63,7 @@ resource "aws_security_group_rule" "media_proxy_control" { protocol = "udp" from_port = var.media_proxy_ng_port security_group_id = module.media_proxy_container_instances.security_group.id - cidr_blocks = [var.vpc.vpc_cidr_block] + cidr_blocks = [var.vpc.vpc_cidr_block] } resource "aws_security_group_rule" "media_proxy_media" { @@ -72,7 +72,7 @@ resource "aws_security_group_rule" "media_proxy_media" { protocol = "udp" from_port = var.media_proxy_media_port_min security_group_id = module.media_proxy_container_instances.security_group.id - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = ["0.0.0.0/0"] } resource "aws_security_group_rule" "media_proxy_icmp" { @@ -81,7 +81,7 @@ resource "aws_security_group_rule" "media_proxy_icmp" { protocol = "icmp" from_port = -1 security_group_id = module.media_proxy_container_instances.security_group.id - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = ["0.0.0.0/0"] } # IAM @@ -109,7 +109,7 @@ EOF } resource "aws_iam_role_policy_attachment" "media_proxy_container_instance_custom_policy" { - role = module.media_proxy_container_instances.iam_role.id + role = module.media_proxy_container_instances.iam_role.id policy_arn = aws_iam_policy.media_proxy_container_instance_custom_policy.arn } @@ -133,40 +133,63 @@ EOF } resource "aws_iam_role_policy_attachment" "media_proxy_task_execution_role_amazon_ecs_task_execution_role_policy" { - role = aws_iam_role.media_proxy_task_execution_role.id + role = aws_iam_role.media_proxy_task_execution_role.id policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" } # Log Groups resource "aws_cloudwatch_log_group" "media_proxy" { - name = var.media_proxy_identifier + name = var.media_proxy_identifier retention_in_days = 7 } # ECS -data "template_file" "media_proxy" { - template = file("${path.module}/templates/media_proxy.json.tpl") - - vars = { - media_proxy_image = var.media_proxy_image - - logs_group = aws_cloudwatch_log_group.media_proxy.name - logs_group_region = var.aws_region - app_environment = var.app_environment - - ng_port = var.media_proxy_ng_port - healthcheck_port = var.media_proxy_healthcheck_port - media_port_min = var.media_proxy_media_port_min - media_port_max = var.media_proxy_media_port_max - } -} resource "aws_ecs_task_definition" "media_proxy" { family = var.media_proxy_identifier network_mode = "host" requires_compatibilities = ["EC2"] - execution_role_arn = aws_iam_role.media_proxy_task_execution_role.arn - container_definitions = data.template_file.media_proxy.rendered + execution_role_arn = aws_iam_role.media_proxy_task_execution_role.arn + container_definitions = jsonencode([ + { + name = "media_proxy", + image = "${var.media_proxy_image}:latest", + logConfiguration = { + logDriver = "awslogs", + options = { + awslogs-group = aws_cloudwatch_log_group.media_proxy.name, + awslogs-region = var.aws_region, + awslogs-stream-prefix = var.app_environment + } + }, + essential = true, + healthCheck = { + command = ["CMD-SHELL", "nc -z -w 5 $(hostname -i) $HEALTHCHECK_PORT"], + interval = 10, + retries = 10, + timeout = 5 + }, + environment = [ + { + name = "NG_PORT", + value = tostring(var.media_proxy_ng_port) + }, + { + name = "MEDIA_PORT_MIN", + value = tostring(var.media_proxy_media_port_min) + }, + { + name = "MEDIA_PORT_MAX", + value = tostring(var.media_proxy_media_port_max) + }, + { + name = "HEALTHCHECK_PORT", + value = tostring(var.media_proxy_healthcheck_port) + } + ] + } + ]) + memory = module.media_proxy_container_instances.ec2_instance_type.memory_size - 512 } @@ -178,11 +201,11 @@ resource "aws_ecs_service" "media_proxy" { capacity_provider_strategy { capacity_provider = aws_ecs_capacity_provider.media_proxy.name - weight = 1 + weight = 1 } placement_constraints { - type = "distinctInstance" + type = "distinctInstance" } depends_on = [ @@ -207,8 +230,8 @@ resource "aws_appautoscaling_policy" "media_proxy_policy" { predefined_metric_type = "ECSServiceAverageCPUUtilization" } - target_value = 30 - scale_in_cooldown = 300 + target_value = 30 + scale_in_cooldown = 300 scale_out_cooldown = 60 } } diff --git a/infrastructure/modules/somleng_switch/public_gateway.tf b/infrastructure/modules/somleng_switch/public_gateway.tf index 9c0dd5a05..e95121114 100644 --- a/infrastructure/modules/somleng_switch/public_gateway.tf +++ b/infrastructure/modules/somleng_switch/public_gateway.tf @@ -1,12 +1,12 @@ # Container Instances -module public_gateway_container_instances { +module "public_gateway_container_instances" { source = "../container_instances" - app_identifier = var.public_gateway_identifier - vpc = var.vpc + app_identifier = var.public_gateway_identifier + vpc = var.vpc instance_subnets = var.vpc.private_subnets - max_capacity = var.public_gateway_max_tasks * 2 - cluster_name = aws_ecs_cluster.cluster.name + max_capacity = var.public_gateway_max_tasks * 2 + cluster_name = aws_ecs_cluster.cluster.name } # Capacity Provider @@ -16,7 +16,7 @@ resource "aws_ecs_capacity_provider" "public_gateway" { auto_scaling_group_provider { auto_scaling_group_arn = module.public_gateway_container_instances.autoscaling_group.arn managed_termination_protection = "ENABLED" - managed_draining = "ENABLED" + managed_draining = "ENABLED" managed_scaling { maximum_scaling_step_size = 1000 @@ -39,7 +39,7 @@ resource "aws_security_group_rule" "public_gateway_healthcheck" { protocol = "tcp" from_port = var.sip_port security_group_id = aws_security_group.public_gateway.id - cidr_blocks = [var.vpc.vpc_cidr_block] + cidr_blocks = [var.vpc.vpc_cidr_block] } resource "aws_security_group_rule" "public_gateway_sip" { @@ -48,7 +48,7 @@ resource "aws_security_group_rule" "public_gateway_sip" { protocol = "udp" from_port = var.sip_port security_group_id = aws_security_group.public_gateway.id - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = ["0.0.0.0/0"] } resource "aws_security_group_rule" "public_gateway_sip_alternative" { @@ -57,7 +57,7 @@ resource "aws_security_group_rule" "public_gateway_sip_alternative" { protocol = "udp" from_port = var.sip_alternative_port security_group_id = aws_security_group.public_gateway.id - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = ["0.0.0.0/0"] } resource "aws_security_group_rule" "public_gateway_egress" { @@ -66,7 +66,7 @@ resource "aws_security_group_rule" "public_gateway_egress" { protocol = "-1" from_port = 0 security_group_id = aws_security_group.public_gateway.id - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = ["0.0.0.0/0"] } # IAM @@ -130,52 +130,128 @@ EOF } resource "aws_iam_role_policy_attachment" "public_gateway_task_execution_custom_policy" { - role = aws_iam_role.public_gateway_task_execution_role.id + role = aws_iam_role.public_gateway_task_execution_role.id policy_arn = aws_iam_policy.public_gateway_task_execution_custom_policy.arn } resource "aws_iam_role_policy_attachment" "public_gateway_task_execution_role_amazon_ecs_task_execution_role_policy" { - role = aws_iam_role.public_gateway_task_execution_role.id + role = aws_iam_role.public_gateway_task_execution_role.id policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" } # Log Groups resource "aws_cloudwatch_log_group" "public_gateway" { - name = var.public_gateway_identifier + name = var.public_gateway_identifier retention_in_days = 7 } # ECS -data "template_file" "public_gateway" { - template = file("${path.module}/templates/public_gateway.json.tpl") - - vars = { - public_gateway_image = var.public_gateway_image - opensips_scheduler_image = var.opensips_scheduler_image - - logs_group = aws_cloudwatch_log_group.public_gateway.name - logs_group_region = var.aws_region - app_environment = var.app_environment - - sip_port = var.sip_port - sip_alternative_port = var.sip_alternative_port - sip_advertised_ip = var.external_sip_ip - - database_password_parameter_arn = var.db_password_parameter_arn - database_name = var.public_gateway_db_name - database_username = var.db_username - database_host = var.db_host - database_port = var.db_port - } -} resource "aws_ecs_task_definition" "public_gateway" { family = var.public_gateway_identifier network_mode = "awsvpc" requires_compatibilities = ["EC2"] - task_role_arn = aws_iam_role.public_gateway_task_role.arn - execution_role_arn = aws_iam_role.public_gateway_task_execution_role.arn - container_definitions = data.template_file.public_gateway.rendered + task_role_arn = aws_iam_role.public_gateway_task_role.arn + execution_role_arn = aws_iam_role.public_gateway_task_execution_role.arn + container_definitions = jsonencode([ + { + name = "public_gateway", + image = "${var.public_gateway_image}:latest", + logConfiguration = { + logDriver = "awslogs", + options = { + awslogs-group = aws_cloudwatch_log_group.public_gateway.name, + awslogs-region = var.aws_region, + awslogs-stream-prefix = var.app_environment + } + }, + essential = true, + portMappings = [ + { + containerPort = var.sip_port, + protocol = "udp" + }, + { + containerPort = var.sip_alternative_port, + protocol = "udp" + } + ], + mountPoints = [ + { + sourceVolume = "opensips", + containerPath = "/var/opensips" + } + ], + healthCheck = { + command = ["CMD-SHELL", "nc -z -w 5 $(hostname -i) $SIP_PORT"], + interval = 10, + retries = 10, + timeout = 5 + }, + secrets = [ + { + name = "DATABASE_PASSWORD", + valueFrom = var.db_password_parameter_arn + } + ], + environment = [ + { + name = "FIFO_NAME", + value = var.opensips_fifo_name + }, + { + name = "DATABASE_NAME", + value = var.public_gateway_db_name + }, + { + name = "DATABASE_USERNAME", + value = var.db_username + }, + { + name = "DATABASE_HOST", + value = var.db_host + }, + { + name = "DATABASE_PORT", + value = tostring(var.db_port) + }, + { + name = "SIP_PORT", + value = tostring(var.sip_port) + }, + { + name = "SIP_ALTERNATIVE_PORT", + value = tostring(var.sip_alternative_port) + }, + { + name = "SIP_ADVERTISED_IP", + value = tostring(var.external_sip_ip) + } + ] + }, + { + name = "opensips_scheduler", + image = "${var.opensips_scheduler_image}:latest", + essential = true, + mountPoints = [ + { + sourceVolume = "opensips", + containerPath = "/var/opensips" + } + ], + environment = [ + { + name = "FIFO_NAME", + value = var.opensips_fifo_name + }, + { + name = "MI_COMMANDS", + value = "lb_reload,address_reload" + } + ] + } + ]) + memory = module.public_gateway_container_instances.ec2_instance_type.memory_size - 512 volume { @@ -211,7 +287,7 @@ resource "aws_ecs_service" "public_gateway" { capacity_provider_strategy { capacity_provider = aws_ecs_capacity_provider.public_gateway.name - weight = 1 + weight = 1 } depends_on = [ @@ -234,10 +310,10 @@ resource "aws_lb_target_group" "sip" { connection_termination = true health_check { - protocol = "TCP" - port = var.sip_port + protocol = "TCP" + port = var.sip_port healthy_threshold = 3 - interval = 10 + interval = 10 } } @@ -247,7 +323,7 @@ resource "aws_lb_listener" "sip" { protocol = "UDP" default_action { - type = "forward" + type = "forward" target_group_arn = aws_lb_target_group.sip.arn } } @@ -262,10 +338,10 @@ resource "aws_lb_target_group" "sip_alternative" { connection_termination = true health_check { - protocol = "TCP" - port = var.sip_port + protocol = "TCP" + port = var.sip_port healthy_threshold = 3 - interval = 10 + interval = 10 } } @@ -275,7 +351,7 @@ resource "aws_lb_listener" "sip_alternative" { protocol = "UDP" default_action { - type = "forward" + type = "forward" target_group_arn = aws_lb_target_group.sip_alternative.arn } } @@ -293,8 +369,8 @@ resource "aws_appautoscaling_policy" "public_gateway_policy" { predefined_metric_type = "ECSServiceAverageCPUUtilization" } - target_value = 30 - scale_in_cooldown = 300 + target_value = 30 + scale_in_cooldown = 300 scale_out_cooldown = 60 } } diff --git a/infrastructure/modules/somleng_switch/switch.tf b/infrastructure/modules/somleng_switch/switch.tf index f2da41c6f..8a2e9c871 100644 --- a/infrastructure/modules/somleng_switch/switch.tf +++ b/infrastructure/modules/somleng_switch/switch.tf @@ -1,16 +1,17 @@ locals { efs_volume_name = "cache" + cache_directory = "/cache" } # Container Instances -module switch_container_instances { +module "switch_container_instances" { source = "../container_instances" - app_identifier = var.switch_identifier - vpc = var.vpc + app_identifier = var.switch_identifier + vpc = var.vpc instance_subnets = var.vpc.private_subnets - cluster_name = aws_ecs_cluster.cluster.name - max_capacity = var.switch_max_tasks * 2 + cluster_name = aws_ecs_cluster.cluster.name + max_capacity = var.switch_max_tasks * 2 } resource "aws_ecs_capacity_provider" "switch" { @@ -19,7 +20,7 @@ resource "aws_ecs_capacity_provider" "switch" { auto_scaling_group_provider { auto_scaling_group_arn = module.switch_container_instances.autoscaling_group.arn managed_termination_protection = "ENABLED" - managed_draining = "ENABLED" + managed_draining = "ENABLED" managed_scaling { maximum_scaling_step_size = 1000 @@ -32,27 +33,27 @@ resource "aws_ecs_capacity_provider" "switch" { # Log Groups resource "aws_cloudwatch_log_group" "switch_app" { - name = "${var.switch_identifier}-app" + name = "${var.switch_identifier}-app" retention_in_days = 7 } resource "aws_cloudwatch_log_group" "nginx" { - name = "${var.switch_identifier}-nginx" + name = "${var.switch_identifier}-nginx" retention_in_days = 7 } resource "aws_cloudwatch_log_group" "freeswitch" { - name = "${var.switch_identifier}-freeswitch" + name = "${var.switch_identifier}-freeswitch" retention_in_days = 7 } resource "aws_cloudwatch_log_group" "freeswitch_event_logger" { - name = "${var.switch_identifier}-freeswitch-event-logger" + name = "${var.switch_identifier}-freeswitch-event-logger" retention_in_days = 7 } resource "aws_cloudwatch_log_group" "redis" { - name = "${var.switch_identifier}-redis" + name = "${var.switch_identifier}-redis" retention_in_days = 7 } @@ -68,11 +69,11 @@ resource "aws_security_group" "switch" { resource "aws_security_group_rule" "switch_ingress_http" { type = "ingress" - to_port = 80 + to_port = var.switch_webserver_port protocol = "TCP" - from_port = 80 + from_port = var.switch_webserver_port security_group_id = aws_security_group.switch.id - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = ["0.0.0.0/0"] } resource "aws_security_group_rule" "switch_ingress_freeswitch_event_socket" { @@ -81,7 +82,7 @@ resource "aws_security_group_rule" "switch_ingress_freeswitch_event_socket" { protocol = "TCP" from_port = 8021 security_group_id = aws_security_group.switch.id - cidr_blocks = [var.vpc.vpc_cidr_block] + cidr_blocks = [var.vpc.vpc_cidr_block] } resource "aws_security_group_rule" "switch_ingress_sip" { @@ -90,7 +91,7 @@ resource "aws_security_group_rule" "switch_ingress_sip" { protocol = "UDP" from_port = var.sip_port security_group_id = aws_security_group.switch.id - cidr_blocks = [var.vpc.vpc_cidr_block] + cidr_blocks = [var.vpc.vpc_cidr_block] } resource "aws_security_group_rule" "switch_ingress_sip_alternative" { @@ -99,7 +100,7 @@ resource "aws_security_group_rule" "switch_ingress_sip_alternative" { protocol = "UDP" from_port = var.sip_alternative_port security_group_id = aws_security_group.switch.id - cidr_blocks = [var.vpc.vpc_cidr_block] + cidr_blocks = [var.vpc.vpc_cidr_block] } resource "aws_security_group_rule" "switch_egress" { @@ -108,7 +109,7 @@ resource "aws_security_group_rule" "switch_egress" { protocol = "-1" from_port = 0 security_group_id = aws_security_group.switch.id - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = ["0.0.0.0/0"] } # SSM Parameters @@ -163,7 +164,7 @@ resource "aws_s3_bucket_lifecycle_configuration" "recordings" { bucket = aws_s3_bucket.recordings.id rule { - id = "rule-1" + id = "rule-1" status = "Enabled" expiration { @@ -177,7 +178,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "recordings" { rule { apply_server_side_encryption_by_default { - sse_algorithm = "aws:kms" + sse_algorithm = "aws:kms" } } } @@ -214,8 +215,8 @@ EOF data "aws_iam_policy_document" "ecs_task_assume_role_policy" { version = "2012-10-17" statement { - sid = "" - effect = "Allow" + sid = "" + effect = "Allow" actions = ["sts:AssumeRole"] principals { @@ -305,24 +306,24 @@ EOF } resource "aws_iam_role_policy_attachment" "ecs_task_custom_policy" { - role = aws_iam_role.ecs_task_role.id + role = aws_iam_role.ecs_task_role.id policy_arn = aws_iam_policy.ecs_task_policy.arn } resource "aws_iam_role_policy_attachment" "task_execution_custom_policy" { - role = aws_iam_role.task_execution_role.id + role = aws_iam_role.task_execution_role.id policy_arn = aws_iam_policy.task_execution_custom_policy.arn } resource "aws_iam_role_policy_attachment" "task_execution_role_policy" { - role = aws_iam_role.task_execution_role.id + role = aws_iam_role.task_execution_role.id policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" } # EFS resource "aws_efs_file_system" "cache" { creation_token = var.efs_cache_name - encrypted = true + encrypted = true tags = { Name = var.efs_cache_name @@ -348,8 +349,8 @@ resource "aws_efs_backup_policy" "cache" { resource "aws_efs_mount_target" "cache" { for_each = toset(var.vpc.intra_subnets) - file_system_id = aws_efs_file_system.cache.id - subnet_id = each.value + file_system_id = aws_efs_file_system.cache.id + subnet_id = each.value security_groups = [aws_security_group.efs_cache.id] } @@ -366,73 +367,326 @@ resource "aws_security_group_rule" "efs_cache_ingress" { type = "ingress" protocol = "TCP" security_group_id = aws_security_group.efs_cache.id - cidr_blocks = [var.vpc.vpc_cidr_block] - from_port = 2049 - to_port = 2049 + cidr_blocks = [var.vpc.vpc_cidr_block] + from_port = 2049 + to_port = 2049 } # ECS -data "template_file" "switch" { - template = file("${path.module}/templates/switch.json.tpl") - - vars = { - name = var.switch_identifier - app_image = var.switch_app_image - nginx_image = var.nginx_image - freeswitch_image = var.freeswitch_image - freeswitch_event_logger_image = var.freeswitch_event_logger_image - - region = var.aws_region - application_master_key_parameter_arn = aws_ssm_parameter.switch_application_master_key.arn - freeswitch_event_socket_password_parameter_arn = aws_ssm_parameter.freeswitch_event_socket_password.arn - freeswitch_event_socket_port = var.freeswitch_event_socket_port - - sip_port = var.sip_port - sip_alternative_port = var.sip_alternative_port - - nginx_logs_group = aws_cloudwatch_log_group.nginx.name - freeswitch_logs_group = aws_cloudwatch_log_group.freeswitch.name - freeswitch_event_logger_logs_group = aws_cloudwatch_log_group.freeswitch_event_logger.name - app_logs_group = aws_cloudwatch_log_group.switch_app.name - redis_logs_group = aws_cloudwatch_log_group.redis.name - logs_group_region = var.aws_region - app_environment = var.app_environment - - rayo_password_parameter_arn = aws_ssm_parameter.rayo_password.arn - json_cdr_url = var.json_cdr_url - json_cdr_password_parameter_arn = var.json_cdr_password_parameter_arn - external_rtp_ip = var.external_rtp_ip - - alternative_sip_outbound_ip = var.alternative_sip_outbound_ip - alternative_rtp_ip = var.alternative_rtp_ip - - source_volume = local.efs_volume_name - cache_directory = "/cache" - - recordings_bucket_name = aws_s3_bucket.recordings.id - recordings_bucket_access_key_id_parameter_arn = aws_ssm_parameter.recordings_bucket_access_key_id.arn - recordings_bucket_secret_access_key_parameter_arn = aws_ssm_parameter.recordings_bucket_secret_access_key.arn - recordings_bucket_region = aws_s3_bucket.recordings.region - - services_function_arn = aws_lambda_function.services.arn - } -} resource "aws_ecs_task_definition" "switch" { family = var.switch_identifier network_mode = "awsvpc" requires_compatibilities = ["EC2"] - container_definitions = data.template_file.switch.rendered - task_role_arn = aws_iam_role.ecs_task_role.arn + container_definitions = jsonencode([ + { + name = "nginx", + image = "${var.nginx_image}:latest", + logConfiguration = { + logDriver = "awslogs", + options = { + awslogs-group = aws_cloudwatch_log_group.nginx.name, + awslogs-region = var.aws_region, + awslogs-stream-prefix = var.app_environment + } + }, + essential = true, + portMappings = [ + { + containerPort = var.switch_webserver_port, + protocol = "tcp" + } + ], + dependsOn = [ + { + containerName = "app", + condition = "HEALTHY" + } + ] + }, + { + name = "app", + image = "${var.switch_app_image}:latest", + logConfiguration = { + logDriver = "awslogs", + options = { + awslogs-group = aws_cloudwatch_log_group.switch_app.name, + awslogs-region = var.aws_region, + awslogs-stream-prefix = var.app_environment + } + }, + startTimeout = 120, + essential = true, + portMappings = [ + { + containerPort = var.switch_appserver_port, + protocol = "tcp" + } + ], + dependsOn = [ + { + containerName = "redis", + condition = "HEALTHY" + } + ], + healthCheck = { + command = ["CMD-SHELL", "wget --server-response --spider --quiet http://localhost:$AHN_CORE_HTTP_PORT/health_checks 2>&1 | grep '200 OK' > /dev/null"], + interval = 10, + retries = 10, + timeout = 5 + }, + secrets = [ + { + name = "APP_MASTER_KEY", + valueFrom = aws_ssm_parameter.switch_application_master_key.arn + }, + { + name = "AHN_CORE_PASSWORD", + valueFrom = aws_ssm_parameter.rayo_password.arn + } + ], + environment = [ + { + name = "AHN_ENV", + value = var.app_environment + }, + { + name = "APP_ENV", + value = var.app_environment + }, + { + name = "RACK_ENV", + value = var.app_environment + }, + { + name = "AWS_DEFAULT_REGION", + value = var.aws_region + }, + { + name = "AHN_CORE_HTTP_PORT", + value = tostring(var.switch_appserver_port) + }, + { + name = "AHN_CORE_PORT", + value = tostring(var.rayo_port) + }, + { + name = "SERVICES_FUNCTION_ARN", + value = aws_lambda_function.services.arn + }, + { + name = "REDIS_URL", + value = "redis://localhost:${var.redis_port}/1" + } + ] + }, + { + name = "freeswitch", + image = "${var.freeswitch_image}:latest", + logConfiguration = { + logDriver = "awslogs", + options = { + awslogs-group = aws_cloudwatch_log_group.freeswitch.name, + awslogs-region = var.aws_region, + awslogs-stream-prefix = var.app_environment + } + }, + startTimeout = 120, + healthCheck = { + command = [ + "CMD-SHELL", + "fs_cli -p $FS_EVENT_SOCKET_PASSWORD -x 'rayo status' | rayo_status_parser" + ] + interval = 10, + retries = 10 + timeout = 5 + } + essential = true, + portMappings = [ + { + containerPort = var.rayo_port, + protocol = "tcp" + }, + { + containerPort = var.sip_port, + protocol = "udp" + }, + { + containerPort = var.sip_alternative_port, + protocol = "udp" + }, + { + containerPort = var.freeswitch_event_socket_port, + protocol = "tcp" + } + ], + mountPoints = [ + { + containerPath = local.cache_directory, + sourceVolume = local.efs_volume_name + } + ], + secrets = [ + { + name = "FS_MOD_RAYO_PASSWORD", + valueFrom = aws_ssm_parameter.rayo_password.arn + }, + { + name = "FS_MOD_JSON_CDR_PASSWORD", + valueFrom = var.json_cdr_password_parameter_arn + }, + { + name = "FS_RECORDINGS_BUCKET_ACCESS_KEY_ID", + valueFrom = aws_ssm_parameter.recordings_bucket_access_key_id.arn + }, + { + name = "FS_RECORDINGS_BUCKET_SECRET_ACCESS_KEY", + valueFrom = aws_ssm_parameter.recordings_bucket_secret_access_key.arn + }, + { + name = "FS_EVENT_SOCKET_PASSWORD", + valueFrom = aws_ssm_parameter.freeswitch_event_socket_password.arn + } + ], + environment = [ + { + name = "AWS_DEFAULT_REGION", + value = var.aws_region + }, + { + name = "FS_CACHE_DIRECTORY", + value = local.cache_directory + }, + { + name = "FS_STORAGE_DIRECTORY", + value = "${local.cache_directory}/freeswitch/storage" + }, + { + name = "FS_TTS_CACHE_DIRECTORY", + value = "${local.cache_directory}/freeswitch/tts_cache" + }, + { + name = "FS_LOG_DIRECTORY", + value = "${local.cache_directory}/freeswitch/logs" + }, + { + name = "FS_EXTERNAL_RTP_IP", + value = var.external_rtp_ip + }, + { + name = "FS_ALTERNATIVE_SIP_OUTBOUND_IP", + value = var.alternative_sip_outbound_ip + }, + { + name = "FS_ALTERNATIVE_RTP_IP", + value = var.alternative_rtp_ip + }, + { + name = "FS_MOD_RAYO_PORT", + value = tostring(var.rayo_port) + }, + { + name = "FS_MOD_JSON_CDR_URL", + value = var.json_cdr_url + }, + { + name = "FS_RECORDINGS_BUCKET_NAME", + value = aws_s3_bucket.recordings.id + }, + { + name = "FS_RECORDINGS_BUCKET_REGION", + value = aws_s3_bucket.recordings.region + }, + { + name = "FS_EVENT_SOCKET_PORT", + value = tostring(var.freeswitch_event_socket_port) + }, + { + name = "FS_SIP_PORT", + value = tostring(var.sip_port) + }, + { + name = "FS_SIP_ALTERNATIVE_PORT", + value = tostring(var.sip_alternative_port) + } + ] + }, + { + name = "redis", + image = "public.ecr.aws/docker/library/redis:alpine", + logConfiguration = { + logDriver = "awslogs", + options = { + awslogs-group = aws_cloudwatch_log_group.redis.name, + awslogs-region = var.aws_region, + awslogs-stream-prefix = var.app_environment + } + }, + essential = true, + healthCheck = { + command = ["CMD-SHELL", "redis-cli", "--raw", "incr", "ping"], + interval = 10, + retries = 10, + timeout = 5 + }, + portMappings = [ + { + containerPort = var.redis_port + } + ] + }, + { + name = "freeswitch-event-logger", + image = "${var.freeswitch_event_logger_image}:latest", + logConfiguration = { + logDriver = "awslogs", + options = { + awslogs-group = aws_cloudwatch_log_group.freeswitch_event_logger.name, + awslogs-region = var.aws_region, + awslogs-stream-prefix = var.app_environment + } + }, + startTimeout = 120, + essential = true, + secrets = [ + { + name = "EVENT_SOCKET_PASSWORD", + valueFrom = aws_ssm_parameter.freeswitch_event_socket_password.arn + } + ], + dependsOn = [ + { + containerName = "freeswitch", + condition = "HEALTHY" + }, + { + containerName = "redis", + condition = "HEALTHY" + } + ], + environment = [ + { + name = "EVENT_SOCKET_HOST", + value = "localhost:${var.freeswitch_event_socket_port}" + }, + { + name = "REDIS_URL", + value = "redis://localhost:${var.redis_port}/1" + } + ] + } + ]) + + task_role_arn = aws_iam_role.ecs_task_role.arn execution_role_arn = aws_iam_role.task_execution_role.arn - memory = module.switch_container_instances.ec2_instance_type.memory_size - 512 + memory = module.switch_container_instances.ec2_instance_type.memory_size - 512 volume { name = local.efs_volume_name efs_volume_configuration { - file_system_id = aws_efs_file_system.cache.id - transit_encryption = "ENABLED" + file_system_id = aws_efs_file_system.cache.id + transit_encryption = "ENABLED" } } } @@ -452,17 +706,23 @@ resource "aws_ecs_service" "switch" { capacity_provider_strategy { capacity_provider = aws_ecs_capacity_provider.switch.name - weight = 1 + weight = 1 } placement_constraints { - type = "distinctInstance" + type = "distinctInstance" + } + + load_balancer { + target_group_arn = aws_lb_target_group.switch_public_http.arn + container_name = "nginx" + container_port = var.switch_webserver_port } load_balancer { target_group_arn = aws_lb_target_group.switch_http.arn container_name = "nginx" - container_port = 80 + container_port = var.switch_webserver_port } lifecycle { @@ -475,26 +735,63 @@ resource "aws_ecs_service" "switch" { } # Load Balancer +resource "aws_lb_target_group" "switch_public_http" { + name = var.switch_identifier + port = var.switch_webserver_port + protocol = "HTTP" + vpc_id = var.vpc.vpc_id + target_type = "ip" + deregistration_delay = 60 + + health_check { + protocol = "HTTP" + path = "/health_checks" + healthy_threshold = 3 + interval = 10 + } +} + resource "aws_lb_target_group" "switch_http" { - name = var.switch_identifier - port = 80 - protocol = "HTTP" - vpc_id = var.vpc.vpc_id - target_type = "ip" + name = "${var.switch_identifier}-internal" + port = var.switch_webserver_port + protocol = "HTTP" + vpc_id = var.vpc.vpc_id + target_type = "ip" deregistration_delay = 60 health_check { - protocol = "HTTP" - path = "/health_checks" + protocol = "HTTP" + path = "/health_checks" healthy_threshold = 3 - interval = 10 + interval = 10 + } +} + +resource "aws_lb_listener_rule" "switch_public_http" { + priority = var.app_environment == "production" ? 20 : 120 + + listener_arn = var.listener.arn + + action { + type = "forward" + target_group_arn = aws_lb_target_group.switch_public_http.id + } + + condition { + host_header { + values = [aws_route53_record.switch_public.fqdn] + } + } + + lifecycle { + ignore_changes = [action] } } resource "aws_lb_listener_rule" "switch_http" { priority = var.app_environment == "production" ? 20 : 120 - listener_arn = var.listener_arn + listener_arn = var.internal_listener.arn action { type = "forward" @@ -512,6 +809,7 @@ resource "aws_lb_listener_rule" "switch_http" { } } + # Autoscaling resource "aws_appautoscaling_target" "switch_scale_target" { service_namespace = "ecs" @@ -533,8 +831,8 @@ resource "aws_appautoscaling_policy" "switch_policy" { predefined_metric_type = "ECSServiceAverageCPUUtilization" } - target_value = 30 - scale_in_cooldown = 300 + target_value = 30 + scale_in_cooldown = 300 scale_out_cooldown = 60 } } @@ -554,8 +852,8 @@ resource "aws_appautoscaling_policy" "freeswitch_session_count" { unit = aws_cloudwatch_log_metric_filter.freeswitch_session_count.metric_transformation.*.unit[0] } - target_value = 100 - scale_in_cooldown = 300 + target_value = 100 + scale_in_cooldown = 300 scale_out_cooldown = 60 } } @@ -569,14 +867,14 @@ resource "aws_cloudwatch_log_metric_filter" "freeswitch_session_count" { name = "${var.switch_identifier}-SessionCount" namespace = "SomlengSWITCH" value = "$.Session-Count" - unit = "Count" + unit = "Count" } } # Route53 -resource "aws_route53_record" "switch" { +resource "aws_route53_record" "switch_public" { zone_id = var.route53_zone.zone_id - name = var.switch_subdomain + name = var.app_environment == "production" ? "ahn" : "switch-staging" type = "A" alias { @@ -585,3 +883,15 @@ resource "aws_route53_record" "switch" { evaluate_target_health = true } } + +resource "aws_route53_record" "switch" { + zone_id = var.internal_route53_zone.zone_id + name = var.switch_subdomain + type = "A" + + alias { + name = var.internal_load_balancer.dns_name + zone_id = var.internal_load_balancer.zone_id + evaluate_target_health = true + } +} diff --git a/infrastructure/modules/somleng_switch/templates/client_gateway.json.tpl b/infrastructure/modules/somleng_switch/templates/client_gateway.json.tpl deleted file mode 100644 index 0e92e6eb4..000000000 --- a/infrastructure/modules/somleng_switch/templates/client_gateway.json.tpl +++ /dev/null @@ -1,92 +0,0 @@ -[ - { - "name": "client_gateway", - "image": "${client_gateway_image}:latest", - "logConfiguration": { - "logDriver": "awslogs", - "options": { - "awslogs-group": "${logs_group}", - "awslogs-region": "${logs_group_region}", - "awslogs-stream-prefix": "${app_environment}" - } - }, - "mountPoints": [ - { - "sourceVolume": "opensips", - "containerPath": "/var/opensips" - } - ], - "essential": true, - "healthCheck": { - "command": ["CMD-SHELL", "nc -z -w 5 $(hostname -i) ${sip_port}"], - "interval": 10, - "retries": 10, - "timeout": 5 - }, - "portMappings": [ - { - "hostPort" : ${sip_port}, - "containerPort": ${sip_port}, - "protocol": "udp" - }, - { - "hostPort" : ${sip_port}, - "containerPort": ${sip_port}, - "protocol": "tcp" - } - ], - "secrets": [ - { - "name": "DATABASE_PASSWORD", - "valueFrom": "${database_password_parameter_arn}" - } - ], - "environment": [ - { - "name": "FIFO_NAME", - "value": "/var/opensips/opensips_fifo" - }, - { - "name": "DATABASE_NAME", - "value": "${database_name}" - }, - { - "name": "DATABASE_USERNAME", - "value": "${database_username}" - }, - { - "name": "DATABASE_HOST", - "value": "${database_host}" - }, - { - "name": "DATABASE_PORT", - "value": "${database_port}" - }, - { - "name": "SIP_PORT", - "value": "${sip_port}" - } - ] - }, - { - "name": "opensips_scheduler", - "image": "${opensips_scheduler_image}:latest", - "mountPoints": [ - { - "sourceVolume": "opensips", - "containerPath": "/var/opensips" - } - ], - "environment": [ - { - "name": "FIFO_NAME", - "value": "/var/opensips/opensips_fifo" - }, - { - "name": "MI_COMMANDS", - "value": "lb_reload,domain_reload,rtpengine_reload" - } - ], - "essential": true - } -] diff --git a/infrastructure/modules/somleng_switch/templates/media_proxy.json.tpl b/infrastructure/modules/somleng_switch/templates/media_proxy.json.tpl deleted file mode 100644 index b61c48c6e..000000000 --- a/infrastructure/modules/somleng_switch/templates/media_proxy.json.tpl +++ /dev/null @@ -1,39 +0,0 @@ -[ - { - "name": "media_proxy", - "image": "${media_proxy_image}:latest", - "logConfiguration": { - "logDriver": "awslogs", - "options": { - "awslogs-group": "${logs_group}", - "awslogs-region": "${logs_group_region}", - "awslogs-stream-prefix": "${app_environment}" - } - }, - "essential": true, - "healthCheck": { - "command": ["CMD-SHELL", "nc -z -w 5 $(hostname -i) ${healthcheck_port}"], - "interval": 10, - "retries": 10, - "timeout": 5 - }, - "environment": [ - { - "name": "NG_PORT", - "value": "${ng_port}" - }, - { - "name": "MEDIA_PORT_MIN", - "value": "${media_port_min}" - }, - { - "name": "MEDIA_PORT_MAX", - "value": "${media_port_max}" - }, - { - "name": "HEALTHCHECK_PORT", - "value": "${healthcheck_port}" - } - ] - } -] diff --git a/infrastructure/modules/somleng_switch/templates/public_gateway.json.tpl b/infrastructure/modules/somleng_switch/templates/public_gateway.json.tpl deleted file mode 100644 index 18a355d23..000000000 --- a/infrastructure/modules/somleng_switch/templates/public_gateway.json.tpl +++ /dev/null @@ -1,98 +0,0 @@ -[ - { - "name": "public_gateway", - "image": "${public_gateway_image}:latest", - "logConfiguration": { - "logDriver": "awslogs", - "options": { - "awslogs-group": "${logs_group}", - "awslogs-region": "${logs_group_region}", - "awslogs-stream-prefix": "${app_environment}" - } - }, - "mountPoints": [ - { - "sourceVolume": "opensips", - "containerPath": "/var/opensips" - } - ], - "essential": true, - "healthCheck": { - "command": ["CMD-SHELL", "nc -z -w 5 $(hostname -i) ${sip_port}"], - "interval": 10, - "retries": 10, - "timeout": 5 - }, - "portMappings": [ - { - "containerPort": ${sip_port}, - "protocol": "udp" - }, - { - "containerPort": ${sip_alternative_port}, - "protocol": "udp" - } - ], - "secrets": [ - { - "name": "DATABASE_PASSWORD", - "valueFrom": "${database_password_parameter_arn}" - } - ], - "environment": [ - { - "name": "FIFO_NAME", - "value": "/var/opensips/opensips_fifo" - }, - { - "name": "DATABASE_NAME", - "value": "${database_name}" - }, - { - "name": "DATABASE_USERNAME", - "value": "${database_username}" - }, - { - "name": "DATABASE_HOST", - "value": "${database_host}" - }, - { - "name": "DATABASE_PORT", - "value": "${database_port}" - }, - { - "name": "SIP_PORT", - "value": "${sip_port}" - }, - { - "name": "SIP_ALTERNATIVE_PORT", - "value": "${sip_alternative_port}" - }, - { - "name": "SIP_ADVERTISED_IP", - "value": "${sip_advertised_ip}" - } - ] - }, - { - "name": "opensips_scheduler", - "image": "${opensips_scheduler_image}:latest", - "mountPoints": [ - { - "sourceVolume": "opensips", - "containerPath": "/var/opensips" - } - ], - "environment": [ - { - "name": "FIFO_NAME", - "value": "/var/opensips/opensips_fifo" - }, - { - "name": "MI_COMMANDS", - "value": "lb_reload,address_reload" - } - ], - "essential": true - } -] diff --git a/infrastructure/modules/somleng_switch/templates/switch.json.tpl b/infrastructure/modules/somleng_switch/templates/switch.json.tpl deleted file mode 100644 index bbd60fdb8..000000000 --- a/infrastructure/modules/somleng_switch/templates/switch.json.tpl +++ /dev/null @@ -1,293 +0,0 @@ -[ - { - "name": "nginx", - "image": "${nginx_image}:latest", - "logConfiguration": { - "logDriver": "awslogs", - "options": { - "awslogs-group": "${nginx_logs_group}", - "awslogs-region": "${logs_group_region}", - "awslogs-stream-prefix": "${app_environment}" - } - }, - "essential": true, - "portMappings": [ - { - "containerPort": 80 - } - ], - "dependsOn": [ - { - "containerName": "app", - "condition": "HEALTHY" - } - ] - }, - { - "name": "app", - "image": "${app_image}:latest", - "logConfiguration": { - "logDriver": "awslogs", - "options": { - "awslogs-group": "${app_logs_group}", - "awslogs-region": "${logs_group_region}", - "awslogs-stream-prefix": "${app_environment}" - } - }, - "startTimeout": 120, - "dependsOn": [ - { - "containerName": "redis", - "condition": "HEALTHY" - } - ], - "healthCheck": { - "command": [ "CMD-SHELL", "wget --server-response --spider --quiet http://localhost:3000/health_checks 2>&1 | grep '200 OK' > /dev/null" ], - "interval": 10, - "retries": 10, - "timeout": 5 - }, - "essential": true, - "secrets": [ - { - "name": "APP_MASTER_KEY", - "valueFrom": "${application_master_key_parameter_arn}" - }, - { - "name": "AHN_CORE_PASSWORD", - "valueFrom": "${rayo_password_parameter_arn}" - } - ], - "portMappings": [ - { - "containerPort": 3000 - } - ], - "environment": [ - { - "name": "AHN_ENV", - "value": "${app_environment}" - }, - { - "name": "APP_ENV", - "value": "${app_environment}" - }, - { - "name": "RACK_ENV", - "value": "${app_environment}" - }, - { - "name": "AWS_DEFAULT_REGION", - "value": "${region}" - }, - { - "name": "AHN_CORE_HTTP_PORT", - "value": "3000" - }, - { - "name": "AHN_CORE_PORT", - "value": "5222" - }, - { - "name": "SERVICES_FUNCTION_ARN", - "value": "${services_function_arn}" - }, - { - "name": "REDIS_URL", - "value": "redis://localhost:6379/1" - } - ] - }, - { - "name": "freeswitch", - "image": "${freeswitch_image}:latest", - "logConfiguration": { - "logDriver": "awslogs", - "options": { - "awslogs-group": "${freeswitch_logs_group}", - "awslogs-region": "${logs_group_region}", - "awslogs-stream-prefix": "${app_environment}" - } - }, - "startTimeout": 120, - "healthCheck": { - "command": ["CMD-SHELL", "fs_cli -p $FS_EVENT_SOCKET_PASSWORD -x 'rayo status' | rayo_status_parser"], - "interval": 10, - "retries": 10, - "timeout": 5 - }, - "mountPoints": [ - { - "containerPath": "${cache_directory}", - "sourceVolume": "${source_volume}" - } - ], - "essential": true, - "secrets": [ - { - "name": "FS_MOD_RAYO_PASSWORD", - "valueFrom": "${rayo_password_parameter_arn}" - }, - { - "name": "FS_MOD_JSON_CDR_PASSWORD", - "valueFrom": "${json_cdr_password_parameter_arn}" - }, - { - "name": "FS_RECORDINGS_BUCKET_ACCESS_KEY_ID", - "valueFrom": "${recordings_bucket_access_key_id_parameter_arn}" - }, - { - "name": "FS_RECORDINGS_BUCKET_SECRET_ACCESS_KEY", - "valueFrom": "${recordings_bucket_secret_access_key_parameter_arn}" - }, - { - "name": "FS_EVENT_SOCKET_PASSWORD", - "valueFrom": "${freeswitch_event_socket_password_parameter_arn}" - } - ], - "portMappings": [ - { - "containerPort": 5222, - "protocol": "tcp" - }, - { - "containerPort": ${sip_port}, - "protocol": "udp" - }, - { - "containerPort": ${sip_alternative_port}, - "protocol": "udp" - }, - { - "containerPort": 8021, - "protocol": "tcp" - } - ], - "environment": [ - { - "name": "AWS_DEFAULT_REGION", - "value": "${region}" - }, - { - "name": "FS_CACHE_DIRECTORY", - "value": "${cache_directory}" - }, - { - "name": "FS_STORAGE_DIRECTORY", - "value": "${cache_directory}/freeswitch/storage" - }, - { - "name": "FS_TTS_CACHE_DIRECTORY", - "value": "${cache_directory}/freeswitch/tts_cache" - }, - { - "name": "FS_LOG_DIRECTORY", - "value": "${cache_directory}/freeswitch/logs" - }, - { - "name": "FS_EXTERNAL_RTP_IP", - "value": "${external_rtp_ip}" - }, - { - "name": "FS_ALTERNATIVE_SIP_OUTBOUND_IP", - "value": "${alternative_sip_outbound_ip}" - }, - { - "name": "FS_ALTERNATIVE_RTP_IP", - "value": "${alternative_rtp_ip}" - }, - { - "name": "FS_MOD_RAYO_PORT", - "value": "5222" - }, - { - "name": "FS_MOD_JSON_CDR_URL", - "value": "${json_cdr_url}" - }, - { - "name": "FS_RECORDINGS_BUCKET_NAME", - "value": "${recordings_bucket_name}" - }, - { - "name": "FS_RECORDINGS_BUCKET_REGION", - "value": "${recordings_bucket_region}" - }, - { - "name": "FS_EVENT_SOCKET_PORT", - "value": "${freeswitch_event_socket_port}" - }, - { - "name": "FS_SIP_PORT", - "value": "${sip_port}" - }, - { - "name": "FS_SIP_ALTERNATIVE_PORT", - "value": "${sip_alternative_port}" - } - ] - }, - { - "name": "redis", - "image": "public.ecr.aws/docker/library/redis:alpine", - "logConfiguration": { - "logDriver": "awslogs", - "options": { - "awslogs-group": "${redis_logs_group}", - "awslogs-region": "${logs_group_region}", - "awslogs-stream-prefix": "${app_environment}" - } - }, - "essential": true, - "healthCheck": { - "command": [ "CMD-SHELL", "redis-cli", "--raw", "incr", "ping" ], - "interval": 10, - "retries": 10, - "timeout": 5 - }, - "portMappings": [ - { - "containerPort": 6379 - } - ] - }, - { - "name": "freeswitch-event-logger", - "image": "${freeswitch_event_logger_image}:latest", - "logConfiguration": { - "logDriver": "awslogs", - "options": { - "awslogs-group": "${freeswitch_event_logger_logs_group}", - "awslogs-region": "${logs_group_region}", - "awslogs-stream-prefix": "${app_environment}" - } - }, - "startTimeout": 120, - "essential": true, - "secrets": [ - { - "name": "EVENT_SOCKET_PASSWORD", - "valueFrom": "${freeswitch_event_socket_password_parameter_arn}" - } - ], - "dependsOn": [ - { - "containerName": "freeswitch", - "condition": "HEALTHY" - }, - { - "containerName": "redis", - "condition": "HEALTHY" - } - ], - "environment": [ - { - "name": "EVENT_SOCKET_HOST", - "value": "localhost:${freeswitch_event_socket_port}" - }, - { - "name": "REDIS_URL", - "value": "redis://localhost:6379/1" - } - ] - } -] diff --git a/infrastructure/modules/somleng_switch/variables.tf b/infrastructure/modules/somleng_switch/variables.tf index 39a744eb6..df386b8ba 100644 --- a/infrastructure/modules/somleng_switch/variables.tf +++ b/infrastructure/modules/somleng_switch/variables.tf @@ -17,14 +17,17 @@ variable "public_gateway_image" {} variable "client_gateway_image" {} variable "media_proxy_image" {} variable "freeswitch_event_logger_image" {} -variable s3_mpeg_ecr_repository_url {} -variable services_ecr_repository_url {} +variable "s3_mpeg_ecr_repository_url" {} +variable "services_ecr_repository_url" {} variable "load_balancer" {} +variable "internal_load_balancer" {} variable "network_load_balancer" {} -variable "listener_arn" {} +variable "listener" {} +variable "internal_listener" {} variable "switch_subdomain" {} variable "client_gateway_subdomain" {} variable "route53_zone" {} +variable "internal_route53_zone" {} variable "recordings_bucket_name" {} variable "efs_cache_name" {} variable "container_insights_enabled" { @@ -105,6 +108,26 @@ variable "sip_alternative_port" { default = 5080 } +variable "switch_webserver_port" { + default = 80 +} + +variable "switch_appserver_port" { + default = 3000 +} + +variable "rayo_port" { + default = 5222 +} + +variable "redis_port" { + default = 6379 +} + +variable "opensips_fifo_name" { + default = "/var/opensips/opensips_fifo" +} + variable "public_gateway_db_name" {} variable "client_gateway_db_name" {} variable "db_host" {} diff --git a/infrastructure/production/main.tf b/infrastructure/production/main.tf index 0de619862..1843a8996 100644 --- a/infrastructure/production/main.tf +++ b/infrastructure/production/main.tf @@ -5,54 +5,59 @@ data "aws_ssm_parameter" "somleng_services_password" { module "somleng_switch" { source = "../modules/somleng_switch" - cluster_name = "somleng-switch" - switch_identifier = "switch" - services_identifier = "switch-services" - s3_mpeg_identifier = "s3-mpeg" + cluster_name = "somleng-switch" + switch_identifier = "switch" + services_identifier = "switch-services" + s3_mpeg_identifier = "s3-mpeg" public_gateway_identifier = "public-gateway" client_gateway_identifier = "client-gateway" - media_proxy_identifier = "media-proxy" + media_proxy_identifier = "media-proxy" - switch_app_image = data.terraform_remote_state.core.outputs.switch_ecr_repository.repository_uri - nginx_image = data.terraform_remote_state.core.outputs.nginx_ecr_repository.repository_uri - freeswitch_image = data.terraform_remote_state.core.outputs.freeswitch_ecr_repository.repository_uri + switch_app_image = data.terraform_remote_state.core.outputs.switch_ecr_repository.repository_uri + nginx_image = data.terraform_remote_state.core.outputs.nginx_ecr_repository.repository_uri + freeswitch_image = data.terraform_remote_state.core.outputs.freeswitch_ecr_repository.repository_uri freeswitch_event_logger_image = data.terraform_remote_state.core.outputs.freeswitch_event_logger_ecr_repository.repository_uri - public_gateway_image = data.terraform_remote_state.core.outputs.public_gateway_ecr_repository.repository_uri - client_gateway_image = data.terraform_remote_state.core.outputs.client_gateway_ecr_repository.repository_uri - media_proxy_image = data.terraform_remote_state.core.outputs.media_proxy_ecr_repository.repository_uri - opensips_scheduler_image = data.terraform_remote_state.core.outputs.opensips_scheduler_ecr_repository.repository_uri - s3_mpeg_ecr_repository_url = data.terraform_remote_state.core.outputs.s3_mpeg_ecr_repository.repository_url - services_ecr_repository_url = data.terraform_remote_state.core.outputs.services_ecr_repository.repository_url + public_gateway_image = data.terraform_remote_state.core.outputs.public_gateway_ecr_repository.repository_uri + client_gateway_image = data.terraform_remote_state.core.outputs.client_gateway_ecr_repository.repository_uri + media_proxy_image = data.terraform_remote_state.core.outputs.media_proxy_ecr_repository.repository_uri + opensips_scheduler_image = data.terraform_remote_state.core.outputs.opensips_scheduler_ecr_repository.repository_uri + s3_mpeg_ecr_repository_url = data.terraform_remote_state.core.outputs.s3_mpeg_ecr_repository.repository_url + services_ecr_repository_url = data.terraform_remote_state.core.outputs.services_ecr_repository.repository_url vpc = data.terraform_remote_state.core_infrastructure.outputs.vpc - aws_region = var.aws_region + aws_region = var.aws_region app_environment = "production" json_cdr_password_parameter_arn = data.aws_ssm_parameter.somleng_services_password.arn - json_cdr_url = "https://api.somleng.org/services/call_data_records" - external_sip_ip = data.terraform_remote_state.core_infrastructure.outputs.nlb_eips[0].public_ip - external_rtp_ip = data.terraform_remote_state.core_infrastructure.outputs.vpc.nat_public_ips[0] + json_cdr_url = "https://api.internal.somleng.org/services/call_data_records" + external_sip_ip = data.terraform_remote_state.core_infrastructure.outputs.nlb_eips[0].public_ip + external_rtp_ip = data.terraform_remote_state.core_infrastructure.outputs.vpc.nat_public_ips[0] alternative_sip_outbound_ip = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip - alternative_rtp_ip = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip + alternative_rtp_ip = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip - efs_cache_name = "somleng-switch-cache" - public_gateway_db_name = "opensips_public_gateway" - client_gateway_db_name = "opensips_client_gateway" - db_username = data.terraform_remote_state.core_infrastructure.outputs.db_cluster.master_username + efs_cache_name = "somleng-switch-cache" + public_gateway_db_name = "opensips_public_gateway" + client_gateway_db_name = "opensips_client_gateway" + db_username = data.terraform_remote_state.core_infrastructure.outputs.db_cluster.master_username db_password_parameter_arn = data.terraform_remote_state.core_infrastructure.outputs.db_master_password_parameter.arn - db_host = data.terraform_remote_state.core_infrastructure.outputs.db_cluster.endpoint - db_port = data.terraform_remote_state.core_infrastructure.outputs.db_cluster.port - db_security_group = data.terraform_remote_state.core_infrastructure.outputs.db_security_group.id - - load_balancer = data.terraform_remote_state.core_infrastructure.outputs.application_load_balancer - network_load_balancer = data.terraform_remote_state.core_infrastructure.outputs.network_load_balancer - route53_zone = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_somleng_org - listener_arn = data.terraform_remote_state.core_infrastructure.outputs.https_listener.arn - switch_subdomain = "ahn" + db_host = data.terraform_remote_state.core_infrastructure.outputs.db_cluster.endpoint + db_port = data.terraform_remote_state.core_infrastructure.outputs.db_cluster.port + db_security_group = data.terraform_remote_state.core_infrastructure.outputs.db_security_group.id + + load_balancer = data.terraform_remote_state.core_infrastructure.outputs.application_load_balancer + internal_load_balancer = data.terraform_remote_state.core_infrastructure.outputs.internal_application_load_balancer + network_load_balancer = data.terraform_remote_state.core_infrastructure.outputs.network_load_balancer + listener = data.terraform_remote_state.core_infrastructure.outputs.https_listener + internal_listener = data.terraform_remote_state.core_infrastructure.outputs.internal_https_listener + + route53_zone = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_somleng_org + internal_route53_zone = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_internal_somleng_org + + switch_subdomain = "switch" client_gateway_subdomain = "sip" recordings_bucket_name = "raw-recordings.somleng.org" - switch_max_tasks = 10 + switch_max_tasks = 10 } diff --git a/infrastructure/staging/main.tf b/infrastructure/staging/main.tf index 8f74b2a5c..af3a96e38 100644 --- a/infrastructure/staging/main.tf +++ b/infrastructure/staging/main.tf @@ -5,67 +5,72 @@ data "aws_ssm_parameter" "somleng_services_password" { module "somleng_switch_staging" { source = "../modules/somleng_switch" - cluster_name = "somleng-switch-staging" - switch_identifier = "switch-staging" - services_identifier = "switch-services-staging" - s3_mpeg_identifier = "s3-mpeg-staging" + cluster_name = "somleng-switch-staging" + switch_identifier = "switch-staging" + services_identifier = "switch-services-staging" + s3_mpeg_identifier = "s3-mpeg-staging" public_gateway_identifier = "public-gateway-staging" client_gateway_identifier = "client-gateway-staging" - media_proxy_identifier = "media-proxy-staging" + media_proxy_identifier = "media-proxy-staging" - aws_region = var.aws_region + aws_region = var.aws_region app_environment = "staging" - switch_app_image = data.terraform_remote_state.core.outputs.switch_ecr_repository.repository_uri - nginx_image = data.terraform_remote_state.core.outputs.nginx_ecr_repository.repository_uri - freeswitch_image = data.terraform_remote_state.core.outputs.freeswitch_ecr_repository.repository_uri + switch_app_image = data.terraform_remote_state.core.outputs.switch_ecr_repository.repository_uri + nginx_image = data.terraform_remote_state.core.outputs.nginx_ecr_repository.repository_uri + freeswitch_image = data.terraform_remote_state.core.outputs.freeswitch_ecr_repository.repository_uri freeswitch_event_logger_image = data.terraform_remote_state.core.outputs.freeswitch_event_logger_ecr_repository.repository_uri - public_gateway_image = data.terraform_remote_state.core.outputs.public_gateway_ecr_repository.repository_uri - client_gateway_image = data.terraform_remote_state.core.outputs.client_gateway_ecr_repository.repository_uri - media_proxy_image = data.terraform_remote_state.core.outputs.media_proxy_ecr_repository.repository_uri - opensips_scheduler_image = data.terraform_remote_state.core.outputs.opensips_scheduler_ecr_repository.repository_uri + public_gateway_image = data.terraform_remote_state.core.outputs.public_gateway_ecr_repository.repository_uri + client_gateway_image = data.terraform_remote_state.core.outputs.client_gateway_ecr_repository.repository_uri + media_proxy_image = data.terraform_remote_state.core.outputs.media_proxy_ecr_repository.repository_uri + opensips_scheduler_image = data.terraform_remote_state.core.outputs.opensips_scheduler_ecr_repository.repository_uri - s3_mpeg_ecr_repository_url = data.terraform_remote_state.core.outputs.s3_mpeg_ecr_repository.repository_url + s3_mpeg_ecr_repository_url = data.terraform_remote_state.core.outputs.s3_mpeg_ecr_repository.repository_url services_ecr_repository_url = data.terraform_remote_state.core.outputs.services_ecr_repository.repository_url vpc = data.terraform_remote_state.core_infrastructure.outputs.vpc json_cdr_password_parameter_arn = data.aws_ssm_parameter.somleng_services_password.arn - json_cdr_url = "https://api-staging.somleng.org/services/call_data_records" - external_sip_ip = data.terraform_remote_state.core_infrastructure.outputs.nlb_eips[0].public_ip - external_rtp_ip = data.terraform_remote_state.core_infrastructure.outputs.vpc.nat_public_ips[0] + json_cdr_url = "https://api-staging.internal.somleng.org/services/call_data_records" + external_sip_ip = data.terraform_remote_state.core_infrastructure.outputs.nlb_eips[0].public_ip + external_rtp_ip = data.terraform_remote_state.core_infrastructure.outputs.vpc.nat_public_ips[0] alternative_sip_outbound_ip = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip - alternative_rtp_ip = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip + alternative_rtp_ip = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip - efs_cache_name = "switch-staging-cache" - public_gateway_db_name = "opensips_public_gateway_staging" - client_gateway_db_name = "opensips_client_gateway_staging" - db_username = data.terraform_remote_state.core_infrastructure.outputs.db_cluster.master_username + efs_cache_name = "switch-staging-cache" + public_gateway_db_name = "opensips_public_gateway_staging" + client_gateway_db_name = "opensips_client_gateway_staging" + db_username = data.terraform_remote_state.core_infrastructure.outputs.db_cluster.master_username db_password_parameter_arn = data.terraform_remote_state.core_infrastructure.outputs.db_master_password_parameter.arn - db_host = data.terraform_remote_state.core_infrastructure.outputs.db_cluster.endpoint - db_port = data.terraform_remote_state.core_infrastructure.outputs.db_cluster.port - db_security_group = data.terraform_remote_state.core_infrastructure.outputs.db_security_group.id + db_host = data.terraform_remote_state.core_infrastructure.outputs.db_cluster.endpoint + db_port = data.terraform_remote_state.core_infrastructure.outputs.db_cluster.port + db_security_group = data.terraform_remote_state.core_infrastructure.outputs.db_security_group.id - load_balancer = data.terraform_remote_state.core_infrastructure.outputs.application_load_balancer - network_load_balancer = data.terraform_remote_state.core_infrastructure.outputs.network_load_balancer - route53_zone = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_somleng_org - listener_arn = data.terraform_remote_state.core_infrastructure.outputs.https_listener.arn - switch_subdomain = "switch-staging" + load_balancer = data.terraform_remote_state.core_infrastructure.outputs.application_load_balancer + internal_load_balancer = data.terraform_remote_state.core_infrastructure.outputs.internal_application_load_balancer + network_load_balancer = data.terraform_remote_state.core_infrastructure.outputs.network_load_balancer + listener = data.terraform_remote_state.core_infrastructure.outputs.https_listener + internal_listener = data.terraform_remote_state.core_infrastructure.outputs.internal_https_listener + + route53_zone = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_somleng_org + internal_route53_zone = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_internal_somleng_org + + switch_subdomain = "switch-staging" client_gateway_subdomain = "sip-staging" recordings_bucket_name = "raw-recordings-staging.somleng.org" - sip_port = 6060 - sip_alternative_port = 6080 - switch_min_tasks = 0 - switch_max_tasks = 2 - public_gateway_min_tasks = 0 - public_gateway_max_tasks = 2 - client_gateway_min_tasks = 0 - client_gateway_max_tasks = 2 - media_proxy_min_tasks = 0 - media_proxy_max_tasks = 2 + sip_port = 6060 + sip_alternative_port = 6080 + switch_min_tasks = 0 + switch_max_tasks = 2 + public_gateway_min_tasks = 0 + public_gateway_max_tasks = 2 + client_gateway_min_tasks = 0 + client_gateway_max_tasks = 2 + media_proxy_min_tasks = 0 + media_proxy_max_tasks = 2 assign_client_gateway_eips = false - assign_media_proxy_eips = false + assign_media_proxy_eips = false }