Tezos. Fixed S3 access problem with Sync nodes

vlasonfa · vlasonfa · commit 90c8239e9ba7 · 2024-08-01T17:58:54.000+10:00
diff --git a/lib/tezos/README.md b/lib/tezos/README.md
@@ -215,3 +215,36 @@ echo "INSTANCE_ID=" $INSTANCE_ID
 aws ssm start-session --target $INSTANCE_ID --region $AWS_REGION
 sudo cat /var/log/cloud-init-output.log
 ```
+2. How can check the status of the node service?
+``` bash
+export INSTANCE_ID=$(cat single-node-deploy.json | jq -r '..|.node-instance-id? | select(. != null)')
+echo "INSTANCE_ID=" $INSTANCE_ID
+aws ssm start-session --target $INSTANCE_ID --region $AWS_REGION
+sudo systemctl status node
+```
+
+3. How to check the logs of the clients running on my node?
+
+```bash
+pwd
+# Make sure you are in aws-blockchain-node-runners/lib/solana
+
+export INSTANCE_ID=$(cat single-node-deploy.json | jq -r '..|.node-instance-id? | select(. != null)')
+echo "INSTANCE_ID=" $INSTANCE_ID
+aws ssm start-session --target $INSTANCE_ID --region $AWS_REGION
+sudo su bcuser
+sudo journalctl -o cat -fu node
+```
+
+3. How to check the logs of data backup service on sync node?
+
+```bash
+pwd
+# Make sure you are in aws-blockchain-node-runners/lib/solana
+
+export INSTANCE_ID=$(cat sync-node-deploy.json | jq -r '..|.node-instance-id? | select(. != null)')
+echo "INSTANCE_ID=" $INSTANCE_ID
+aws ssm start-session --target $INSTANCE_ID --region $AWS_REGION
+sudo su bcuser
+sudo journalctl -o cat -fu s3-sync
+```
diff --git a/lib/tezos/lib/ha-nodes-stack.ts b/lib/tezos/lib/ha-nodes-stack.ts
@@ -68,10 +68,9 @@ export class TzHANodesStack extends cdk.Stack {
             path: path.join(__dirname, "assets")
         });
 
-        const snapshotBucket = s3.Bucket.fromBucketName(this, "snapshots-s3-bucket", cdk.Fn.importValue('TezosSnapshotBucket'))
+        const snapshotBucketName = cdk.Fn.importValue('TezosSnapshotBucket');
 
         asset.bucket.grantRead(instanceRole);
-        snapshotBucket.grantRead(instanceRole);
 
         // parsing user data script and injecting necessary variables
         const nodeScript = fs.readFileSync(path.join(__dirname, "assets", "user-data", "node.sh")).toString();
@@ -89,7 +88,7 @@ export class TzHANodesStack extends cdk.Stack {
             _LIFECYCLE_HOOK_NAME_: lifecycleHookName,
             _AUTOSCALING_GROUP_NAME_: autoScalingGroupName,
             _ASSETS_S3_PATH_: `s3://${asset.s3BucketName}/${asset.s3ObjectKey}`,
-            _S3_SYNC_BUCKET_: cdk.Fn.importValue('TezosSnapshotBucket'),
+            _S3_SYNC_BUCKET_: snapshotBucketName,
             _INSTANCE_TYPE_: "HA"
         });
 
diff --git a/lib/tezos/lib/snapshot-node-stack.ts b/lib/tezos/lib/snapshot-node-stack.ts
@@ -58,14 +58,14 @@ export class TzSnapshotNodeStack extends cdk.Stack {
         // getting the IAM Role ARM from the common stack
         const importedInstanceRoleArn = cdk.Fn.importValue("TzNodeInstanceRoleArn");
 
-        const instanceRole = iam.Role.fromRoleArn(this, "iam-role", importedInstanceRoleArn);
+        const snapshotInstanceRole = iam.Role.fromRoleArn(this, "iam-role", importedInstanceRoleArn);
 
         // making our scripts and configs from the local "assets" directory available for instance to download
         const asset = new s3Assets.Asset(this, "assets", {
             path: path.join(__dirname, "assets")
         });
 
-        asset.bucket.grantRead(instanceRole);
+        asset.bucket.grantRead(snapshotInstanceRole);
 
 
         const snapshotsBucket = new SnapshotsS3BucketConstruct(this, "snapshots-s3-bucket", {
@@ -76,15 +76,7 @@ export class TzSnapshotNodeStack extends cdk.Stack {
             service: ec2.GatewayVpcEndpointAwsService.S3,
         });
 
-        const snapshotInstanceRole = new iam.Role(this, `snapshot-instance-role`, {
-            assumedBy: new iam.ServicePrincipal("ec2.amazonaws.com"),
-            managedPolicies: [
-                iam.ManagedPolicy.fromAwsManagedPolicyName("CloudWatchAgentServerPolicy"),
-            ],
-        });
-
-        asset.bucket.grantRead(snapshotInstanceRole);
-        snapshotInstanceRole.addToPolicy(
+        snapshotInstanceRole.addToPrincipalPolicy(
             new iam.PolicyStatement({
                 resources: [
                     snapshotsBucket.bucketArn,
@@ -126,7 +118,7 @@ export class TzSnapshotNodeStack extends cdk.Stack {
             }),
             vpc,
             availabilityZone: chosenAvailabilityZone,
-            role: instanceRole,
+            role: snapshotInstanceRole,
             securityGroup: instanceSG.securityGroup,
             vpcSubnets: {
                 subnetType: ec2.SubnetType.PUBLIC,
diff --git a/lib/tezos/test/ha-nodes-stack.test.ts b/lib/tezos/test/ha-nodes-stack.test.ts
@@ -23,6 +23,7 @@ describe("TzHANodesStack", () => {
     snapshotsUrl:config.baseNodeConfig.snapshotsUrl,
     dataVolume: config.baseNodeConfig.dataVolume,
     downloadSnapshot: Boolean(config.baseNodeConfig.downloadSnapshot),
+    octezDownloadUri: config.baseNodeConfig.octezDownloadUri,
 
     albHealthCheckGracePeriodMin: config.haNodeConfig.albHealthCheckGracePeriodMin,
     heartBeatDelayMin: config.haNodeConfig.heartBeatDelayMin,
diff --git a/lib/tezos/test/single-node-stack.test.ts b/lib/tezos/test/single-node-stack.test.ts
@@ -22,6 +22,7 @@ describe("TZSingleNodeStack", () => {
       historyMode: config.baseNodeConfig.historyMode,
       snapshotsUrl:config.baseNodeConfig.snapshotsUrl,
       dataVolume: config.baseNodeConfig.dataVolume,
+      octezDownloadUri: config.baseNodeConfig.octezDownloadUri,
       downloadSnapshot: true
   });
 
