Compute
Compute is the component of Common in charge of providing out-of-band processing. It can run jobs both on-demand and on-schedule.
Public Oath
Fluid Attacks will constantly look for out-of-band computing solutions that balance:
- Cost
- Security
- Scalability
- Speed
- Traceability
Such solutions must also be:
- Cloud based
- Integrable with the rest of our stack
Architecture
- The module is managed as code using Terraform.
- Batch jobs use AWS EC2 Spot machines.
- Spot machines have Internet access.
- Spot machines are of
aarch64-linux
architecture. - Batch jobs are able to run jobs, but for as long as an EC2 SPOT instance last (so design with idempotency, and retrial mechanisms in mind).
- Jobs can be sent to batch in two ways:
- Using curl, boto3, or any other tool that allows interacting with AWS API.
- Defining a schedule, which periodically submits a job to a queue.
- AWS EventBridge is used to trigger scheduled jobs.
- On failure, an email is sent to [email protected]
- Batch machines come in two sizes:
small
with 1 vcpu and 8 GiB memory.large
with 2 vcpu and 16 GiB memory.
- All runners have internal solid-state drives for maximum performance.
- A special compute environment called
warp
meant for cloning repositories via Cloudflare WARP uses 2 vcpu and 4 GiB memory machines on ax86_64-linux
architecture. - Compute environments use subnets on all availability zones within
us-east-1
for maximum spot availability
Contributing
Please read the contributing page first.