mirrors/blockstream-satellite-api
1
0
Fork 0
mirror of https://github.com/Blockstream/satellite-api.git synced 2025-02-20 12:54:28 +01:00
Code Issues Projects Releases Packages Wiki Activity

add mainnet

Browse source
This commit is contained in:
nitram 2019-03-07 12:29:43 -08:00
parent 23f9b02d4d
commit 7ef4820dc8
No known key found for this signature in database
GPG key ID: 2352C35346C5D534
15 changed files with 421 additions and 241 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

155
.gitlab-ci.yml
View file

@ -68,7 +68,7 @@ plan_satapi:
-var "rpcpass=$RPCPASS"
-input=false)
# This plan gets triggered only for miscellaneous branches/tags (i.e. tor and others), so make sure the branch/tag name starts with misc_
# This plan gets triggered only for miscellaneous branches/tags (i.e. tor, prometheus, etc), so make sure the branch/tag name starts with misc_
plan_misc:
stage: plan
only:
@ -94,55 +94,7 @@ plan_misc:
-var "satellite_api_lb_staging=$SATELLITE_API_LB_STAGING"
-input=false)
# Tag with staging_v.* to deploy staging (e.g. staging_v0.1.1)
deploy_staging:
stage: deploy
only:
- /^staging_v.*/
script:
- (cd terraform
&& terraform init -input=false
&& terraform workspace select staging
&& terraform apply
-var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA"
-var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA"
-var "region=$REGION"
-var "zone=$ZONE"
-var "instance_type=$INSTANCE_TYPE"
-var "host=$HOST_STAGING"
-var "ssl_cert=$SSL_CERT_STAGING"
-var "timeout=$TIMEOUT"
-var "prom_service_acct=$PROM_SA"
-var "opsgenie_key=$OPSGENIE_KEY"
-var "rpcuser=$RPCUSER"
-var "rpcpass=$RPCPASS"
-input=false -auto-approve)
# Tag with production_v.* to deploy production (e.g. production_v0.1.1)
deploy_production:
stage: deploy
only:
- /^prod_v.*/
script:
- (cd terraform
&& terraform init -input=false
&& terraform workspace select prod
&& terraform apply
-var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA"
-var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA"
-var "region=$REGION"
-var "zone=$ZONE"
-var "instance_type=$INSTANCE_TYPE"
-var "host=$HOST"
-var "ssl_cert=$SSL_CERT"
-var "timeout=$TIMEOUT"
-var "prom_service_acct=$PROM_SA"
-var "opsgenie_key=$OPSGENIE_KEY"
-var "rpcuser=$RPCUSER"
-var "rpcpass=$RPCPASS"
-input=false -auto-approve)
# This deploys only tags/branches starting with misc_v.* (i.e. tor and others)
# This deploys only tags/branches starting with misc_v.* (i.e. tor, prometheus, etc)
deploy_misc:
stage: deploy
only:
@ -166,6 +118,103 @@ deploy_misc:
-var "satellite_api_lb_staging=$SATELLITE_API_LB_STAGING"
-input=false -auto-approve)
# Tag with staging_v.* to deploy mainnet staging (e.g. staging_v0.1.1)
deploy_staging:
stage: deploy
only:
- /^staging_v.*/
script:
- (cd terraform
&& terraform init -input=false
&& terraform workspace select staging
&& terraform apply
-var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA"
-var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA"
-var "region=$REGION"
-var "zone=$ZONE"
-var "instance_type=$INSTANCE_TYPE"
-var "host=$HOST_STAGING"
-var "ssl_cert=$SSL_CERT_STAGING"
-var "timeout=$TIMEOUT"
-var "prom_service_acct=$PROM_SA"
-var "opsgenie_key=$OPSGENIE_KEY"
-var "rpcuser=$RPCUSER"
-var "rpcpass=$RPCPASS"
-input=false -auto-approve)
# Tag with production_v.* to deploy mainnet production (e.g. prod_v0.1.1)
deploy_production:
stage: deploy
only:
- /^prod_v.*/
script:
- (cd terraform
&& terraform init -input=false
&& terraform workspace select prod
&& terraform apply
-var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA"
-var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA"
-var "region=$REGION"
-var "zone=$ZONE"
-var "instance_type=$INSTANCE_TYPE"
-var "host=$HOST"
-var "ssl_cert=$SSL_CERT"
-var "timeout=$TIMEOUT"
-var "prom_service_acct=$PROM_SA"
-var "opsgenie_key=$OPSGENIE_KEY"
-var "rpcuser=$RPCUSER"
-var "rpcpass=$RPCPASS"
-input=false -auto-approve)
# Tag with staging_v.* to deploy testnet staging (e.g. testnet_staging_v0.1.1)
deploy_staging_testnet:
stage: deploy
only:
- /^testnet_staging_v.*/
script:
- (cd terraform
&& terraform init -input=false
&& terraform workspace select testnet-staging
&& terraform apply
-var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA"
-var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA"
-var "region=$REGION"
-var "zone=$ZONE"
-var "instance_type=$INSTANCE_TYPE"
-var "host=$HOST_STAGING"
-var "ssl_cert=$SSL_CERT_STAGING"
-var "timeout=$TIMEOUT"
-var "prom_service_acct=$PROM_SA"
-var "opsgenie_key=$OPSGENIE_KEY"
-var "rpcuser=$RPCUSER"
-var "rpcpass=$RPCPASS"
-input=false -auto-approve)
# Tag with production_v.* to deploy testnet production (e.g. testnet_prod_v0.1.1)
deploy_production_testnet:
stage: deploy
only:
- /^testnet_prod_v.*/
script:
- (cd terraform
&& terraform init -input=false
&& terraform workspace select testnet-prod
&& terraform apply
-var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA"
-var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA"
-var "region=$REGION"
-var "zone=$ZONE"
-var "instance_type=$INSTANCE_TYPE"
-var "host=$HOST"
-var "ssl_cert=$SSL_CERT"
-var "timeout=$TIMEOUT"
-var "prom_service_acct=$PROM_SA"
-var "opsgenie_key=$OPSGENIE_KEY"
-var "rpcuser=$RPCUSER"
-var "rpcpass=$RPCPASS"
-input=false -auto-approve)
# Pushing to this branch destroys the staging infrastructure
cleanup_staging:
stage: deploy
@ -180,4 +229,8 @@ cleanup_staging:
terraform destroy
-target module.blc.google_compute_instance_group_manager.blc
-auto-approve)
- (cd terraform && terraform init -input=false &&
terraform workspace select testnet-staging &&
terraform destroy
-target module.blc.google_compute_instance_group_manager.blc
-auto-approve)

14
terraform/data.tf
View file

@ -1,4 +1,4 @@
data "terraform_remote_state" "blc-prod" {
data "terraform_remote_state" "blc-mainnet" {
backend = "gcs"
config {
@ -9,3 +9,15 @@ data "terraform_remote_state" "blc-prod" {
workspace = "prod"
}
data "terraform_remote_state" "blc-testnet" {
backend = "gcs"
config {
bucket = "tf-state-satellite-api"
prefix = "terraform/state"
project = "satellite-api"
}
workspace = "testnet-prod"
}

35
terraform/main.tf
View file

@ -16,7 +16,38 @@ provider "google-beta" {
project = "${var.project}"
}
module "blc" {
module "blc-mainnet" {
source = "modules/blc"
project = "${var.project}"
name = "satellite-api"
network = "default"
bitcoin_docker = "${var.bitcoin_docker}"
lightning_docker = "${var.lightning_docker}"
charge_docker = "${var.charge_docker}"
ionosphere_docker = "${var.ionosphere_docker}"
ionosphere_sse_docker = "${var.ionosphere_sse_docker}"
node_exporter_docker = "${var.node_exporter_docker}"
net = "mainnet"
env = "${local.env}"
create_resources = "${local.create_mainnet}"
# CI vars
region = "${var.region}"
zone = "${var.zone}"
instance_type = "${var.instance_type[0]}"
host = ["${var.host}"]
space_host = "${var.space_host}"
ssl_cert = ["${var.ssl_cert}"]
timeout = "${var.timeout}"
prom_service_acct = "${var.prom_service_acct}"
opsgenie_key = "${var.opsgenie_key}"
rpcuser = "${var.rpcuser}"
rpcpass = "${var.rpcpass}"
}
module "blc-testnet" {
source = "modules/blc"
project = "${var.project}"
@ -31,7 +62,7 @@ module "blc" {
net = "testnet"
env = "${local.env}"
create_resources = "${local.create_satapi}"
create_resources = "${local.create_testnet}"
# CI vars
region = "${var.region}"

109
terraform/modules/blc/cloud-init/blc.yaml
View file

@ -15,7 +15,6 @@ write_files:
content: |
rpcuser=${rpcuser}
rpcpassword=${rpcpass}
rpcport=${rpcport}
txindex=1
dbcache=4000
@ -23,44 +22,43 @@ write_files:
permissions: 0644
owner: root
content: |
alias=ionosphere
alias=ionosphere-${net}
bitcoin-rpcuser=${rpcuser}
bitcoin-rpcpassword=${rpcpass}
bitcoin-rpcport=${rpcport}
announce-addr=${announce_addr}
bind-addr=0.0.0.0
- path: /home/bs/default.conf
- path: /home/bs/bscom.conf
permissions: 0644
owner: root
content: |
log_format withtime '$http_x_forwarded_for - $remote_addr - $remote_user [$time_local] '
log_format withtimebs '$http_x_forwarded_for - $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'rt="$request_time" uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';
server {
access_log /var/log/nginx/access-bs.log withtimebs;
error_log /var/log/nginx/error-bs.log;
root /usr/share/nginx/html/;
access_log /var/log/nginx/access.log withtime;
error_log /var/log/nginx/error.log;
server_name ${host} ${space_host};
listen 80 default_server;
server_name ${host};
listen 80;
server_tokens off;
set_real_ip_from 130.211.0.0/22;
set_real_ip_from 35.191.0.0/16;
set_real_ip_from 10.0.0.0/8;
real_ip_recursive on;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
root /usr/share/nginx/html/;
index index.html;
rewrite ^ /index.html break;
}
# Proxy to main ionosphere API
location /api {
# Proxy to Satellite API
location ${url_path}/api {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'X-Auth-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
@ -71,7 +69,7 @@ write_files:
return 200;
}
if ($request_uri ~* "^/api/?$")
if ($request_uri ~* "^${url_path}(/api)?/?$")
{
return 301 https://$host;
}
@ -79,8 +77,8 @@ write_files:
proxy_pass http://0.0.0.0:9292/;
}
# Proxy SSE container
location /api/subscribe/ {
# Proxy to SSE container
location ${url_path}/api/subscribe/ {
chunked_transfer_encoding off;
proxy_buffering off;
proxy_request_buffering off;
@ -91,6 +89,68 @@ write_files:
}
}
- path: /home/bs/space.conf
permissions: 0644
owner: root
content: |
log_format withtime '$http_x_forwarded_for - $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'rt="$request_time" uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';
server {
access_log /var/log/nginx/access.log withtime;
error_log /var/log/nginx/error.log;
root /usr/share/nginx/html/;
server_name ${space_host};
listen 80 default_server;
server_tokens off;
set_real_ip_from 130.211.0.0/22;
set_real_ip_from 35.191.0.0/16;
set_real_ip_from 10.0.0.0/8;
real_ip_recursive on;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Proxy to Satellite API
location / {
rewrite ^ /index.html break;
}
location ${url_path}/ {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'X-Auth-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
add_header 'X-XSS-Protection' '1; mode=block' always;
if ($request_uri ~* "^${url_path}/?$")
{
return 301 https://$host;
}
if ($request_method = 'OPTIONS')
{
return 200;
}
proxy_pass http://0.0.0.0:9292/;
}
# Proxy to SSE container
location ${url_path}/subscribe/ {
chunked_transfer_encoding off;
proxy_buffering off;
proxy_request_buffering off;
proxy_cache off;
proxy_http_version 1.1;
proxy_pass http://0.0.0.0:4500/stream?channels=;
}
}
- path: /home/bs/index.html
permissions: 0644
owner: root
@ -184,7 +244,8 @@ write_files:
--network=host \
--pid=host \
--name=nginx \
-v /home/bs/default.conf:/etc/nginx/conf.d/default.conf:ro \
-v /home/bs/bscom.conf:/etc/nginx/conf.d/bscom.conf:ro \
-v /home/bs/space.conf:/etc/nginx/conf.d/space.conf:ro \
-v /home/bs/index.html:/usr/share/nginx/html/index.html:ro \
"nginx:latest"
ExecStop=/usr/bin/docker stop nginx
@ -239,12 +300,11 @@ write_files:
--pid=host \
--name=bitcoin \
-v /home/bs/bitcoin.conf:/root/.bitcoin/bitcoin.conf:ro \
-v /mnt/disks/data/testnet:/root/.bitcoin:rw \
-v /mnt/disks/data/${net}:/root/.bitcoin:rw \
"${bitcoin_docker}" ${bitcoin_cmd}
ExecStop=/usr/bin/docker exec bitcoin bitcoin-cli stop
ExecStop=/usr/bin/sleep 10
ExecStop=/usr/bin/docker stop bitcoin
ExecStopPost=/usr/bin/docker rm bitcoin
ExecStopPost=/usr/bin/sleep 5
ExecStopPost=/usr/bin/docker rm -f bitcoin
- path: /etc/systemd/system/lightning.service
permissions: 0644
@ -269,9 +329,8 @@ write_files:
-v /mnt/disks/data/lightning:/root/.lightning:rw \
"${lightning_docker}" ${lightning_cmd}
ExecStop=/usr/bin/docker exec lightning lightning-cli stop
ExecStop=/usr/bin/sleep 10
ExecStop=/usr/bin/docker stop lightning
ExecStopPost=/usr/bin/docker rm lightning
ExecStopPost=/usr/bin/sleep 5
ExecStopPost=/usr/bin/docker rm -f bitcoin
ExecStopPost=/sbin/iptables -D INPUT -p tcp --dport ${lightning_port} -j ACCEPT
- path: /etc/systemd/system/redis.service

5
terraform/modules/blc/data.tf
View file

@ -3,7 +3,7 @@ data "google_compute_network" "blc" {
}
data "google_compute_image" "blc" {
family = "satapi-data-${var.env}"
family = "satapi-data-${var.net}-${var.env}"
project = "${var.project}"
count = "${var.create_resources}"
}
@ -15,7 +15,8 @@ data "template_file" "blc" {
vars {
rpcuser = "${var.rpcuser}"
rpcpass = "${var.rpcpass}"
rpcport = "${var.net == "testnet" ? "18332" : "8332"}"
net = "${var.net}"
url_path = "${var.net == "testnet" ? "/testnet" : ""}"
bitcoin_cmd = "bitcoind ${var.net == "testnet" ? "-testnet" : ""} -printtoconsole"
lightning_cmd = "lightningd ${var.net == "testnet" ? "--testnet" : "--mainnet"} --conf=/root/.lightning/lightning.conf --plugin-dir=/usr/local/bin/plugins"
charge_cmd = "charged -d /data/charge.db -l /root/.lightning"

33
terraform/modules/blc/firewall.tf Normal file
View file

@ -0,0 +1,33 @@
resource "google_compute_firewall" "blc" {
name = "${var.name}-${var.net}-fw-rule-${var.env}"
network = "${data.google_compute_network.blc.self_link}"
count = "${var.create_resources}"
allow {
protocol = "tcp"
ports = ["18333", "8333", "9735", "80"]
}
target_service_accounts = [
"${google_service_account.blc.email}",
]
}
resource "google_compute_firewall" "blc-prom" {
name = "${var.name}-${var.net}-prometheus-access-${var.env}"
network = "${data.google_compute_network.blc.self_link}"
count = "${var.create_resources}"
allow {
protocol = "tcp"
ports = ["9100"]
}
source_service_accounts = [
"${var.prom_service_acct}",
]
target_service_accounts = [
"${google_service_account.blc.email}",
]
}

4
terraform/modules/blc/iam.tf
View file

@ -1,6 +1,6 @@
resource "google_service_account" "blc" {
account_id = "${var.name}-${var.env}"
display_name = "${var.name}-${var.env}"
account_id = "${var.name}-${var.net}-${var.env}"
display_name = "${var.name}-${var.net}-${var.env}"
count = "${var.create_resources}"
}

75
terraform/modules/blc/lb.tf
View file

@ -1,75 +0,0 @@
# Forwarding rules
resource "google_compute_global_forwarding_rule" "rule-https" {
name = "${var.name}-https-forwarding-rule-${var.env}"
target = "${google_compute_target_https_proxy.https-proxy.self_link}"
port_range = "443"
ip_protocol = "TCP"
ip_address = "${google_compute_global_address.lb.address}"
count = "${var.create_resources}"
}
resource "google_compute_global_forwarding_rule" "rule-http" {
name = "${var.name}-http-forwarding-rule-${var.env}"
target = "${google_compute_target_http_proxy.http-proxy.self_link}"
port_range = "80"
ip_protocol = "TCP"
ip_address = "${google_compute_global_address.lb.address}"
count = "${var.create_resources}"
}
# Target proxies
resource "google_compute_target_http_proxy" "http-proxy" {
name = "${var.name}-http-proxy-${var.env}"
url_map = "${google_compute_url_map.http.self_link}"
count = "${var.create_resources}"
}
resource "google_compute_target_https_proxy" "https-proxy" {
name = "${var.name}-https-proxy-${var.env}"
url_map = "${google_compute_url_map.https.self_link}"
ssl_certificates = ["${var.ssl_cert}"]
count = "${var.create_resources}"
}
# URL maps
resource "google_compute_url_map" "http" {
name = "${var.name}-http-urlmap-${var.env}"
default_service = "${google_compute_backend_service.blc.self_link}"
count = "${var.create_resources}"
host_rule {
hosts = ["${var.host}"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = "${google_compute_backend_service.blc.self_link}"
path_rule {
paths = ["/*"]
service = "${google_compute_backend_service.blc.self_link}"
}
}
}
resource "google_compute_url_map" "https" {
name = "${var.name}-https-urlmap-${var.env}"
default_service = "${google_compute_backend_service.blc.self_link}"
count = "${var.create_resources}"
host_rule {
hosts = ["${var.host}"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = "${google_compute_backend_service.blc.self_link}"
path_rule {
paths = ["/*"]
service = "${google_compute_backend_service.blc.self_link}"
}
}
}

11
terraform/modules/blc/main.tf
View file

@ -1,10 +1,10 @@
# Instance group
resource "google_compute_instance_group_manager" "blc" {
name = "${var.name}-ig-${var.env}"
name = "${var.name}-ig-${var.net}-${var.env}"
count = "${var.create_resources}"
provider = "google-beta"
base_instance_name = "${var.name}-ig-${var.env}-${count.index}"
base_instance_name = "${var.name}-ig-${var.net}-${var.env}"
zone = "${var.zone}"
target_size = 1
@ -23,7 +23,7 @@ resource "google_compute_instance_group_manager" "blc" {
}
resource "google_compute_disk" "blc" {
name = "${var.name}-data-${var.env}"
name = "${var.name}-data-${var.net}-${var.env}"
type = "pd-standard"
image = "${data.google_compute_image.blc.self_link}"
zone = "${var.zone}"
@ -37,8 +37,8 @@ resource "google_compute_disk" "blc" {
# Instance template
resource "google_compute_instance_template" "blc" {
name_prefix = "${var.name}-${var.env}-template-"
description = "This template is used to create ${var.name} ${var.env} instances."
name_prefix = "${var.name}-${var.net}-${var.env}-tmpl-"
description = "This template is used to create ${var.name} ${var.net} ${var.env} instances."
machine_type = "${var.instance_type}"
region = "${var.region}"
count = "${var.create_resources}"
@ -46,6 +46,7 @@ resource "google_compute_instance_template" "blc" {
labels {
type = "lightning-app"
name = "${var.name}"
net = "${var.net}"
}
scheduling {

48
terraform/modules/blc/network.tf
View file

@ -1,55 +1,13 @@
# IP addresses
resource "google_compute_address" "blc" {
name = "${var.name}-external-ip-${var.env}-${count.index}"
name = "${var.name}-${var.net}-external-ip-${var.env}-${count.index}"
project = "${var.project}"
region = "${var.region}"
count = "${var.create_resources}"
}
resource "google_compute_global_address" "lb" {
name = "${var.name}-client-lb-${var.env}"
project = "${var.project}"
count = "${var.create_resources}"
}
# FW rules
resource "google_compute_firewall" "blc" {
name = "${var.name}-fw-rule-${var.env}"
network = "${data.google_compute_network.blc.self_link}"
count = "${var.create_resources}"
allow {
protocol = "tcp"
ports = ["18333", "9735", "80"]
}
target_service_accounts = [
"${google_service_account.blc.email}",
]
}
resource "google_compute_firewall" "blc-prom" {
name = "${var.name}-prometheus-access-${var.env}"
network = "${data.google_compute_network.blc.self_link}"
count = "${var.create_resources}"
allow {
protocol = "tcp"
ports = ["9100"]
}
source_service_accounts = [
"${var.prom_service_acct}",
]
target_service_accounts = [
"${google_service_account.blc.email}",
]
}
# Backend service
resource "google_compute_backend_service" "blc" {
name = "${var.name}-backend-service-${var.env}"
name = "${var.name}-${var.net}-backend-service-${var.env}"
description = "Satellite API"
protocol = "HTTP"
port_name = "http"
@ -65,7 +23,7 @@ resource "google_compute_backend_service" "blc" {
# Health checks
resource "google_compute_health_check" "blc" {
name = "${var.name}-health-check-${var.env}"
name = "${var.name}-${var.net}-health-check-${var.env}"
count = "${var.create_resources}"
check_interval_sec = 5

5
terraform/modules/tor/cloud-init/tor.yaml
View file

@ -24,14 +24,13 @@ write_files:
ControlSocket /var/run/tor/control GroupWritable RelaxDirModeCheck
ControlSocketsGroupWritable 1
SocksPort unix:/var/run/tor/socks WorldWritable
SocksPort 9050
SocksPort 0
CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /var/run/tor/control.authcookie
Log [handshake]debug [*]notice stderr
Log [*]notice stderr
HiddenServiceDir /home/tor/tor/hidden_service_v3/
HiddenServiceVersion 3

15
terraform/network-tor.tf
View file

@ -49,18 +49,23 @@ resource "google_compute_url_map" "tor-proxy" {
path_matcher {
name = "allpaths"
default_service = "${data.terraform_remote_state.blc-prod.blc_backend_service}"
default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
path_rule {
paths = ["/*"]
service = "${data.terraform_remote_state.blc-prod.blc_backend_service}"
paths = ["/"]
service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
}
path_rule {
paths = ["/testnet"]
service = "${data.terraform_remote_state.blc-testnet.blc_backend_service_testnet}"
}
}
test {
service = "${data.terraform_remote_state.blc-prod.blc_backend_service}"
service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
host = "${var.onion_host}"
path = "/api/queue.html"
path = "/queue.html"
}
test {

91
terraform/network.tf Normal file
View file

@ -0,0 +1,91 @@
# IP address
resource "google_compute_global_address" "lb" {
name = "satellite-api-client-lb-${local.env}"
project = "${var.project}"
count = "${local.create_mainnet}"
}
# Forwarding rules
resource "google_compute_global_forwarding_rule" "rule-https" {
name = "satellite-api-https-forwarding-rule-${local.env}"
target = "${google_compute_target_https_proxy.https-proxy.self_link}"
port_range = "443"
ip_protocol = "TCP"
ip_address = "${google_compute_global_address.lb.address}"
count = "${local.create_mainnet}"
}
resource "google_compute_global_forwarding_rule" "rule-http" {
name = "satellite-api-http-forwarding-rule-${local.env}"
target = "${google_compute_target_http_proxy.http-proxy.self_link}"
port_range = "80"
ip_protocol = "TCP"
ip_address = "${google_compute_global_address.lb.address}"
count = "${local.create_mainnet}"
}
# Target proxies
resource "google_compute_target_http_proxy" "http-proxy" {
name = "satellite-api-http-proxy-${local.env}"
url_map = "${google_compute_url_map.http.self_link}"
count = "${local.create_mainnet}"
}
resource "google_compute_target_https_proxy" "https-proxy" {
name = "satellite-api-https-proxy-${local.env}"
url_map = "${google_compute_url_map.https.self_link}"
ssl_certificates = ["${var.ssl_cert}"]
count = "${local.create_mainnet}"
}
# URL maps
resource "google_compute_url_map" "http" {
name = "satellite-api-http-urlmap-${local.env}"
default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
count = "${local.create_mainnet}"
host_rule {
hosts = ["${var.host}"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
path_rule {
paths = ["/*"]
service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
}
path_rule {
paths = ["/testnet", "/testnet/*", "/api", "/api/*"]
service = "${data.terraform_remote_state.blc-testnet.blc_backend_service_testnet}"
}
}
}
resource "google_compute_url_map" "https" {
name = "satellite-api-https-urlmap-${local.env}"
default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
count = "${local.create_mainnet}"
host_rule {
hosts = ["${var.host}"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
path_rule {
paths = ["/*"]
service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
}
path_rule {
paths = ["/testnet", "/testnet/*", "/api", "/api/*"]
service = "${data.terraform_remote_state.blc-testnet.blc_backend_service_testnet}"
}
}
}

9
terraform/outputs.tf
View file

@ -1,5 +1,10 @@
output "blc_backend_service" {
value = "${module.blc.backend_service}"
# Production only (tor)
output "blc_backend_service_testnet" {
value = "${module.blc-testnet.backend_service}"
}
output "blc_backend_service_mainnet" {
value = "${module.blc-mainnet.backend_service}"
}
output "prom_svc_acct" {

53
terraform/variables.tf
View file

@ -1,38 +1,45 @@
locals {
context_variables = {
"staging" = {
env = "staging"
create_satapi = 1
create_misc = 0
create_builders = 0
env = "staging"
create_mainnet = 1
create_testnet = 0
create_misc = 0
}
"prod" = {
env = "prod"
create_satapi = 1
create_misc = 0
create_builders = 0
env = "prod"
create_mainnet = 1
create_testnet = 0
create_misc = 0
}
"testnet-staging" = {
env = "staging"
create_mainnet = 0
create_testnet = 1
create_misc = 0
}
"testnet-prod" = {
env = "prod"
create_mainnet = 0
create_testnet = 1
create_misc = 0
}
"misc" = {
env = ""
create_satapi = 0
create_misc = 1
create_builders = 0
}
"builders" = {
env = ""
create_satapi = 0
create_misc = 0
create_builders = 1
env = ""
create_mainnet = 0
create_testnet = 0
create_misc = 1
}
}
env = "${lookup(local.context_variables[terraform.workspace], "env")}"
create_satapi = "${lookup(local.context_variables[terraform.workspace], "create_satapi")}"
create_misc = "${lookup(local.context_variables[terraform.workspace], "create_misc")}"
create_builders = "${lookup(local.context_variables[terraform.workspace], "create_builders")}"
env = "${lookup(local.context_variables[terraform.workspace], "env")}"
create_mainnet = "${lookup(local.context_variables[terraform.workspace], "create_mainnet")}"
create_testnet = "${lookup(local.context_variables[terraform.workspace], "create_testnet")}"
create_misc = "${lookup(local.context_variables[terraform.workspace], "create_misc")}"
}
variable "project" {