mirrors/blockstream-satellite-api
1
0
Fork 0
mirror of https://github.com/Blockstream/satellite-api.git synced 2025-02-22 05:41:37 +01:00
Code Issues Projects Releases Packages Wiki Activity

add mainnet

Browse source
This commit is contained in:
nitram 2019-03-07 12:29:43 -08:00
parent 23f9b02d4d
commit 7ef4820dc8
No known key found for this signature in database
GPG key ID: 2352C35346C5D534
15 changed files with 421 additions and 241 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

155
.gitlab-ci.yml
View file

@ -68,7 +68,7 @@ plan_satapi:
-var "rpcpass=$RPCPASS" -var "rpcpass=$RPCPASS"
-input=false) -input=false)
# This plan gets triggered only for miscellaneous branches/tags (i.e. tor and others), so make sure the branch/tag name starts with misc_ # This plan gets triggered only for miscellaneous branches/tags (i.e. tor, prometheus, etc), so make sure the branch/tag name starts with misc_
plan_misc: plan_misc:
stage: plan stage: plan
only: only:
@ -94,55 +94,7 @@ plan_misc:
-var "satellite_api_lb_staging=$SATELLITE_API_LB_STAGING" -var "satellite_api_lb_staging=$SATELLITE_API_LB_STAGING"
-input=false) -input=false)
# Tag with staging_v.* to deploy staging (e.g. staging_v0.1.1) # This deploys only tags/branches starting with misc_v.* (i.e. tor, prometheus, etc)
deploy_staging:
stage: deploy
only:
- /^staging_v.*/
script:
- (cd terraform
&& terraform init -input=false
&& terraform workspace select staging
&& terraform apply
-var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA"
-var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA"
-var "region=$REGION"
-var "zone=$ZONE"
-var "instance_type=$INSTANCE_TYPE"
-var "host=$HOST_STAGING"
-var "ssl_cert=$SSL_CERT_STAGING"
-var "timeout=$TIMEOUT"
-var "prom_service_acct=$PROM_SA"
-var "opsgenie_key=$OPSGENIE_KEY"
-var "rpcuser=$RPCUSER"
-var "rpcpass=$RPCPASS"
-input=false -auto-approve)
# Tag with production_v.* to deploy production (e.g. production_v0.1.1)
deploy_production:
stage: deploy
only:
- /^prod_v.*/
script:
- (cd terraform
&& terraform init -input=false
&& terraform workspace select prod
&& terraform apply
-var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA"
-var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA"
-var "region=$REGION"
-var "zone=$ZONE"
-var "instance_type=$INSTANCE_TYPE"
-var "host=$HOST"
-var "ssl_cert=$SSL_CERT"
-var "timeout=$TIMEOUT"
-var "prom_service_acct=$PROM_SA"
-var "opsgenie_key=$OPSGENIE_KEY"
-var "rpcuser=$RPCUSER"
-var "rpcpass=$RPCPASS"
-input=false -auto-approve)
# This deploys only tags/branches starting with misc_v.* (i.e. tor and others)
deploy_misc: deploy_misc:
stage: deploy stage: deploy
only: only:
@ -166,6 +118,103 @@ deploy_misc:
-var "satellite_api_lb_staging=$SATELLITE_API_LB_STAGING" -var "satellite_api_lb_staging=$SATELLITE_API_LB_STAGING"
-input=false -auto-approve) -input=false -auto-approve)
# Tag with staging_v.* to deploy mainnet staging (e.g. staging_v0.1.1)
deploy_staging:
stage: deploy
only:
- /^staging_v.*/
script:
- (cd terraform
&& terraform init -input=false
&& terraform workspace select staging
&& terraform apply
-var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA"
-var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA"
-var "region=$REGION"
-var "zone=$ZONE"
-var "instance_type=$INSTANCE_TYPE"
-var "host=$HOST_STAGING"
-var "ssl_cert=$SSL_CERT_STAGING"
-var "timeout=$TIMEOUT"
-var "prom_service_acct=$PROM_SA"
-var "opsgenie_key=$OPSGENIE_KEY"
-var "rpcuser=$RPCUSER"
-var "rpcpass=$RPCPASS"
-input=false -auto-approve)
# Tag with production_v.* to deploy mainnet production (e.g. prod_v0.1.1)
deploy_production:
stage: deploy
only:
- /^prod_v.*/
script:
- (cd terraform
&& terraform init -input=false
&& terraform workspace select prod
&& terraform apply
-var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA"
-var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA"
-var "region=$REGION"
-var "zone=$ZONE"
-var "instance_type=$INSTANCE_TYPE"
-var "host=$HOST"
-var "ssl_cert=$SSL_CERT"
-var "timeout=$TIMEOUT"
-var "prom_service_acct=$PROM_SA"
-var "opsgenie_key=$OPSGENIE_KEY"
-var "rpcuser=$RPCUSER"
-var "rpcpass=$RPCPASS"
-input=false -auto-approve)
# Tag with staging_v.* to deploy testnet staging (e.g. testnet_staging_v0.1.1)
deploy_staging_testnet:
stage: deploy
only:
- /^testnet_staging_v.*/
script:
- (cd terraform
&& terraform init -input=false
&& terraform workspace select testnet-staging
&& terraform apply
-var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA"
-var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA"
-var "region=$REGION"
-var "zone=$ZONE"
-var "instance_type=$INSTANCE_TYPE"
-var "host=$HOST_STAGING"
-var "ssl_cert=$SSL_CERT_STAGING"
-var "timeout=$TIMEOUT"
-var "prom_service_acct=$PROM_SA"
-var "opsgenie_key=$OPSGENIE_KEY"
-var "rpcuser=$RPCUSER"
-var "rpcpass=$RPCPASS"
-input=false -auto-approve)
# Tag with production_v.* to deploy testnet production (e.g. testnet_prod_v0.1.1)
deploy_production_testnet:
stage: deploy
only:
- /^testnet_prod_v.*/
script:
- (cd terraform
&& terraform init -input=false
&& terraform workspace select testnet-prod
&& terraform apply
-var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA"
-var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA"
-var "region=$REGION"
-var "zone=$ZONE"
-var "instance_type=$INSTANCE_TYPE"
-var "host=$HOST"
-var "ssl_cert=$SSL_CERT"
-var "timeout=$TIMEOUT"
-var "prom_service_acct=$PROM_SA"
-var "opsgenie_key=$OPSGENIE_KEY"
-var "rpcuser=$RPCUSER"
-var "rpcpass=$RPCPASS"
-input=false -auto-approve)
# Pushing to this branch destroys the staging infrastructure # Pushing to this branch destroys the staging infrastructure
cleanup_staging: cleanup_staging:
stage: deploy stage: deploy
@ -180,4 +229,8 @@ cleanup_staging:
terraform destroy terraform destroy
-target module.blc.google_compute_instance_group_manager.blc -target module.blc.google_compute_instance_group_manager.blc
-auto-approve) -auto-approve)
- (cd terraform && terraform init -input=false &&
terraform workspace select testnet-staging &&
terraform destroy
-target module.blc.google_compute_instance_group_manager.blc
-auto-approve)

14
terraform/data.tf
View file

@ -1,4 +1,4 @@
data "terraform_remote_state" "blc-prod" { data "terraform_remote_state" "blc-mainnet" {
backend = "gcs" backend = "gcs"
config { config {
@ -9,3 +9,15 @@ data "terraform_remote_state" "blc-prod" {
workspace = "prod" workspace = "prod"
} }
data "terraform_remote_state" "blc-testnet" {
backend = "gcs"
config {
bucket = "tf-state-satellite-api"
prefix = "terraform/state"
project = "satellite-api"
}
workspace = "testnet-prod"
}

35
terraform/main.tf
View file

@ -16,7 +16,38 @@ provider "google-beta" {
project = "${var.project}" project = "${var.project}"
} }
module "blc" { module "blc-mainnet" {
source = "modules/blc"
project = "${var.project}"
name = "satellite-api"
network = "default"
bitcoin_docker = "${var.bitcoin_docker}"
lightning_docker = "${var.lightning_docker}"
charge_docker = "${var.charge_docker}"
ionosphere_docker = "${var.ionosphere_docker}"
ionosphere_sse_docker = "${var.ionosphere_sse_docker}"
node_exporter_docker = "${var.node_exporter_docker}"
net = "mainnet"
env = "${local.env}"
create_resources = "${local.create_mainnet}"
# CI vars
region = "${var.region}"
zone = "${var.zone}"
instance_type = "${var.instance_type[0]}"
host = ["${var.host}"]
space_host = "${var.space_host}"
ssl_cert = ["${var.ssl_cert}"]
timeout = "${var.timeout}"
prom_service_acct = "${var.prom_service_acct}"
opsgenie_key = "${var.opsgenie_key}"
rpcuser = "${var.rpcuser}"
rpcpass = "${var.rpcpass}"
}
module "blc-testnet" {
source = "modules/blc" source = "modules/blc"
project = "${var.project}" project = "${var.project}"
@ -31,7 +62,7 @@ module "blc" {
net = "testnet" net = "testnet"
env = "${local.env}" env = "${local.env}"
create_resources = "${local.create_satapi}" create_resources = "${local.create_testnet}"
# CI vars # CI vars
region = "${var.region}" region = "${var.region}"

109
terraform/modules/blc/cloud-init/blc.yaml
View file

@ -15,7 +15,6 @@ write_files:
content: | content: |
rpcuser=${rpcuser} rpcuser=${rpcuser}
rpcpassword=${rpcpass} rpcpassword=${rpcpass}
rpcport=${rpcport}
txindex=1 txindex=1
dbcache=4000 dbcache=4000
@ -23,44 +22,43 @@ write_files:
permissions: 0644 permissions: 0644
owner: root owner: root
content: | content: |
alias=ionosphere alias=ionosphere-${net}
bitcoin-rpcuser=${rpcuser} bitcoin-rpcuser=${rpcuser}
bitcoin-rpcpassword=${rpcpass} bitcoin-rpcpassword=${rpcpass}
bitcoin-rpcport=${rpcport}
announce-addr=${announce_addr} announce-addr=${announce_addr}
bind-addr=0.0.0.0 bind-addr=0.0.0.0
- path: /home/bs/default.conf - path: /home/bs/bscom.conf
permissions: 0644 permissions: 0644
owner: root owner: root
content: | content: |
log_format withtime '$http_x_forwarded_for - $remote_addr - $remote_user [$time_local] ' log_format withtimebs '$http_x_forwarded_for - $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent ' '"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" ' '"$http_referer" "$http_user_agent" '
'rt="$request_time" uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"'; 'rt="$request_time" uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';
server { server {
access_log /var/log/nginx/access-bs.log withtimebs;
error_log /var/log/nginx/error-bs.log;
root /usr/share/nginx/html/;
access_log /var/log/nginx/access.log withtime; server_name ${host};
error_log /var/log/nginx/error.log; listen 80;
server_name ${host} ${space_host};
listen 80 default_server;
server_tokens off; server_tokens off;
set_real_ip_from 130.211.0.0/22; set_real_ip_from 130.211.0.0/22;
set_real_ip_from 35.191.0.0/16; set_real_ip_from 35.191.0.0/16;
set_real_ip_from 10.0.0.0/8;
real_ip_recursive on; real_ip_recursive on;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / { location / {
root /usr/share/nginx/html/; rewrite ^ /index.html break;
index index.html;
} }
# Proxy to main ionosphere API # Proxy to Satellite API
location /api { location ${url_path}/api {
add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'X-Auth-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; add_header 'Access-Control-Allow-Headers' 'X-Auth-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
@ -71,7 +69,7 @@ write_files:
return 200; return 200;
} }
if ($request_uri ~* "^/api/?$") if ($request_uri ~* "^${url_path}(/api)?/?$")
{ {
return 301 https://$host; return 301 https://$host;
} }
@ -79,8 +77,8 @@ write_files:
proxy_pass http://0.0.0.0:9292/; proxy_pass http://0.0.0.0:9292/;
} }
# Proxy SSE container # Proxy to SSE container
location /api/subscribe/ { location ${url_path}/api/subscribe/ {
chunked_transfer_encoding off; chunked_transfer_encoding off;
proxy_buffering off; proxy_buffering off;
proxy_request_buffering off; proxy_request_buffering off;
@ -91,6 +89,68 @@ write_files:
} }
} }
- path: /home/bs/space.conf
permissions: 0644
owner: root
content: |
log_format withtime '$http_x_forwarded_for - $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'rt="$request_time" uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';
server {
access_log /var/log/nginx/access.log withtime;
error_log /var/log/nginx/error.log;
root /usr/share/nginx/html/;
server_name ${space_host};
listen 80 default_server;
server_tokens off;
set_real_ip_from 130.211.0.0/22;
set_real_ip_from 35.191.0.0/16;
set_real_ip_from 10.0.0.0/8;
real_ip_recursive on;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Proxy to Satellite API
location / {
rewrite ^ /index.html break;
}
location ${url_path}/ {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'X-Auth-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
add_header 'X-XSS-Protection' '1; mode=block' always;
if ($request_uri ~* "^${url_path}/?$")
{
return 301 https://$host;
}
if ($request_method = 'OPTIONS')
{
return 200;
}
proxy_pass http://0.0.0.0:9292/;
}
# Proxy to SSE container
location ${url_path}/subscribe/ {
chunked_transfer_encoding off;
proxy_buffering off;
proxy_request_buffering off;
proxy_cache off;
proxy_http_version 1.1;
proxy_pass http://0.0.0.0:4500/stream?channels=;
}
}
- path: /home/bs/index.html - path: /home/bs/index.html
permissions: 0644 permissions: 0644
owner: root owner: root
@ -184,7 +244,8 @@ write_files:
--network=host \ --network=host \
--pid=host \ --pid=host \
--name=nginx \ --name=nginx \
-v /home/bs/default.conf:/etc/nginx/conf.d/default.conf:ro \ -v /home/bs/bscom.conf:/etc/nginx/conf.d/bscom.conf:ro \
-v /home/bs/space.conf:/etc/nginx/conf.d/space.conf:ro \
-v /home/bs/index.html:/usr/share/nginx/html/index.html:ro \ -v /home/bs/index.html:/usr/share/nginx/html/index.html:ro \
"nginx:latest" "nginx:latest"
ExecStop=/usr/bin/docker stop nginx ExecStop=/usr/bin/docker stop nginx
@ -239,12 +300,11 @@ write_files:
--pid=host \ --pid=host \
--name=bitcoin \ --name=bitcoin \
-v /home/bs/bitcoin.conf:/root/.bitcoin/bitcoin.conf:ro \ -v /home/bs/bitcoin.conf:/root/.bitcoin/bitcoin.conf:ro \
-v /mnt/disks/data/testnet:/root/.bitcoin:rw \ -v /mnt/disks/data/${net}:/root/.bitcoin:rw \
"${bitcoin_docker}" ${bitcoin_cmd} "${bitcoin_docker}" ${bitcoin_cmd}
ExecStop=/usr/bin/docker exec bitcoin bitcoin-cli stop ExecStop=/usr/bin/docker exec bitcoin bitcoin-cli stop
ExecStop=/usr/bin/sleep 10 ExecStopPost=/usr/bin/sleep 5
ExecStop=/usr/bin/docker stop bitcoin ExecStopPost=/usr/bin/docker rm -f bitcoin
ExecStopPost=/usr/bin/docker rm bitcoin
- path: /etc/systemd/system/lightning.service - path: /etc/systemd/system/lightning.service
permissions: 0644 permissions: 0644
@ -269,9 +329,8 @@ write_files:
-v /mnt/disks/data/lightning:/root/.lightning:rw \ -v /mnt/disks/data/lightning:/root/.lightning:rw \
"${lightning_docker}" ${lightning_cmd} "${lightning_docker}" ${lightning_cmd}
ExecStop=/usr/bin/docker exec lightning lightning-cli stop ExecStop=/usr/bin/docker exec lightning lightning-cli stop
ExecStop=/usr/bin/sleep 10 ExecStopPost=/usr/bin/sleep 5
ExecStop=/usr/bin/docker stop lightning ExecStopPost=/usr/bin/docker rm -f bitcoin
ExecStopPost=/usr/bin/docker rm lightning
ExecStopPost=/sbin/iptables -D INPUT -p tcp --dport ${lightning_port} -j ACCEPT ExecStopPost=/sbin/iptables -D INPUT -p tcp --dport ${lightning_port} -j ACCEPT
- path: /etc/systemd/system/redis.service - path: /etc/systemd/system/redis.service

5
terraform/modules/blc/data.tf
View file

@ -3,7 +3,7 @@ data "google_compute_network" "blc" {
} }
data "google_compute_image" "blc" { data "google_compute_image" "blc" {
family = "satapi-data-${var.env}" family = "satapi-data-${var.net}-${var.env}"
project = "${var.project}" project = "${var.project}"
count = "${var.create_resources}" count = "${var.create_resources}"
} }
@ -15,7 +15,8 @@ data "template_file" "blc" {
vars { vars {
rpcuser = "${var.rpcuser}" rpcuser = "${var.rpcuser}"
rpcpass = "${var.rpcpass}" rpcpass = "${var.rpcpass}"
rpcport = "${var.net == "testnet" ? "18332" : "8332"}" net = "${var.net}"
url_path = "${var.net == "testnet" ? "/testnet" : ""}"
bitcoin_cmd = "bitcoind ${var.net == "testnet" ? "-testnet" : ""} -printtoconsole" bitcoin_cmd = "bitcoind ${var.net == "testnet" ? "-testnet" : ""} -printtoconsole"
lightning_cmd = "lightningd ${var.net == "testnet" ? "--testnet" : "--mainnet"} --conf=/root/.lightning/lightning.conf --plugin-dir=/usr/local/bin/plugins" lightning_cmd = "lightningd ${var.net == "testnet" ? "--testnet" : "--mainnet"} --conf=/root/.lightning/lightning.conf --plugin-dir=/usr/local/bin/plugins"
charge_cmd = "charged -d /data/charge.db -l /root/.lightning" charge_cmd = "charged -d /data/charge.db -l /root/.lightning"

33
terraform/modules/blc/firewall.tf Normal file
View file

@ -0,0 +1,33 @@
resource "google_compute_firewall" "blc" {
name = "${var.name}-${var.net}-fw-rule-${var.env}"
network = "${data.google_compute_network.blc.self_link}"
count = "${var.create_resources}"
allow {
protocol = "tcp"
ports = ["18333", "8333", "9735", "80"]
}
target_service_accounts = [
"${google_service_account.blc.email}",
]
}
resource "google_compute_firewall" "blc-prom" {
name = "${var.name}-${var.net}-prometheus-access-${var.env}"
network = "${data.google_compute_network.blc.self_link}"
count = "${var.create_resources}"
allow {
protocol = "tcp"
ports = ["9100"]
}
source_service_accounts = [
"${var.prom_service_acct}",
]
target_service_accounts = [
"${google_service_account.blc.email}",
]
}

4
terraform/modules/blc/iam.tf
View file

@ -1,6 +1,6 @@
resource "google_service_account" "blc" { resource "google_service_account" "blc" {
account_id = "${var.name}-${var.env}" account_id = "${var.name}-${var.net}-${var.env}"
display_name = "${var.name}-${var.env}" display_name = "${var.name}-${var.net}-${var.env}"
count = "${var.create_resources}" count = "${var.create_resources}"
} }

75
terraform/modules/blc/lb.tf
View file

@ -1,75 +0,0 @@
# Forwarding rules
resource "google_compute_global_forwarding_rule" "rule-https" {
name = "${var.name}-https-forwarding-rule-${var.env}"
target = "${google_compute_target_https_proxy.https-proxy.self_link}"
port_range = "443"
ip_protocol = "TCP"
ip_address = "${google_compute_global_address.lb.address}"
count = "${var.create_resources}"
}
resource "google_compute_global_forwarding_rule" "rule-http" {
name = "${var.name}-http-forwarding-rule-${var.env}"
target = "${google_compute_target_http_proxy.http-proxy.self_link}"
port_range = "80"
ip_protocol = "TCP"
ip_address = "${google_compute_global_address.lb.address}"
count = "${var.create_resources}"
}
# Target proxies
resource "google_compute_target_http_proxy" "http-proxy" {
name = "${var.name}-http-proxy-${var.env}"
url_map = "${google_compute_url_map.http.self_link}"
count = "${var.create_resources}"
}
resource "google_compute_target_https_proxy" "https-proxy" {
name = "${var.name}-https-proxy-${var.env}"
url_map = "${google_compute_url_map.https.self_link}"
ssl_certificates = ["${var.ssl_cert}"]
count = "${var.create_resources}"
}
# URL maps
resource "google_compute_url_map" "http" {
name = "${var.name}-http-urlmap-${var.env}"
default_service = "${google_compute_backend_service.blc.self_link}"
count = "${var.create_resources}"
host_rule {
hosts = ["${var.host}"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = "${google_compute_backend_service.blc.self_link}"
path_rule {
paths = ["/*"]
service = "${google_compute_backend_service.blc.self_link}"
}
}
}
resource "google_compute_url_map" "https" {
name = "${var.name}-https-urlmap-${var.env}"
default_service = "${google_compute_backend_service.blc.self_link}"
count = "${var.create_resources}"
host_rule {
hosts = ["${var.host}"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = "${google_compute_backend_service.blc.self_link}"
path_rule {
paths = ["/*"]
service = "${google_compute_backend_service.blc.self_link}"
}
}
}

11
terraform/modules/blc/main.tf
View file

@ -1,10 +1,10 @@
# Instance group # Instance group
resource "google_compute_instance_group_manager" "blc" { resource "google_compute_instance_group_manager" "blc" {
name = "${var.name}-ig-${var.env}" name = "${var.name}-ig-${var.net}-${var.env}"
count = "${var.create_resources}" count = "${var.create_resources}"
provider = "google-beta" provider = "google-beta"
base_instance_name = "${var.name}-ig-${var.env}-${count.index}" base_instance_name = "${var.name}-ig-${var.net}-${var.env}"
zone = "${var.zone}" zone = "${var.zone}"
target_size = 1 target_size = 1
@ -23,7 +23,7 @@ resource "google_compute_instance_group_manager" "blc" {
} }
resource "google_compute_disk" "blc" { resource "google_compute_disk" "blc" {
name = "${var.name}-data-${var.env}" name = "${var.name}-data-${var.net}-${var.env}"
type = "pd-standard" type = "pd-standard"
image = "${data.google_compute_image.blc.self_link}" image = "${data.google_compute_image.blc.self_link}"
zone = "${var.zone}" zone = "${var.zone}"
@ -37,8 +37,8 @@ resource "google_compute_disk" "blc" {
# Instance template # Instance template
resource "google_compute_instance_template" "blc" { resource "google_compute_instance_template" "blc" {
name_prefix = "${var.name}-${var.env}-template-" name_prefix = "${var.name}-${var.net}-${var.env}-tmpl-"
description = "This template is used to create ${var.name} ${var.env} instances." description = "This template is used to create ${var.name} ${var.net} ${var.env} instances."
machine_type = "${var.instance_type}" machine_type = "${var.instance_type}"
region = "${var.region}" region = "${var.region}"
count = "${var.create_resources}" count = "${var.create_resources}"
@ -46,6 +46,7 @@ resource "google_compute_instance_template" "blc" {
labels { labels {
type = "lightning-app" type = "lightning-app"
name = "${var.name}" name = "${var.name}"
net = "${var.net}"
} }
scheduling { scheduling {

48
terraform/modules/blc/network.tf
View file

@ -1,55 +1,13 @@
# IP addresses
resource "google_compute_address" "blc" { resource "google_compute_address" "blc" {
name = "${var.name}-external-ip-${var.env}-${count.index}" name = "${var.name}-${var.net}-external-ip-${var.env}-${count.index}"
project = "${var.project}" project = "${var.project}"
region = "${var.region}" region = "${var.region}"
count = "${var.create_resources}" count = "${var.create_resources}"
} }
resource "google_compute_global_address" "lb" {
name = "${var.name}-client-lb-${var.env}"
project = "${var.project}"
count = "${var.create_resources}"
}
# FW rules
resource "google_compute_firewall" "blc" {
name = "${var.name}-fw-rule-${var.env}"
network = "${data.google_compute_network.blc.self_link}"
count = "${var.create_resources}"
allow {
protocol = "tcp"
ports = ["18333", "9735", "80"]
}
target_service_accounts = [
"${google_service_account.blc.email}",
]
}
resource "google_compute_firewall" "blc-prom" {
name = "${var.name}-prometheus-access-${var.env}"
network = "${data.google_compute_network.blc.self_link}"
count = "${var.create_resources}"
allow {
protocol = "tcp"
ports = ["9100"]
}
source_service_accounts = [
"${var.prom_service_acct}",
]
target_service_accounts = [
"${google_service_account.blc.email}",
]
}
# Backend service # Backend service
resource "google_compute_backend_service" "blc" { resource "google_compute_backend_service" "blc" {
name = "${var.name}-backend-service-${var.env}" name = "${var.name}-${var.net}-backend-service-${var.env}"
description = "Satellite API" description = "Satellite API"
protocol = "HTTP" protocol = "HTTP"
port_name = "http" port_name = "http"
@ -65,7 +23,7 @@ resource "google_compute_backend_service" "blc" {
# Health checks # Health checks
resource "google_compute_health_check" "blc" { resource "google_compute_health_check" "blc" {
name = "${var.name}-health-check-${var.env}" name = "${var.name}-${var.net}-health-check-${var.env}"
count = "${var.create_resources}" count = "${var.create_resources}"
check_interval_sec = 5 check_interval_sec = 5

5
terraform/modules/tor/cloud-init/tor.yaml
View file

@ -24,14 +24,13 @@ write_files:
ControlSocket /var/run/tor/control GroupWritable RelaxDirModeCheck ControlSocket /var/run/tor/control GroupWritable RelaxDirModeCheck
ControlSocketsGroupWritable 1 ControlSocketsGroupWritable 1
SocksPort unix:/var/run/tor/socks WorldWritable SocksPort 0
SocksPort 9050
CookieAuthentication 1 CookieAuthentication 1
CookieAuthFileGroupReadable 1 CookieAuthFileGroupReadable 1
CookieAuthFile /var/run/tor/control.authcookie CookieAuthFile /var/run/tor/control.authcookie
Log [handshake]debug [*]notice stderr Log [*]notice stderr
HiddenServiceDir /home/tor/tor/hidden_service_v3/ HiddenServiceDir /home/tor/tor/hidden_service_v3/
HiddenServiceVersion 3 HiddenServiceVersion 3

15
terraform/network-tor.tf
View file

@ -49,18 +49,23 @@ resource "google_compute_url_map" "tor-proxy" {
path_matcher { path_matcher {
name = "allpaths" name = "allpaths"
default_service = "${data.terraform_remote_state.blc-prod.blc_backend_service}" default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
path_rule { path_rule {
paths = ["/*"] paths = ["/"]
service = "${data.terraform_remote_state.blc-prod.blc_backend_service}" service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
}
path_rule {
paths = ["/testnet"]
service = "${data.terraform_remote_state.blc-testnet.blc_backend_service_testnet}"
} }
} }
test { test {
service = "${data.terraform_remote_state.blc-prod.blc_backend_service}" service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
host = "${var.onion_host}" host = "${var.onion_host}"
path = "/api/queue.html" path = "/queue.html"
} }
test { test {

91
terraform/network.tf Normal file
View file

@ -0,0 +1,91 @@
# IP address
resource "google_compute_global_address" "lb" {
name = "satellite-api-client-lb-${local.env}"
project = "${var.project}"
count = "${local.create_mainnet}"
}
# Forwarding rules
resource "google_compute_global_forwarding_rule" "rule-https" {
name = "satellite-api-https-forwarding-rule-${local.env}"
target = "${google_compute_target_https_proxy.https-proxy.self_link}"
port_range = "443"
ip_protocol = "TCP"
ip_address = "${google_compute_global_address.lb.address}"
count = "${local.create_mainnet}"
}
resource "google_compute_global_forwarding_rule" "rule-http" {
name = "satellite-api-http-forwarding-rule-${local.env}"
target = "${google_compute_target_http_proxy.http-proxy.self_link}"
port_range = "80"
ip_protocol = "TCP"
ip_address = "${google_compute_global_address.lb.address}"
count = "${local.create_mainnet}"
}
# Target proxies
resource "google_compute_target_http_proxy" "http-proxy" {
name = "satellite-api-http-proxy-${local.env}"
url_map = "${google_compute_url_map.http.self_link}"
count = "${local.create_mainnet}"
}
resource "google_compute_target_https_proxy" "https-proxy" {
name = "satellite-api-https-proxy-${local.env}"
url_map = "${google_compute_url_map.https.self_link}"
ssl_certificates = ["${var.ssl_cert}"]
count = "${local.create_mainnet}"
}
# URL maps
resource "google_compute_url_map" "http" {
name = "satellite-api-http-urlmap-${local.env}"
default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
count = "${local.create_mainnet}"
host_rule {
hosts = ["${var.host}"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
path_rule {
paths = ["/*"]
service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
}
path_rule {
paths = ["/testnet", "/testnet/*", "/api", "/api/*"]
service = "${data.terraform_remote_state.blc-testnet.blc_backend_service_testnet}"
}
}
}
resource "google_compute_url_map" "https" {
name = "satellite-api-https-urlmap-${local.env}"
default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
count = "${local.create_mainnet}"
host_rule {
hosts = ["${var.host}"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
path_rule {
paths = ["/*"]
service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
}
path_rule {
paths = ["/testnet", "/testnet/*", "/api", "/api/*"]
service = "${data.terraform_remote_state.blc-testnet.blc_backend_service_testnet}"
}
}
}

9
terraform/outputs.tf
View file

@ -1,5 +1,10 @@
output "blc_backend_service" { # Production only (tor)
value = "${module.blc.backend_service}" output "blc_backend_service_testnet" {
value = "${module.blc-testnet.backend_service}"
}
output "blc_backend_service_mainnet" {
value = "${module.blc-mainnet.backend_service}"
} }
output "prom_svc_acct" { output "prom_svc_acct" {

53
terraform/variables.tf
View file

@ -1,38 +1,45 @@
locals { locals {
context_variables = { context_variables = {
"staging" = { "staging" = {
env = "staging" env = "staging"
create_satapi = 1 create_mainnet = 1
create_misc = 0 create_testnet = 0
create_builders = 0 create_misc = 0
} }
"prod" = { "prod" = {
env = "prod" env = "prod"
create_satapi = 1 create_mainnet = 1
create_misc = 0 create_testnet = 0
create_builders = 0 create_misc = 0
}
"testnet-staging" = {
env = "staging"
create_mainnet = 0
create_testnet = 1
create_misc = 0
}
"testnet-prod" = {
env = "prod"
create_mainnet = 0
create_testnet = 1
create_misc = 0
} }
"misc" = { "misc" = {
env = "" env = ""
create_satapi = 0 create_mainnet = 0
create_misc = 1 create_testnet = 0
create_builders = 0 create_misc = 1
}
"builders" = {
env = ""
create_satapi = 0
create_misc = 0
create_builders = 1
} }
} }
env = "${lookup(local.context_variables[terraform.workspace], "env")}" env = "${lookup(local.context_variables[terraform.workspace], "env")}"
create_satapi = "${lookup(local.context_variables[terraform.workspace], "create_satapi")}" create_mainnet = "${lookup(local.context_variables[terraform.workspace], "create_mainnet")}"
create_misc = "${lookup(local.context_variables[terraform.workspace], "create_misc")}" create_testnet = "${lookup(local.context_variables[terraform.workspace], "create_testnet")}"
create_builders = "${lookup(local.context_variables[terraform.workspace], "create_builders")}" create_misc = "${lookup(local.context_variables[terraform.workspace], "create_misc")}"
} }
variable "project" { variable "project" {