mirrors/blockstream-satellite-api
1
0
Fork 0
mirror of https://github.com/Blockstream/satellite-api.git synced 2025-02-20 12:54:28 +01:00
Code Issues Projects Releases Packages Wiki Activity

tf .12

Browse source
This commit is contained in:
nitramiz 2019-05-31 07:23:30 -07:00
parent dfe50374a6
commit ce2d18b3ba
No known key found for this signature in database
GPG key ID: 2352C35346C5D534
28 changed files with 444 additions and 406 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.gitlab-ci.yml
View file

@ -2,7 +2,7 @@ variables:
GIT_SUBMODULE_STRATEGY: none
CI_DISPOSABLE_ENVIRONMENT: "true"
image: blockstream/gcloud-docker@sha256:d5db1ec7faedfd46230fb53c859679e6abdd9173599209035e307c1a386a2189
image: blockstream/gcloud-docker@sha256:2ab8222c44502282a614cdda4a9f1434d6f91e93888a39c56b82ebc52f6bd3b1
stages:
- build
- plan
@ -83,7 +83,7 @@ plan_satapi:
-var "rpcuser=$RPCUSER"
-var "rpcpass=$RPCPASS"
-input=false)
# This plan gets triggered only for miscellaneous branches/tags (i.e. tor, prometheus, etc), so make sure the branch/tag name starts with misc_
plan_misc:
stage: plan

15
terraform/data.tf
View file

@ -1,10 +1,9 @@
data "terraform_remote_state" "blc-mainnet" {
backend = "gcs"
config {
bucket = "tf-state-satellite-api"
prefix = "terraform/state"
project = "satellite-api"
config = {
bucket = "tf-state-satellite-api"
prefix = "terraform/state"
}
workspace = "prod"
@ -13,11 +12,11 @@ data "terraform_remote_state" "blc-mainnet" {
data "terraform_remote_state" "blc-testnet" {
backend = "gcs"
config {
bucket = "tf-state-satellite-api"
prefix = "terraform/state"
project = "satellite-api"
config = {
bucket = "tf-state-satellite-api"
prefix = "terraform/state"
}
workspace = "testnet-prod"
}

11
terraform/kms.tf
View file

@ -1,14 +1,15 @@
resource "google_kms_key_ring" "tor-key-ring" {
project = "${var.project}"
project = var.project
name = "${var.name}-keyring"
location = "${var.region}"
location = var.region
count = "${local.create_misc}"
count = local.create_misc
}
resource "google_kms_crypto_key" "tor-crypto-key" {
name = "${var.name}-crypto-key"
key_ring = "${google_kms_key_ring.tor-key-ring.id}"
key_ring = google_kms_key_ring.tor-key-ring[0].id
count = "${local.create_misc}"
count = local.create_misc
}

164
terraform/main.tf
View file

@ -2,135 +2,141 @@ terraform {
required_version = "> 0.11.0"
backend "gcs" {
bucket = "terraform-bs-source"
prefix = "satellite-api"
project = "blockstream-source"
bucket = "terraform-bs-source"
prefix = "satellite-api"
}
}
provider "google" {
project = "${var.project}"
project = "var.project"
}
provider "google-beta" {
project = "${var.project}"
project = "var.project"
}
module "blc-mainnet" {
source = "modules/blc"
source = "./modules/blc"
project = "${var.project}"
project = var.project
name = "satellite-api"
network = "default"
bitcoin_docker = "${var.bitcoin_docker}"
lightning_docker = "${var.lightning_docker}"
charge_docker = "${var.charge_docker}"
ionosphere_docker = "${var.ionosphere_docker}"
ionosphere_sse_docker = "${var.ionosphere_sse_docker}"
node_exporter_docker = "${var.node_exporter_docker}"
bitcoin_docker = var.bitcoin_docker
lightning_docker = var.lightning_docker
charge_docker = var.charge_docker
ionosphere_docker = var.ionosphere_docker
ionosphere_sse_docker = var.ionosphere_sse_docker
node_exporter_docker = var.node_exporter_docker
net = "mainnet"
env = "${local.env}"
env = local.env
create_resources = "${local.create_mainnet}"
create_resources = local.create_mainnet
# CI vars
region = "${var.region}"
zone = "${var.zone}"
instance_type = "${var.instance_type[0]}"
host = ["${var.host}"]
space_host = "${var.space_host}"
ssl_cert = ["${var.ssl_cert}"]
timeout = "${var.timeout}"
prom_service_acct = "${var.prom_service_acct}"
opsgenie_key = "${var.opsgenie_key}"
rpcuser = "${var.rpcuser}"
rpcpass = "${var.rpcpass}"
region = var.region
zone = var.zone
instance_type = var.instance_type[0]
host = var.host
space_host = var.space_host
ssl_cert = [var.ssl_cert]
timeout = var.timeout
prom_service_acct = var.prom_service_acct
opsgenie_key = var.opsgenie_key
rpcuser = var.rpcuser
rpcpass = var.rpcpass
}
module "blc-testnet" {
source = "modules/blc"
source = "./modules/blc"
project = "${var.project}"
project = var.project
name = "satellite-api"
network = "default"
bitcoin_docker = "${var.bitcoin_docker}"
lightning_docker = "${var.lightning_docker}"
charge_docker = "${var.charge_docker}"
ionosphere_docker = "${var.ionosphere_docker}"
ionosphere_sse_docker = "${var.ionosphere_sse_docker}"
node_exporter_docker = "${var.node_exporter_docker}"
bitcoin_docker = var.bitcoin_docker
lightning_docker = var.lightning_docker
charge_docker = var.charge_docker
ionosphere_docker = var.ionosphere_docker
ionosphere_sse_docker = var.ionosphere_sse_docker
node_exporter_docker = var.node_exporter_docker
net = "testnet"
env = "${local.env}"
env = local.env
create_resources = "${local.create_testnet}"
create_resources = local.create_testnet
# CI vars
region = "${var.region}"
zone = "${var.zone}"
instance_type = "${var.instance_type[0]}"
host = ["${var.host}"]
space_host = "${var.space_host}"
ssl_cert = ["${var.ssl_cert}"]
timeout = "${var.timeout}"
prom_service_acct = "${var.prom_service_acct}"
opsgenie_key = "${var.opsgenie_key}"
rpcuser = "${var.rpcuser}"
rpcpass = "${var.rpcpass}"
region = var.region
zone = var.zone
instance_type = var.instance_type[0]
host = var.host
space_host = var.space_host
ssl_cert = [var.ssl_cert]
timeout = var.timeout
prom_service_acct = var.prom_service_acct
opsgenie_key = var.opsgenie_key
rpcuser = var.rpcuser
rpcpass = var.rpcpass
}
module "tor" {
source = "modules/tor"
source = "./modules/tor"
project = "${var.project}"
project = var.project
network = "default"
name = "satapi-tor"
gcloud_docker = "${var.gcloud_docker}"
tor_docker = "${var.tor_docker}"
node_exporter_docker = "${var.node_exporter_docker}"
kms_key = "${element(concat(google_kms_crypto_key.tor-crypto-key.*.name, list("")), 0)}"
kms_key_ring = "${element(concat(google_kms_key_ring.tor-key-ring.*.name, list("")), 0)}"
kms_key_link = "${element(concat(google_kms_crypto_key.tor-crypto-key.*.self_link, list("")), 0)}"
tor_lb = "${element(concat(google_compute_global_address.tor-lb.*.address, list("")), 0)}"
gcloud_docker = var.gcloud_docker
tor_docker = var.tor_docker
node_exporter_docker = var.node_exporter_docker
kms_key = element(concat(google_kms_crypto_key.tor-crypto-key.*.name, [""]), 0)
kms_key_ring = element(concat(google_kms_key_ring.tor-key-ring.*.name, [""]), 0)
kms_key_link = element(
concat(google_kms_crypto_key.tor-crypto-key.*.self_link, [""]),
0,
)
tor_lb = element(
concat(google_compute_global_address.tor-lb.*.address, [""]),
0,
)
create_resources = "${local.create_misc}"
create_resources = local.create_misc
# CI vars
region = "${var.region}"
zone = "${var.zone}"
instance_type = "${var.instance_type[1]}"
onion_host = "${var.onion_host}"
prom_service_acct = "${var.prom_service_acct}"
region = var.region
zone = var.zone
instance_type = var.instance_type[1]
onion_host = var.onion_host
prom_service_acct = var.prom_service_acct
}
module "prometheus" {
source = "modules/prometheus"
source = "./modules/prometheus"
project = "${var.project}"
project = var.project
network = "default"
name = "satapi-prometheus"
prom_docker = "${var.prom_docker}"
node_exporter_docker = "${var.node_exporter_docker}"
prom_docker = var.prom_docker
node_exporter_docker = var.node_exporter_docker
create_resources = "${local.create_misc}"
create_resources = local.create_misc
# CI vars
region = "${var.region}"
zone = "${var.zone}"
instance_type = "${var.instance_type[2]}"
prom_allowed_source_ip = "${var.prom_allowed_source_ip}"
opsgenie_key = "${var.opsgenie_key}"
prom_service_acct = "${var.prom_service_acct}"
region = var.region
zone = var.zone
instance_type = var.instance_type[2]
prom_allowed_source_ip = var.prom_allowed_source_ip
opsgenie_key = var.opsgenie_key
prom_service_acct = var.prom_service_acct
}
module "dns" {
source = "modules/dns"
source = "./modules/dns"
project = "${var.project}"
project = var.project
create_resources = "${local.create_misc}"
create_resources = local.create_misc
# CI vars
satellite_lb = "${var.satellite_lb}"
satellite_api_lb = "${var.satellite_api_lb}"
satellite_api_lb_staging = "${var.satellite_api_lb_staging}"
satellite_lb = var.satellite_lb
satellite_api_lb = var.satellite_api_lb
satellite_api_lb_staging = var.satellite_api_lb_staging
}

44
terraform/modules/blc/data.tf
View file

@ -1,47 +1,49 @@
data "google_compute_network" "blc" {
name = "default"
project = var.project
}
data "google_compute_image" "blc" {
family = "satapi-data-${var.net}-${var.env}"
project = "${var.project}"
count = "${var.create_resources}"
project = var.project
count = var.create_resources
}
data "template_file" "blc" {
template = "${file("${path.module}/cloud-init/blc.yaml")}"
count = "${var.create_resources}"
template = file("${path.module}/cloud-init/blc.yaml")
count = var.create_resources
vars {
rpcuser = "${var.rpcuser}"
rpcpass = "${var.rpcpass}"
net = "${var.net}"
url_path = "${var.net == "testnet" ? "/testnet" : ""}"
vars = {
rpcuser = var.rpcuser
rpcpass = var.rpcpass
net = var.net
url_path = var.net == "testnet" ? "/testnet" : ""
bitcoin_cmd = "bitcoind ${var.net == "testnet" ? "-testnet" : ""} -printtoconsole"
lightning_cmd = "lightningd ${var.net == "testnet" ? "--testnet" : "--mainnet"} --conf=/root/.lightning/lightning.conf --plugin-dir=/usr/local/bin/plugins"
charge_cmd = "charged -d /data/charge.db -l /root/.lightning"
announce_addr = "${google_compute_address.blc.address}"
announce_addr = google_compute_address.blc[0].address
lightning_port = 9735
bitcoin_docker = "${var.bitcoin_docker}"
lightning_docker = "${var.lightning_docker}"
charge_docker = "${var.charge_docker}"
bitcoin_docker = var.bitcoin_docker
lightning_docker = var.lightning_docker
charge_docker = var.charge_docker
redis_port = 6379
ionosphere_docker = "${var.ionosphere_docker}"
ionosphere_sse_docker = "${var.ionosphere_sse_docker}"
node_exporter_docker = "${var.node_exporter_docker}"
opsgenie_key = "${var.opsgenie_key}"
host = "${var.host[0]}"
space_host = "${var.host[1]}"
ionosphere_docker = var.ionosphere_docker
ionosphere_sse_docker = var.ionosphere_sse_docker
node_exporter_docker = var.node_exporter_docker
opsgenie_key = var.opsgenie_key
host = var.host[0]
space_host = var.host[1]
}
}
data "template_cloudinit_config" "blc" {
gzip = false
base64_encode = false
count = "${var.create_resources}"
count = var.create_resources
part {
content_type = "text/cloud-config"
content = "${data.template_file.blc.rendered}"
content = data.template_file.blc[0].rendered
}
}

15
terraform/modules/blc/firewall.tf
View file

@ -1,7 +1,7 @@
resource "google_compute_firewall" "blc" {
name = "${var.name}-${var.net}-fw-rule-${var.env}"
network = "${data.google_compute_network.blc.self_link}"
count = "${var.create_resources}"
network = data.google_compute_network.blc.self_link
count = var.create_resources
allow {
protocol = "tcp"
@ -9,14 +9,14 @@ resource "google_compute_firewall" "blc" {
}
target_service_accounts = [
"${google_service_account.blc.email}",
google_service_account.blc[0].email,
]
}
resource "google_compute_firewall" "blc-prom" {
name = "${var.name}-${var.net}-prometheus-access-${var.env}"
network = "${data.google_compute_network.blc.self_link}"
count = "${var.create_resources}"
network = data.google_compute_network.blc.self_link
count = var.create_resources
allow {
protocol = "tcp"
@ -24,10 +24,11 @@ resource "google_compute_firewall" "blc-prom" {
}
source_service_accounts = [
"${var.prom_service_acct}",
var.prom_service_acct,
]
target_service_accounts = [
"${google_service_account.blc.email}",
google_service_account.blc[0].email,
]
}

9
terraform/modules/blc/iam.tf
View file

@ -1,12 +1,13 @@
resource "google_service_account" "blc" {
account_id = "${var.name}-${var.net}-${var.env}"
display_name = "${var.name}-${var.net}-${var.env}"
count = "${var.create_resources}"
count = var.create_resources
}
resource "google_project_iam_member" "blc" {
project = "${var.project}"
project = var.project
role = "roles/editor"
member = "serviceAccount:${google_service_account.blc.email}"
count = "${var.create_resources}"
member = "serviceAccount:${google_service_account.blc[0].email}"
count = var.create_resources
}

43
terraform/modules/blc/main.tf
View file

@ -1,16 +1,16 @@
# Instance group
resource "google_compute_instance_group_manager" "blc" {
name = "${var.name}-ig-${var.net}-${var.env}"
count = "${var.create_resources}"
provider = "google-beta"
count = var.create_resources
provider = google-beta
base_instance_name = "${var.name}-ig-${var.net}-${var.env}"
zone = "${var.zone}"
zone = var.zone
target_size = 1
version {
name = "original"
instance_template = "${google_compute_instance_template.blc.self_link}"
instance_template = google_compute_instance_template.blc[0].self_link
}
update_policy {
@ -25,13 +25,13 @@ resource "google_compute_instance_group_manager" "blc" {
resource "google_compute_disk" "blc" {
name = "${var.name}-data-${var.net}-${var.env}"
type = "pd-standard"
image = "${data.google_compute_image.blc.self_link}"
zone = "${var.zone}"
count = "${var.create_resources}"
image = data.google_compute_image.blc[0].self_link
zone = var.zone
count = var.create_resources
lifecycle {
prevent_destroy = true
ignore_changes = ["image"]
ignore_changes = [image]
}
}
@ -39,14 +39,14 @@ resource "google_compute_disk" "blc" {
resource "google_compute_instance_template" "blc" {
name_prefix = "${var.name}-${var.net}-${var.env}-tmpl-"
description = "This template is used to create ${var.name} ${var.net} ${var.env} instances."
machine_type = "${var.instance_type}"
region = "${var.region}"
count = "${var.create_resources}"
machine_type = var.instance_type
region = var.region
count = var.create_resources
labels {
labels = {
type = "lightning-app"
name = "${var.name}"
net = "${var.net}"
name = var.name
net = var.net
}
scheduling {
@ -55,7 +55,7 @@ resource "google_compute_instance_template" "blc" {
}
disk {
source_image = "${var.boot_image}"
source_image = var.boot_image
disk_type = "pd-ssd"
auto_delete = true
boot = true
@ -63,26 +63,26 @@ resource "google_compute_instance_template" "blc" {
}
disk {
source = "${google_compute_disk.blc.name}"
source = google_compute_disk.blc[0].name
auto_delete = false
device_name = "data"
}
network_interface {
network = "${data.google_compute_network.blc.self_link}"
network = data.google_compute_network.blc.self_link
access_config {
nat_ip = "${google_compute_address.blc.address}"
nat_ip = google_compute_address.blc[0].address
}
}
metadata {
metadata = {
google-logging-enabled = "true"
user-data = "${data.template_cloudinit_config.blc.rendered}"
user-data = data.template_cloudinit_config.blc[0].rendered
}
service_account {
email = "${google_service_account.blc.email}"
email = google_service_account.blc[0].email
scopes = ["compute-ro", "storage-ro"]
}
@ -90,3 +90,4 @@ resource "google_compute_instance_template" "blc" {
create_before_destroy = true
}
}

17
terraform/modules/blc/network.tf
View file

@ -1,8 +1,8 @@
resource "google_compute_address" "blc" {
name = "${var.name}-${var.net}-external-ip-${var.env}-${count.index}"
project = "${var.project}"
region = "${var.region}"
count = "${var.create_resources}"
project = var.project
region = var.region
count = var.create_resources
}
# Backend service
@ -11,20 +11,20 @@ resource "google_compute_backend_service" "blc" {
description = "Satellite API"
protocol = "HTTP"
port_name = "http"
timeout_sec = "${var.timeout}"
count = "${var.create_resources}"
timeout_sec = var.timeout
count = var.create_resources
backend {
group = "${google_compute_instance_group_manager.blc.instance_group}"
group = google_compute_instance_group_manager.blc[0].instance_group
}
health_checks = ["${google_compute_health_check.blc.self_link}"]
health_checks = [google_compute_health_check.blc[0].self_link]
}
# Health checks
resource "google_compute_health_check" "blc" {
name = "${var.name}-${var.net}-health-check-${var.env}"
count = "${var.create_resources}"
count = var.create_resources
check_interval_sec = 5
timeout_sec = 3
@ -33,3 +33,4 @@ resource "google_compute_health_check" "blc" {
port = "80"
}
}

6
terraform/modules/blc/outputs.tf
View file

@ -1,3 +1,7 @@
output "backend_service" {
value = "${element(concat(google_compute_backend_service.blc.*.self_link, list("")), 0)}"
value = element(
concat(google_compute_backend_service.blc.*.self_link, [""]),
0,
)
}

49
terraform/modules/blc/variables.tf
View file

@ -1,97 +1,98 @@
variable "project" {
type = "string"
type = string
default = "satellite-api"
}
variable "boot_image" {
type = "string"
type = string
default = "cos-cloud/cos-stable"
}
variable "create_resources" {
type = "string"
type = string
}
variable "rpcuser" {
type = "string"
type = string
}
variable "rpcpass" {
type = "string"
type = string
}
variable "env" {
type = "string"
type = string
}
variable "name" {
type = "string"
type = string
}
variable "network" {
type = "string"
type = string
}
variable "region" {
type = "string"
type = string
}
variable "zone" {
type = "string"
type = string
}
variable "instance_type" {
type = "string"
type = string
}
variable "net" {
type = "string"
type = string
}
variable "ssl_cert" {
type = "list"
type = list
}
variable "host" {
type = "list"
type = list
}
variable "space_host" {
type = "string"
type = string
}
variable "timeout" {
type = "string"
type = string
}
variable "opsgenie_key" {
type = "string"
type = string
}
variable "prom_service_acct" {
type = "string"
type = string
}
variable "bitcoin_docker" {
type = "string"
type = string
}
variable "charge_docker" {
type = "string"
type = string
}
variable "lightning_docker" {
type = "string"
type = string
}
variable "ionosphere_docker" {
type = "string"
type = string
}
variable "ionosphere_sse_docker" {
type = "string"
type = string
}
variable "node_exporter_docker" {
type = "string"
type = string
}

29
terraform/modules/dns/blockstream-space.tf
View file

@ -2,8 +2,8 @@ resource "google_dns_managed_zone" "blockstream-space" {
name = "blockstream-space"
dns_name = "blockstream.space."
description = "A long time ago, in a galaxy far, far away... P.S. Don't edit directly in Gcloud, but rather in the Satellite API repo (Otherwise, things break and Chase gets really mad)."
project = "${var.project}"
count = "${var.create_resources}"
project = var.project
count = var.create_resources
labels = {
managed-by = "terraform"
@ -11,31 +11,32 @@ resource "google_dns_managed_zone" "blockstream-space" {
}
resource "google_dns_record_set" "a-satellite" {
name = "${google_dns_managed_zone.blockstream-space.dns_name}"
managed_zone = "${google_dns_managed_zone.blockstream-space.name}"
name = google_dns_managed_zone.blockstream-space[0].dns_name
managed_zone = google_dns_managed_zone.blockstream-space[0].name
type = "A"
ttl = 300
count = "${var.create_resources}"
count = var.create_resources
rrdatas = ["${var.satellite_lb}"]
rrdatas = [var.satellite_lb]
}
resource "google_dns_record_set" "a-satellite-api" {
name = "api.${google_dns_managed_zone.blockstream-space.dns_name}"
managed_zone = "${google_dns_managed_zone.blockstream-space.name}"
name = "api.${google_dns_managed_zone.blockstream-space[0].dns_name}"
managed_zone = google_dns_managed_zone.blockstream-space[0].name
type = "A"
ttl = 300
count = "${var.create_resources}"
count = var.create_resources
rrdatas = ["${var.satellite_api_lb}"]
rrdatas = [var.satellite_api_lb]
}
resource "google_dns_record_set" "a-satellite-api-staging" {
name = "staging-api.${google_dns_managed_zone.blockstream-space.dns_name}"
managed_zone = "${google_dns_managed_zone.blockstream-space.name}"
name = "staging-api.${google_dns_managed_zone.blockstream-space[0].dns_name}"
managed_zone = google_dns_managed_zone.blockstream-space[0].name
type = "A"
ttl = 300
count = "${var.create_resources}"
count = var.create_resources
rrdatas = ["${var.satellite_api_lb_staging}"]
rrdatas = [var.satellite_api_lb_staging]
}

11
terraform/modules/dns/variables.tf
View file

@ -1,19 +1,20 @@
variable "project" {
type = "string"
type = string
}
variable "satellite_lb" {
type = "string"
type = string
}
variable "satellite_api_lb" {
type = "string"
type = string
}
variable "satellite_api_lb_staging" {
type = "string"
type = string
}
variable "create_resources" {
type = "string"
type = string
}

16
terraform/modules/prometheus/data.tf
View file

@ -1,15 +1,16 @@
data "google_compute_network" "default" {
name = "default"
project = var.project
}
data "template_file" "prometheus" {
template = "${file("${path.module}/cloud-init/prometheus.yml")}"
template = file("${path.module}/cloud-init/prometheus.yml")
vars {
prom_docker = "${var.prom_docker}"
node_exporter_docker = "${var.node_exporter_docker}"
retention = "${var.retention}"
opsgenie_key = "${var.opsgenie_key}"
vars = {
prom_docker = var.prom_docker
node_exporter_docker = var.node_exporter_docker
retention = var.retention
opsgenie_key = var.opsgenie_key
}
}
@ -19,6 +20,7 @@ data "template_cloudinit_config" "prometheus" {
part {
content_type = "text/cloud-config"
content = "${data.template_file.prometheus.rendered}"
content = data.template_file.prometheus.rendered
}
}

7
terraform/modules/prometheus/firewall.tf
View file

@ -1,8 +1,8 @@
resource "google_compute_firewall" "all-traffic" {
name = "prometheus-${var.name}-all-traffic-access"
network = "${data.google_compute_network.default.self_link}"
network = data.google_compute_network.default.self_link
count = "${var.create_resources}"
count = var.create_resources
allow {
protocol = "tcp"
@ -12,6 +12,7 @@ resource "google_compute_firewall" "all-traffic" {
source_ranges = ["${var.prom_allowed_source_ip}/32"]
target_service_accounts = [
"${google_service_account.prometheus.email}",
google_service_account.prometheus[0].email,
]
}

13
terraform/modules/prometheus/iam.tf
View file

@ -1,14 +1,15 @@
resource "google_service_account" "prometheus" {
account_id = "${var.name}"
display_name = "${var.name}"
account_id = var.name
display_name = var.name
count = "${var.create_resources}"
count = var.create_resources
}
resource "google_project_iam_member" "prometheus" {
project = "${var.project}"
project = var.project
role = "roles/editor"
member = "serviceAccount:${google_service_account.prometheus.email}"
member = "serviceAccount:${google_service_account.prometheus[0].email}"
count = "${var.create_resources}"
count = var.create_resources
}

59
terraform/modules/prometheus/main.tf
View file

@ -1,47 +1,47 @@
resource "google_compute_disk" "prometheus-data" {
name = "${var.name}-data-disk"
project = "${var.project}"
project = var.project
type = "pd-standard"
zone = "${var.zone}"
zone = var.zone
size = "50"
count = "${var.create_resources}"
count = var.create_resources
}
resource "google_compute_address" "prometheus-address" {
name = "${var.name}-address"
project = "${var.project}"
region = "${var.region}"
count = "${var.create_resources}"
project = var.project
region = var.region
count = var.create_resources
}
resource "google_compute_address" "prometheus-internal-address" {
name = "${var.name}-internal-address"
project = "${var.project}"
region = "${var.region}"
project = var.project
region = var.region
address_type = "INTERNAL"
count = "${var.create_resources}"
count = var.create_resources
}
locals {
service_account = "${terraform.workspace == "misc" ? element(concat(google_service_account.prometheus.*.email, list("")), 0) : var.prom_service_acct}"
service_account = terraform.workspace == "misc" ? element(concat(google_service_account.prometheus.*.email, [""]), 0) : var.prom_service_acct
}
resource "google_compute_instance" "prometheus-server" {
name = "${var.name}"
machine_type = "${var.instance_type}"
zone = "${var.zone}"
project = "${var.project}"
name = var.name
machine_type = var.instance_type
zone = var.zone
project = var.project
allow_stopping_for_update = true
count = "${var.create_resources}"
count = var.create_resources
labels {
labels = {
type = "prometheus"
name = "${var.name}"
network = "${var.network}"
name = var.name
network = var.network
}
service_account {
email = "${local.service_account}"
email = local.service_account
scopes = [
"https://www.googleapis.com/auth/compute.readonly",
@ -53,25 +53,32 @@ resource "google_compute_instance" "prometheus-server" {
boot_disk {
initialize_params {
size = "10"
image = "${var.boot_image}"
image = var.boot_image
}
}
attached_disk {
source = "${element(google_compute_disk.prometheus-data.*.name, count.index)}"
source = element(google_compute_disk.prometheus-data.*.name, count.index)
device_name = "data"
}
network_interface {
network = "${data.google_compute_network.default.self_link}"
network_ip = "${element(google_compute_address.prometheus-internal-address.*.address, count.index)}"
network = data.google_compute_network.default.self_link
network_ip = element(
google_compute_address.prometheus-internal-address.*.address,
count.index,
)
access_config {
nat_ip = "${element(google_compute_address.prometheus-address.*.address, count.index)}"
nat_ip = element(
google_compute_address.prometheus-address.*.address,
count.index,
)
}
}
metadata {
"user-data" = "${data.template_cloudinit_config.prometheus.rendered}"
metadata = {
user-data = data.template_cloudinit_config.prometheus.rendered
}
}

3
terraform/modules/prometheus/outputs.tf
View file

@ -1,3 +1,4 @@
output "prom_svc_acct" {
value = "${element(concat(google_service_account.prometheus.*.email, list("")), 0)}"
value = element(concat(google_service_account.prometheus.*.email, [""]), 0)
}

29
terraform/modules/prometheus/variables.tf
View file

@ -1,58 +1,59 @@
variable "boot_image" {
type = "string"
type = string
default = "cos-cloud/cos-stable"
}
variable "network" {
type = "string"
type = string
default = "default"
}
variable "retention" {
type = "string"
type = string
default = "31d"
}
variable "project" {
type = "string"
type = string
}
variable "name" {
type = "string"
type = string
}
variable "region" {
type = "string"
type = string
}
variable "zone" {
type = "string"
type = string
}
variable "instance_type" {
type = "string"
type = string
}
variable "create_resources" {
type = "string"
type = string
}
variable "prom_service_acct" {
type = "string"
type = string
}
variable "prom_allowed_source_ip" {
type = "string"
type = string
}
variable "opsgenie_key" {
type = "string"
type = string
}
variable "prom_docker" {
type = "string"
type = string
}
variable "node_exporter_docker" {
type = "string"
type = string
}

29
terraform/modules/tor/data.tf
View file

@ -1,22 +1,22 @@
data "google_compute_network" "default" {
name = "default"
project = var.project
}
data "template_file" "tor" {
template = "${file("${path.module}/cloud-init/tor.yaml")}"
template = file("${path.module}/cloud-init/tor.yaml")
vars {
tor_lb = "${var.tor_lb}"
v3_host = "${var.onion_host}"
v3_pk = "${file("${path.module}/v3.pk")}"
v3_pubk = "${file("${path.module}/v3.pubk")}"
tor_docker = "${var.tor_docker}"
gcloud_docker = "${var.gcloud_docker}"
node_exporter_docker = "${var.node_exporter_docker}"
kms_key = "${var.kms_key}"
kms_key_ring = "${var.kms_key_ring}"
kms_location = "${var.region}"
vars = {
tor_lb = var.tor_lb
v3_host = var.onion_host
v3_pk = file("${path.module}/v3.pk")
v3_pubk = file("${path.module}/v3.pubk")
tor_docker = var.tor_docker
gcloud_docker = var.gcloud_docker
node_exporter_docker = var.node_exporter_docker
kms_key = var.kms_key
kms_key_ring = var.kms_key_ring
kms_location = var.region
}
}
@ -26,6 +26,7 @@ data "template_cloudinit_config" "tor" {
part {
content_type = "text/cloud-config"
content = "${data.template_file.tor.rendered}"
content = data.template_file.tor.rendered
}
}

15
terraform/modules/tor/firewall.tf
View file

@ -1,8 +1,8 @@
resource "google_compute_firewall" "tor-healthcheck" {
name = "${var.name}-healthcheck"
network = "${data.google_compute_network.default.self_link}"
network = data.google_compute_network.default.self_link
count = "${var.create_resources}"
count = var.create_resources
allow {
protocol = "tcp"
@ -12,15 +12,15 @@ resource "google_compute_firewall" "tor-healthcheck" {
source_ranges = ["130.211.0.0/22", "35.191.0.0/16", "10.0.0.0/8"]
target_service_accounts = [
"${google_service_account.tor.email}",
google_service_account.tor[0].email,
]
}
resource "google_compute_firewall" "prom-traffic" {
name = "${var.name}-prometheus-access"
network = "${data.google_compute_network.default.self_link}"
network = data.google_compute_network.default.self_link
count = "${var.create_resources}"
count = var.create_resources
allow {
protocol = "tcp"
@ -28,10 +28,11 @@ resource "google_compute_firewall" "prom-traffic" {
}
source_service_accounts = [
"${var.prom_service_acct}",
var.prom_service_acct,
]
target_service_accounts = [
"${google_service_account.tor.email}",
google_service_account.tor[0].email,
]
}

19
terraform/modules/tor/iam.tf
View file

@ -1,25 +1,26 @@
resource "google_service_account" "tor" {
account_id = "${var.name}"
display_name = "${var.name}"
account_id = var.name
display_name = var.name
count = "${var.create_resources}"
count = var.create_resources
}
resource "google_project_iam_member" "tor" {
project = "${var.project}"
project = var.project
role = "roles/editor"
member = "serviceAccount:${google_service_account.tor.email}"
member = "serviceAccount:${google_service_account.tor[0].email}"
count = "${var.create_resources}"
count = var.create_resources
}
resource "google_kms_crypto_key_iam_binding" "crypto-key" {
crypto_key_id = "${var.kms_key_link}"
crypto_key_id = var.kms_key_link
role = "roles/cloudkms.cryptoKeyDecrypter"
count = "${var.create_resources}"
count = var.create_resources
members = [
"serviceAccount:${google_service_account.tor.email}",
"serviceAccount:${google_service_account.tor[0].email}",
]
}

36
terraform/modules/tor/main.tf
View file

@ -3,7 +3,7 @@ resource "google_compute_health_check" "tor" {
timeout_sec = 5
check_interval_sec = 10
count = "${var.create_resources}"
count = var.create_resources
tcp_health_check {
port = "9050"
@ -12,16 +12,16 @@ resource "google_compute_health_check" "tor" {
resource "google_compute_region_instance_group_manager" "tor" {
name = "${var.name}-ig"
count = "${var.create_resources}"
provider = "google-beta"
count = var.create_resources
provider = google-beta
region = "${var.region}"
base_instance_name = "${var.name}"
region = var.region
base_instance_name = var.name
target_size = 1
version {
name = "original"
instance_template = "${google_compute_instance_template.tor.self_link}"
instance_template = google_compute_instance_template.tor[0].self_link
}
update_policy {
@ -36,17 +36,17 @@ resource "google_compute_region_instance_group_manager" "tor" {
resource "google_compute_instance_template" "tor" {
name_prefix = "${var.name}-template-"
description = "This template is used to create ${var.name} instances."
machine_type = "${var.instance_type}"
count = "${var.create_resources}"
machine_type = var.instance_type
count = var.create_resources
labels {
labels = {
type = "tor"
name = "${var.name}"
network = "${var.network}"
name = var.name
network = var.network
}
disk {
source_image = "${var.boot_image}"
source_image = var.boot_image
boot = true
auto_delete = true
disk_type = "pd-ssd"
@ -55,18 +55,19 @@ resource "google_compute_instance_template" "tor" {
}
network_interface {
network = "${data.google_compute_network.default.self_link}"
network = data.google_compute_network.default.self_link
access_config {}
access_config {
}
}
metadata {
metadata = {
google-logging-enabled = "true"
"user-data" = "${data.template_cloudinit_config.tor.rendered}"
user-data = data.template_cloudinit_config.tor.rendered
}
service_account {
email = "${google_service_account.tor.email}"
email = google_service_account.tor[0].email
scopes = [
"https://www.googleapis.com/auth/cloudkms",
@ -79,3 +80,4 @@ resource "google_compute_instance_template" "tor" {
create_before_destroy = true
}
}

35
terraform/modules/tor/variables.tf
View file

@ -1,70 +1,71 @@
variable "boot_image" {
type = "string"
type = string
default = "cos-cloud/cos-stable"
}
variable "region" {
type = "string"
type = string
}
variable "project" {
type = "string"
type = string
}
variable "name" {
type = "string"
type = string
}
variable "network" {
type = "string"
type = string
default = "default"
}
variable "zone" {
type = "string"
type = string
}
variable "instance_type" {
type = "string"
type = string
}
variable "tor_lb" {
type = "string"
type = string
}
variable "onion_host" {
type = "string"
type = string
}
variable "create_resources" {
type = "string"
type = string
}
variable "prom_service_acct" {
type = "string"
type = string
}
variable "kms_key_link" {
type = "string"
type = string
}
variable "kms_key" {
type = "string"
type = string
}
variable "kms_key_ring" {
type = "string"
type = string
default = ""
}
variable "tor_docker" {
type = "string"
type = string
}
variable "node_exporter_docker" {
type = "string"
type = string
}
variable "gcloud_docker" {
type = "string"
type = string
}

45
terraform/network-tor.tf
View file

@ -1,31 +1,31 @@
resource "google_compute_global_address" "tor-lb" {
name = "${var.name}-lb"
project = "${var.project}"
count = "${local.create_misc}"
project = var.project
count = local.create_misc
}
resource "google_compute_global_forwarding_rule" "tor-rule" {
name = "${var.name}-forwarding-rule"
target = "${google_compute_target_http_proxy.tor-proxy.self_link}"
target = google_compute_target_http_proxy.tor-proxy[0].self_link
port_range = "80"
ip_protocol = "TCP"
ip_address = "${google_compute_global_address.tor-lb.address}"
ip_address = google_compute_global_address.tor-lb[0].address
count = "${local.create_misc}"
count = local.create_misc
}
resource "google_compute_target_http_proxy" "tor-proxy" {
name = "${var.name}-http-proxy"
url_map = "${google_compute_url_map.tor-proxy.self_link}"
url_map = google_compute_url_map.tor-proxy[0].self_link
count = "${local.create_misc}"
count = local.create_misc
}
resource "google_compute_url_map" "tor-proxy" {
name = "${var.name}-urlmap"
default_service = "${google_compute_backend_bucket.tor_deadhole_backend.self_link}"
default_service = google_compute_backend_bucket.tor_deadhole_backend[0].self_link
count = "${local.create_misc}"
count = local.create_misc
host_rule {
hosts = ["*"]
@ -34,43 +34,43 @@ resource "google_compute_url_map" "tor-proxy" {
path_matcher {
name = "deadpaths"
default_service = "${google_compute_backend_bucket.tor_deadhole_backend.self_link}"
default_service = google_compute_backend_bucket.tor_deadhole_backend[0].self_link
path_rule {
paths = ["/*"]
service = "${google_compute_backend_bucket.tor_deadhole_backend.self_link}"
service = google_compute_backend_bucket.tor_deadhole_backend[0].self_link
}
}
host_rule {
hosts = ["${var.onion_host}"]
hosts = [var.onion_host]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
default_service = data.terraform_remote_state.blc-mainnet.outputs.blc_backend_service_mainnet
path_rule {
paths = ["/*"]
service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
service = data.terraform_remote_state.blc-mainnet.outputs.blc_backend_service_mainnet
}
path_rule {
paths = ["/testnet", "/testnet/*"]
service = "${data.terraform_remote_state.blc-testnet.blc_backend_service_testnet}"
service = data.terraform_remote_state.blc-testnet.outputs.blc_backend_service_testnet
}
}
test {
service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
host = "${var.onion_host}"
service = data.terraform_remote_state.blc-mainnet.outputs.blc_backend_service_mainnet
host = var.onion_host
path = "/queue.html"
}
test {
service = "${google_compute_backend_bucket.tor_deadhole_backend.self_link}"
host = "${google_compute_global_address.tor-lb.address}"
service = google_compute_backend_bucket.tor_deadhole_backend[0].self_link
host = google_compute_global_address.tor-lb[0].address
path = "/*"
}
}
@ -78,15 +78,16 @@ resource "google_compute_url_map" "tor-proxy" {
resource "google_compute_backend_bucket" "tor_deadhole_backend" {
name = "${var.name}-deadhole-backend-bucket"
description = "Unmatched hosts end up in this deadhole"
bucket_name = "${google_storage_bucket.tor_deadhole.name}"
bucket_name = google_storage_bucket.tor_deadhole[0].name
enable_cdn = false
count = "${local.create_misc}"
count = local.create_misc
}
resource "google_storage_bucket" "tor_deadhole" {
name = "${var.name}-deadhole-bucket"
location = "US"
count = "${local.create_misc}"
count = local.create_misc
}

51
terraform/network.tf
View file

@ -1,92 +1,93 @@
# IP address
resource "google_compute_global_address" "lb" {
name = "satellite-api-client-lb-${local.env}"
project = "${var.project}"
count = "${local.create_mainnet}"
project = var.project
count = local.create_mainnet
}
# Forwarding rules
resource "google_compute_global_forwarding_rule" "rule-https" {
name = "satellite-api-https-forwarding-rule-${local.env}"
target = "${google_compute_target_https_proxy.https-proxy.self_link}"
target = google_compute_target_https_proxy.https-proxy[0].self_link
port_range = "443"
ip_protocol = "TCP"
ip_address = "${google_compute_global_address.lb.address}"
count = "${local.create_mainnet}"
ip_address = google_compute_global_address.lb[0].address
count = local.create_mainnet
}
resource "google_compute_global_forwarding_rule" "rule-http" {
name = "satellite-api-http-forwarding-rule-${local.env}"
target = "${google_compute_target_http_proxy.http-proxy.self_link}"
target = google_compute_target_http_proxy.http-proxy[0].self_link
port_range = "80"
ip_protocol = "TCP"
ip_address = "${google_compute_global_address.lb.address}"
count = "${local.create_mainnet}"
ip_address = google_compute_global_address.lb[0].address
count = local.create_mainnet
}
# Target proxies
resource "google_compute_target_http_proxy" "http-proxy" {
name = "satellite-api-http-proxy-${local.env}"
url_map = "${google_compute_url_map.http.self_link}"
count = "${local.create_mainnet}"
url_map = google_compute_url_map.http[0].self_link
count = local.create_mainnet
}
resource "google_compute_target_https_proxy" "https-proxy" {
name = "satellite-api-https-proxy-${local.env}"
url_map = "${google_compute_url_map.https.self_link}"
ssl_certificates = ["${var.ssl_cert}"]
count = "${local.create_mainnet}"
url_map = google_compute_url_map.https[0].self_link
ssl_certificates = var.ssl_cert
count = local.create_mainnet
}
# URL maps
resource "google_compute_url_map" "http" {
name = "satellite-api-http-urlmap-${local.env}"
default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
count = "${local.create_mainnet}"
default_service = data.terraform_remote_state.blc-mainnet.outputs.blc_backend_service_mainnet
count = local.create_mainnet
host_rule {
hosts = ["${var.host}"]
hosts = var.host
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
default_service = data.terraform_remote_state.blc-mainnet.outputs.blc_backend_service_mainnet
path_rule {
paths = ["/*"]
service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
service = data.terraform_remote_state.blc-mainnet.outputs.blc_backend_service_mainnet
}
path_rule {
paths = ["/testnet", "/testnet/*", "/api", "/api/*"]
service = "${data.terraform_remote_state.blc-testnet.blc_backend_service_testnet}"
service = data.terraform_remote_state.blc-testnet.outputs.blc_backend_service_testnet
}
}
}
resource "google_compute_url_map" "https" {
name = "satellite-api-https-urlmap-${local.env}"
default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
count = "${local.create_mainnet}"
default_service = data.terraform_remote_state.blc-mainnet.outputs.blc_backend_service_mainnet
count = local.create_mainnet
host_rule {
hosts = ["${var.host}"]
hosts = var.host
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
default_service = data.terraform_remote_state.blc-mainnet.outputs.blc_backend_service_mainnet
path_rule {
paths = ["/*"]
service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
service = data.terraform_remote_state.blc-mainnet.outputs.blc_backend_service_mainnet
}
path_rule {
paths = ["/testnet", "/testnet/*", "/api", "/api/*"]
service = "${data.terraform_remote_state.blc-testnet.blc_backend_service_testnet}"
service = data.terraform_remote_state.blc-testnet.outputs.blc_backend_service_testnet
}
}
}

7
terraform/outputs.tf
View file

@ -1,12 +1,13 @@
# Production only (tor)
output "blc_backend_service_testnet" {
value = "${module.blc-testnet.backend_service}"
value = module.blc-testnet.backend_service
}
output "blc_backend_service_mainnet" {
value = "${module.blc-mainnet.backend_service}"
value = module.blc-mainnet.backend_service
}
output "prom_svc_acct" {
value = "${module.prometheus.prom_svc_acct}"
value = module.prometheus.prom_svc_acct
}

69
terraform/variables.tf
View file

@ -6,28 +6,24 @@ locals {
create_testnet = 0
create_misc = 0
}
"prod" = {
env = "prod"
create_mainnet = 1
create_testnet = 0
create_misc = 0
}
"testnet-staging" = {
env = "staging"
create_mainnet = 0
create_testnet = 1
create_misc = 0
}
"testnet-prod" = {
env = "prod"
create_mainnet = 0
create_testnet = 1
create_misc = 0
}
"misc" = {
env = ""
create_mainnet = 0
@ -36,150 +32,151 @@ locals {
}
}
env = "${lookup(local.context_variables[terraform.workspace], "env")}"
create_mainnet = "${lookup(local.context_variables[terraform.workspace], "create_mainnet")}"
create_testnet = "${lookup(local.context_variables[terraform.workspace], "create_testnet")}"
create_misc = "${lookup(local.context_variables[terraform.workspace], "create_misc")}"
env = local.context_variables[terraform.workspace]["env"]
create_mainnet = local.context_variables[terraform.workspace]["create_mainnet"]
create_testnet = local.context_variables[terraform.workspace]["create_testnet"]
create_misc = local.context_variables[terraform.workspace]["create_misc"]
}
variable "project" {
type = "string"
type = string
default = "satellite-api"
}
variable "name" {
type = "string"
type = string
default = "satapi-tor"
}
variable "create_resources" {
type = "string"
type = string
default = ""
}
variable "ssl_cert" {
type = "list"
type = list(string)
default = ["", ""]
}
variable "rpcuser" {
type = "string"
type = string
default = ""
}
variable "rpcpass" {
type = "string"
type = string
default = ""
}
variable "host" {
type = "list"
type = list(string)
default = ["", ""]
}
variable "space_host" {
type = "string"
type = string
default = ""
}
variable "onion_host" {
type = "string"
type = string
default = ""
}
variable "region" {
type = "string"
type = string
default = ""
}
variable "zone" {
type = "string"
type = string
default = ""
}
variable "instance_type" {
type = "list"
type = list(string)
default = ["", "", ""]
}
variable "timeout" {
type = "string"
type = string
default = 15
}
variable "prom_service_acct" {
type = "string"
type = string
default = ""
}
variable "prom_allowed_source_ip" {
type = "string"
type = string
default = ""
}
variable "opsgenie_key" {
type = "string"
type = string
default = ""
}
variable "satellite_lb" {
type = "string"
type = string
default = ""
}
variable "satellite_api_lb" {
type = "string"
type = string
default = ""
}
variable "satellite_api_lb_staging" {
type = "string"
type = string
default = ""
}
# Overwritten by CI
variable "ionosphere_docker" {
type = "string"
type = string
default = ""
}
variable "ionosphere_sse_docker" {
type = "string"
type = string
default = ""
}
# Less frequently updated images
variable "bitcoin_docker" {
type = "string"
type = string
default = "blockstream/bitcoind@sha256:91ba0790a0080a99a529e73ef9b14e2d6cf0a30f81d54bfa3729bb47b105b36c"
}
variable "lightning_docker" {
type = "string"
type = string
default = "blockstream/lightningd@sha256:b577dcb8d00ec4bc340884a26f5dfffb7be25dcc4ece48b7e465b3238944ec2c"
}
variable "charge_docker" {
type = "string"
type = string
default = "blockstream/charged@sha256:0d49c1202b8b718b5a93f7e82509d3d724f9d18ff6c14376347f67866ac47ff8"
}
variable "tor_docker" {
type = "string"
type = string
default = "blockstream/tor@sha256:f4d1373cde79fd79b467d2d6da88e37b0da137924bc10ae2d51a83c686c2c125"
}
variable "node_exporter_docker" {
type = "string"
type = string
default = "prom/node-exporter@sha256:55302581333c43d540db0e144cf9e7735423117a733cdec27716d87254221086"
}
variable "prom_docker" {
type = "string"
type = string
default = "blockstream/prometheus@sha256:cab8c2359ab187aa6c9e9c7fcfcc3060b62742417030a77862c747e091d3c6d6"
}
variable "gcloud_docker" {
type = "string"
type = string
default = "google/cloud-sdk@sha256:78e68a98c5d6aa36eca45099bae38a1544a1688fd16b506fb914a29fdf6e4afa"
}