Merge pull request #933 from near/add-disk-persistance

FIX: allowed boot disk to be reused when VM is rebuilt
near · Nov 21, 2024 · 22fd7b9 · 22fd7b9
2 parents dce63db + f3af774
commit 22fd7b9
Show file tree

Hide file tree

Showing 16 changed files with 325 additions and 214 deletions.
diff --git a/infra/modules/mig_template/main.tf b/infra/modules/mig_template/main.tf
@@ -3,17 +3,17 @@
 #########
 
 locals {
-  source_image         = var.source_image != "" ? var.source_image : "centos-7-v20201112"
-  source_image_family  = var.source_image_family != "" ? var.source_image_family : "centos-7"
-  source_image_project = var.source_image_project != "" ? var.source_image_project : "centos-cloud"
 
   boot_disk = [
     {
-      source_image = var.source_image != "" ? format("${local.source_image_project}/${local.source_image}") : format("${local.source_image_project}/${local.source_image_family}")
+      source_image = var.source_image
       disk_size_gb = var.disk_size_gb
       disk_type    = var.disk_type
       disk_labels  = var.disk_labels
       auto_delete  = var.auto_delete
+      device_name  = var.device_name
+      interface    = var.interface
+      mode         = var.mode
       boot         = "true"
     },
   ]
@@ -156,7 +156,7 @@ resource "google_compute_instance_template" "tpl" {
 
   lifecycle {
     create_before_destroy = "true"
-    ignore_changes = [ disk[0].source_image, labels ]
+    ignore_changes        = [disk[0].source_image, labels]
   }
 
   scheduling {

diff --git a/infra/modules/mig_template/variables.tf b/infra/modules/mig_template/variables.tf
@@ -104,19 +104,21 @@ variable "resource_policies" {
 variable "source_image" {
   description = "Source disk image. If neither source_image nor source_image_family is specified, defaults to the latest public CentOS image."
   type        = string
-  default     = ""
 }
 
-variable "source_image_family" {
-  description = "Source image family. If neither source_image nor source_image_family is specified, defaults to the latest public CentOS image."
-  type        = string
-  default     = "centos-7"
+variable "device_name" {
+  description = "Disk device name"
+  default     = "persistent-disk-0"
 }
 
-variable "source_image_project" {
-  description = "Project where the source image comes from. The default project contains CentOS images."
-  type        = string
-  default     = "centos-cloud"
+variable "interface" {
+  default     = "SCSI"
+  description = "Interface type of the boot disk"
+}
+
+variable "mode" {
+  default     = "READ_WRITE"
+  description = "Boot disk mode"
 }
 
 variable "disk_size_gb" {
@@ -146,7 +148,7 @@ variable "disk_encryption_key" {
 variable "auto_delete" {
   description = "Whether or not the boot disk should be auto-deleted"
   type        = string
-  default     = "true"
+  default     = "false"
 }
 
 variable "additional_disks" {

diff --git a/infra/multichain-dev/main.tf b/infra/multichain-dev/main.tf
@@ -19,13 +19,13 @@ module "gce-container" {
   container = {
     image = "europe-west1-docker.pkg.dev/near-cs-dev/multichain-public/multichain-dev:latest"
 
-    port  = "3000"
+    port = "3000"
 
     volumeMounts = [
       {
         mountPath = "/data"
-        name = "host-path"
-        readOnly = false
+        name      = "host-path"
+        readOnly  = false
       }
     ]
 
@@ -75,20 +75,20 @@ module "gce-container" {
         value = var.env
       },
       {
-        name = "MPC_REDIS_URL",
+        name  = "MPC_REDIS_URL",
         value = var.redis_url
       }
     ])
   }
 
   volumes = [
-      {
-        name = "host-path"
-        hostPath = {
-          path = "/var/redis"
-        }
+    {
+      name = "host-path"
+      hostPath = {
+        path = "/var/redis"
       }
-    ]
+    }
+  ]
 }
 
 resource "google_service_account" "service_account" {
@@ -131,14 +131,12 @@ module "mig_template" {
     email  = google_service_account.service_account.email,
     scopes = ["cloud-platform"]
   }
-  name_prefix          = "multichain-${count.index}"
-  source_image_family  = "cos-113-lts"
-  source_image_project = "cos-cloud"
-  machine_type         = "e2-medium"
+  name_prefix  = "multichain-${count.index}"
+  machine_type = "e2-medium"
 
   startup_script = "docker rm watchtower ; docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --debug --interval 30"
 
-  source_image = reverse(split("/", module.gce-container[count.index].source_image))[0]
+  source_image = var.source_image
   metadata     = merge(var.additional_metadata, { "gce-container-declaration" = module.gce-container["${count.index}"].metadata_value })
   tags = [
     "multichain"

diff --git a/infra/multichain-dev/variables.tf b/infra/multichain-dev/variables.tf
@@ -16,6 +16,11 @@ variable "mig_name" {
   default     = "mpc-mig"
 }
 
+variable "source_image" {
+  type    = string
+  default = "projects/cos-cloud/global/images/cos-stable-117-18613-75-37"
+}
+
 variable "image" {
   description = "The Docker image to deploy to GCE instances"
   type        = string
@@ -79,10 +84,6 @@ variable "env" {
   default = "dev"
 }
 
-variable "redis_url" {
-  type = string
-  default = "redis://127.0.0.1:6379"
-}
 
 variable "static_env" {
   type = list(object({
@@ -92,7 +93,7 @@ variable "static_env" {
   default = [
     {
       name  = "MPC_NEAR_RPC"
-      value = "https://rpc.testnet.near.org"
+      value = "https://rpc.testnet.fastnear.com"
     },
     {
       name  = "MPC_CONTRACT_ID"
@@ -104,7 +105,7 @@ variable "static_env" {
     },
     {
       name  = "MPC_INDEXER_START_BLOCK_HEIGHT"
-      value = 178736306
+      value = 180133172
     },
     {
       name  = "AWS_DEFAULT_REGION"
@@ -130,6 +131,6 @@ variable "static_env" {
 }
 
 variable "redis_url" {
-  type = string
+  type    = string
   default = "redis://127.0.0.1:6379"
 }
diff --git a/infra/multichain-mainnet/main.tf b/infra/multichain-mainnet/main.tf
@@ -15,8 +15,16 @@ module "gce-container" {
 
   container = {
     image = var.image
-    args  = ["start"]
-    port  = "3000"
+
+    port = "3000"
+
+    volumeMounts = [
+      {
+        mountPath = "/data"
+        name      = "host-path"
+        readOnly  = false
+      }
+    ]
 
     env = concat(var.static_env, [
       {
@@ -56,15 +64,28 @@ module "gce-container" {
         value = "https://${var.node_configs[count.index].domain}"
       },
       {
-        name = "MPC_SK_SHARE_SECRET_ID"
+        name  = "MPC_SK_SHARE_SECRET_ID"
         value = var.node_configs["${count.index}"].sk_share_secret_id
       },
       {
-        name = "MPC_ENV",
+        name  = "MPC_ENV",
         value = var.env
+      },
+      {
+        name  = "MPC_REDIS_URL",
+        value = var.redis_url
       }
     ])
   }
+
+  volumes = [
+    {
+      name = "host-path"
+      hostPath = {
+        path = "/var/redis"
+      }
+    }
+  ]
 }
 
 resource "google_service_account" "service_account" {
@@ -74,11 +95,11 @@ resource "google_service_account" "service_account" {
 
 resource "google_project_iam_member" "sa-roles" {
   for_each = toset([
-      "roles/datastore.user",
-      "roles/secretmanager.admin",
-      "roles/storage.objectAdmin",
-      "roles/iam.serviceAccountAdmin",
-      "roles/logging.logWriter"
+    "roles/datastore.user",
+    "roles/secretmanager.admin",
+    "roles/storage.objectAdmin",
+    "roles/iam.serviceAccountAdmin",
+    "roles/logging.logWriter"
   ])
 
   role    = each.key
@@ -98,7 +119,7 @@ resource "google_compute_global_address" "external_ips" {
 
 resource "google_compute_managed_ssl_certificate" "mainnet_ssl" {
   count = length(var.node_configs)
-  name = "multichain-mainnet-ssl-${count.index}"
+  name  = "multichain-mainnet-ssl-${count.index}"
 
   managed {
     domains = [var.node_configs[count.index].domain]
@@ -115,14 +136,12 @@ module "ig_template" {
     email  = google_service_account.service_account.email,
     scopes = ["cloud-platform"]
   }
-  name_prefix          = "multichain-mainnet-${count.index}"
-  source_image_family  = "cos-113-lts"
-  source_image_project = "cos-cloud"
-  machine_type         = "n2d-standard-2"
+  name_prefix  = "multichain-mainnet-${count.index}"
+  machine_type = "n2d-standard-2"
 
   startup_script = "docker rm watchtower ; docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --debug --interval 30"
 
-  source_image = reverse(split("/", module.gce-container[count.index].source_image))[0]
+  source_image = var.source_image
   metadata     = merge(var.additional_metadata, { "gce-container-declaration" = module.gce-container["${count.index}"].metadata_value })
   tags = [
     "multichain"
@@ -163,38 +182,38 @@ resource "google_compute_health_check" "multichain_healthcheck" {
 }
 
 resource "google_compute_global_forwarding_rule" "http_fw" {
-  count      = length(var.node_configs)
-  name       = "multichain-mainnet-http-rule-${count.index}"
-  target     = google_compute_target_http_proxy.default[count.index].id
-  port_range = "80"
-  ip_protocol = "TCP"
+  count                 = length(var.node_configs)
+  name                  = "multichain-mainnet-http-rule-${count.index}"
+  target                = google_compute_target_http_proxy.default[count.index].id
+  port_range            = "80"
+  ip_protocol           = "TCP"
   load_balancing_scheme = "EXTERNAL"
-  ip_address = google_compute_global_address.external_ips[count.index].address
+  ip_address            = google_compute_global_address.external_ips[count.index].address
 }
 
 resource "google_compute_global_forwarding_rule" "https_fw" {
-  count      = length(var.node_configs)
-  name       = "multichain-mainnet-https-rule-${count.index}"
-  target     = google_compute_target_https_proxy.default_https[count.index].id
-  port_range = "443"
-  ip_protocol = "TCP"
+  count                 = length(var.node_configs)
+  name                  = "multichain-mainnet-https-rule-${count.index}"
+  target                = google_compute_target_https_proxy.default_https[count.index].id
+  port_range            = "443"
+  ip_protocol           = "TCP"
   load_balancing_scheme = "EXTERNAL"
-  ip_address = google_compute_global_address.external_ips[count.index].address
+  ip_address            = google_compute_global_address.external_ips[count.index].address
 }
 
 resource "google_compute_target_http_proxy" "default" {
-  count      = length(var.node_configs)
+  count       = length(var.node_configs)
   name        = "multichain-mainnet-http-target-proxy-${count.index}"
   description = "a description"
   url_map     = google_compute_url_map.redirect_default[count.index].id
 }
 
 resource "google_compute_target_https_proxy" "default_https" {
-  count      = length(var.node_configs)
-  name        = "multichain-mainnet-https-target-proxy-${count.index}"
-  description = "a description"
-  ssl_certificates = [ google_compute_managed_ssl_certificate.mainnet_ssl[count.index].self_link ]
-  url_map     = google_compute_url_map.default[count.index].id
+  count            = length(var.node_configs)
+  name             = "multichain-mainnet-https-target-proxy-${count.index}"
+  description      = "a description"
+  ssl_certificates = [google_compute_managed_ssl_certificate.mainnet_ssl[count.index].self_link]
+  url_map          = google_compute_url_map.default[count.index].id
 }
 
 resource "google_compute_url_map" "default" {
@@ -204,8 +223,8 @@ resource "google_compute_url_map" "default" {
 }
 
 resource "google_compute_url_map" "redirect_default" {
-  count           = length(var.node_configs)
-  name            = "multichain-mainnet-redirect-url-map-${count.index}"
+  count = length(var.node_configs)
+  name  = "multichain-mainnet-redirect-url-map-${count.index}"
   default_url_redirect {
     strip_query    = false
     https_redirect = true
@@ -218,7 +237,7 @@ resource "google_compute_backend_service" "multichain_backend" {
   load_balancing_scheme = "EXTERNAL"
 
   log_config {
-    enable = true
+    enable      = true
     sample_rate = 0.5
   }
   backend {