From 08726442622c19133df586b4d1bb166776e33e9e Mon Sep 17 00:00:00 2001 From: auto-mausx Date: Thu, 21 Nov 2024 13:37:28 -0700 Subject: [PATCH 1/2] allowed boot disk to be reused when VM is rebuilt --- infra/modules/mig_template/main.tf | 10 +-- infra/modules/mig_template/variables.tf | 22 +++--- infra/multichain-dev/main.tf | 28 ++++--- infra/multichain-dev/variables.tf | 15 ++-- infra/multichain-mainnet/main.tf | 66 ++++++++-------- infra/multichain-mainnet/variables.tf | 13 +++- infra/multichain-testnet/main.tf | 18 ++--- infra/multichain-testnet/variables.tf | 9 ++- infra/partner-mainnet/main.tf | 20 +++-- infra/partner-mainnet/network.tf | 78 +++++++++---------- .../terraform-mainnet-example.tfvars | 18 ++--- infra/partner-mainnet/variables.tf | 7 +- infra/partner-testnet/main.tf | 12 ++- infra/partner-testnet/network.tf | 78 +++++++++---------- .../terraform-testnet-example.tfvars | 18 ++--- infra/partner-testnet/variables.tf | 5 ++ 16 files changed, 215 insertions(+), 202 deletions(-) diff --git a/infra/modules/mig_template/main.tf b/infra/modules/mig_template/main.tf index 2ce1def6c..cc4b991a4 100644 --- a/infra/modules/mig_template/main.tf +++ b/infra/modules/mig_template/main.tf @@ -3,17 +3,17 @@ ######### locals { - source_image = var.source_image != "" ? var.source_image : "centos-7-v20201112" - source_image_family = var.source_image_family != "" ? var.source_image_family : "centos-7" - source_image_project = var.source_image_project != "" ? var.source_image_project : "centos-cloud" boot_disk = [ { - source_image = var.source_image != "" ? format("${local.source_image_project}/${local.source_image}") : format("${local.source_image_project}/${local.source_image_family}") + source_image = var.source_image disk_size_gb = var.disk_size_gb disk_type = var.disk_type disk_labels = var.disk_labels auto_delete = var.auto_delete + device_name = var.device_name + interface = var.interface + mode = var.mode boot = "true" }, ] @@ -156,7 +156,7 @@ resource "google_compute_instance_template" "tpl" { lifecycle { create_before_destroy = "true" - ignore_changes = [ disk[0].source_image, labels ] + ignore_changes = [disk[0].source_image, labels] } scheduling { diff --git a/infra/modules/mig_template/variables.tf b/infra/modules/mig_template/variables.tf index 65c977b62..e0c0c3d76 100644 --- a/infra/modules/mig_template/variables.tf +++ b/infra/modules/mig_template/variables.tf @@ -104,19 +104,21 @@ variable "resource_policies" { variable "source_image" { description = "Source disk image. If neither source_image nor source_image_family is specified, defaults to the latest public CentOS image." type = string - default = "" } -variable "source_image_family" { - description = "Source image family. If neither source_image nor source_image_family is specified, defaults to the latest public CentOS image." - type = string - default = "centos-7" +variable "device_name" { + description = "Disk device name" + default = "persistent-disk-0" } -variable "source_image_project" { - description = "Project where the source image comes from. The default project contains CentOS images." - type = string - default = "centos-cloud" +variable "interface" { + default = "SCSI" + description = "Interface type of the boot disk" +} + +variable "mode" { + default = "READ_WRITE" + description = "Boot disk mode" } variable "disk_size_gb" { @@ -146,7 +148,7 @@ variable "disk_encryption_key" { variable "auto_delete" { description = "Whether or not the boot disk should be auto-deleted" type = string - default = "true" + default = "false" } variable "additional_disks" { diff --git a/infra/multichain-dev/main.tf b/infra/multichain-dev/main.tf index e78ece0f5..6ff42f1af 100644 --- a/infra/multichain-dev/main.tf +++ b/infra/multichain-dev/main.tf @@ -19,13 +19,13 @@ module "gce-container" { container = { image = "europe-west1-docker.pkg.dev/near-cs-dev/multichain-public/multichain-dev:latest" - port = "3000" + port = "3000" volumeMounts = [ { mountPath = "/data" - name = "host-path" - readOnly = false + name = "host-path" + readOnly = false } ] @@ -75,20 +75,20 @@ module "gce-container" { value = var.env }, { - name = "MPC_REDIS_URL", + name = "MPC_REDIS_URL", value = var.redis_url } ]) } volumes = [ - { - name = "host-path" - hostPath = { - path = "/var/redis" - } + { + name = "host-path" + hostPath = { + path = "/var/redis" } - ] + } + ] } resource "google_service_account" "service_account" { @@ -131,14 +131,12 @@ module "mig_template" { email = google_service_account.service_account.email, scopes = ["cloud-platform"] } - name_prefix = "multichain-${count.index}" - source_image_family = "cos-113-lts" - source_image_project = "cos-cloud" - machine_type = "e2-medium" + name_prefix = "multichain-${count.index}" + machine_type = "e2-medium" startup_script = "docker rm watchtower ; docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --debug --interval 30" - source_image = reverse(split("/", module.gce-container[count.index].source_image))[0] + source_image = var.source_image metadata = merge(var.additional_metadata, { "gce-container-declaration" = module.gce-container["${count.index}"].metadata_value }) tags = [ "multichain" diff --git a/infra/multichain-dev/variables.tf b/infra/multichain-dev/variables.tf index 6409c4101..2035e3243 100644 --- a/infra/multichain-dev/variables.tf +++ b/infra/multichain-dev/variables.tf @@ -16,6 +16,11 @@ variable "mig_name" { default = "mpc-mig" } +variable "source_image" { + type = string + default = "projects/cos-cloud/global/images/cos-stable-117-18613-75-37" +} + variable "image" { description = "The Docker image to deploy to GCE instances" type = string @@ -79,10 +84,6 @@ variable "env" { default = "dev" } -variable "redis_url" { - type = string - default = "redis://127.0.0.1:6379" -} variable "static_env" { type = list(object({ @@ -92,7 +93,7 @@ variable "static_env" { default = [ { name = "MPC_NEAR_RPC" - value = "https://rpc.testnet.near.org" + value = "https://rpc.testnet.fastnear.com" }, { name = "MPC_CONTRACT_ID" @@ -104,7 +105,7 @@ variable "static_env" { }, { name = "MPC_INDEXER_START_BLOCK_HEIGHT" - value = 178736306 + value = 180133172 }, { name = "AWS_DEFAULT_REGION" @@ -130,6 +131,6 @@ variable "static_env" { } variable "redis_url" { - type = string + type = string default = "redis://127.0.0.1:6379" } diff --git a/infra/multichain-mainnet/main.tf b/infra/multichain-mainnet/main.tf index d0af8c538..075f377ea 100644 --- a/infra/multichain-mainnet/main.tf +++ b/infra/multichain-mainnet/main.tf @@ -56,11 +56,11 @@ module "gce-container" { value = "https://${var.node_configs[count.index].domain}" }, { - name = "MPC_SK_SHARE_SECRET_ID" + name = "MPC_SK_SHARE_SECRET_ID" value = var.node_configs["${count.index}"].sk_share_secret_id }, { - name = "MPC_ENV", + name = "MPC_ENV", value = var.env } ]) @@ -74,11 +74,11 @@ resource "google_service_account" "service_account" { resource "google_project_iam_member" "sa-roles" { for_each = toset([ - "roles/datastore.user", - "roles/secretmanager.admin", - "roles/storage.objectAdmin", - "roles/iam.serviceAccountAdmin", - "roles/logging.logWriter" + "roles/datastore.user", + "roles/secretmanager.admin", + "roles/storage.objectAdmin", + "roles/iam.serviceAccountAdmin", + "roles/logging.logWriter" ]) role = each.key @@ -98,7 +98,7 @@ resource "google_compute_global_address" "external_ips" { resource "google_compute_managed_ssl_certificate" "mainnet_ssl" { count = length(var.node_configs) - name = "multichain-mainnet-ssl-${count.index}" + name = "multichain-mainnet-ssl-${count.index}" managed { domains = [var.node_configs[count.index].domain] @@ -115,14 +115,12 @@ module "ig_template" { email = google_service_account.service_account.email, scopes = ["cloud-platform"] } - name_prefix = "multichain-mainnet-${count.index}" - source_image_family = "cos-113-lts" - source_image_project = "cos-cloud" - machine_type = "n2d-standard-2" + name_prefix = "multichain-mainnet-${count.index}" + machine_type = "n2d-standard-2" startup_script = "docker rm watchtower ; docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --debug --interval 30" - source_image = reverse(split("/", module.gce-container[count.index].source_image))[0] + source_image = var.source_image metadata = merge(var.additional_metadata, { "gce-container-declaration" = module.gce-container["${count.index}"].metadata_value }) tags = [ "multichain" @@ -163,38 +161,38 @@ resource "google_compute_health_check" "multichain_healthcheck" { } resource "google_compute_global_forwarding_rule" "http_fw" { - count = length(var.node_configs) - name = "multichain-mainnet-http-rule-${count.index}" - target = google_compute_target_http_proxy.default[count.index].id - port_range = "80" - ip_protocol = "TCP" + count = length(var.node_configs) + name = "multichain-mainnet-http-rule-${count.index}" + target = google_compute_target_http_proxy.default[count.index].id + port_range = "80" + ip_protocol = "TCP" load_balancing_scheme = "EXTERNAL" - ip_address = google_compute_global_address.external_ips[count.index].address + ip_address = google_compute_global_address.external_ips[count.index].address } resource "google_compute_global_forwarding_rule" "https_fw" { - count = length(var.node_configs) - name = "multichain-mainnet-https-rule-${count.index}" - target = google_compute_target_https_proxy.default_https[count.index].id - port_range = "443" - ip_protocol = "TCP" + count = length(var.node_configs) + name = "multichain-mainnet-https-rule-${count.index}" + target = google_compute_target_https_proxy.default_https[count.index].id + port_range = "443" + ip_protocol = "TCP" load_balancing_scheme = "EXTERNAL" - ip_address = google_compute_global_address.external_ips[count.index].address + ip_address = google_compute_global_address.external_ips[count.index].address } resource "google_compute_target_http_proxy" "default" { - count = length(var.node_configs) + count = length(var.node_configs) name = "multichain-mainnet-http-target-proxy-${count.index}" description = "a description" url_map = google_compute_url_map.redirect_default[count.index].id } resource "google_compute_target_https_proxy" "default_https" { - count = length(var.node_configs) - name = "multichain-mainnet-https-target-proxy-${count.index}" - description = "a description" - ssl_certificates = [ google_compute_managed_ssl_certificate.mainnet_ssl[count.index].self_link ] - url_map = google_compute_url_map.default[count.index].id + count = length(var.node_configs) + name = "multichain-mainnet-https-target-proxy-${count.index}" + description = "a description" + ssl_certificates = [google_compute_managed_ssl_certificate.mainnet_ssl[count.index].self_link] + url_map = google_compute_url_map.default[count.index].id } resource "google_compute_url_map" "default" { @@ -204,8 +202,8 @@ resource "google_compute_url_map" "default" { } resource "google_compute_url_map" "redirect_default" { - count = length(var.node_configs) - name = "multichain-mainnet-redirect-url-map-${count.index}" + count = length(var.node_configs) + name = "multichain-mainnet-redirect-url-map-${count.index}" default_url_redirect { strip_query = false https_redirect = true @@ -218,7 +216,7 @@ resource "google_compute_backend_service" "multichain_backend" { load_balancing_scheme = "EXTERNAL" log_config { - enable = true + enable = true sample_rate = 0.5 } backend { diff --git a/infra/multichain-mainnet/variables.tf b/infra/multichain-mainnet/variables.tf index 0cbf4c800..0d4a699af 100644 --- a/infra/multichain-mainnet/variables.tf +++ b/infra/multichain-mainnet/variables.tf @@ -20,6 +20,11 @@ variable "image" { default = "us-east1-docker.pkg.dev/near-cs-mainnet/multichain-public/multichain-mainnet:latest" } +variable "source_image" { + type = string + default = "projects/cos-cloud/global/images/cos-stable-117-18613-75-37" +} + variable "image_port" { description = "The port the image exposes for HTTP requests" type = number @@ -43,8 +48,8 @@ variable "network" { variable "additional_metadata" { type = map(any) description = "Additional metadata to attach to the instance" - default = { - cos-update-strategy: "update_enabled" + default = { + cos-update-strategy : "update_enabled" } } @@ -77,7 +82,7 @@ variable "node_configs" { } variable "env" { - type = string + type = string default = "mainnet" } @@ -132,5 +137,5 @@ variable "static_env" { variable "domain" { description = "DNS name for your node" - default = null + default = null } \ No newline at end of file diff --git a/infra/multichain-testnet/main.tf b/infra/multichain-testnet/main.tf index 27b6a032e..7993d1727 100644 --- a/infra/multichain-testnet/main.tf +++ b/infra/multichain-testnet/main.tf @@ -78,11 +78,11 @@ resource "google_service_account" "service_account" { resource "google_project_iam_member" "sa-roles" { for_each = toset([ - "roles/datastore.user", - "roles/secretmanager.admin", - "roles/storage.objectAdmin", - "roles/iam.serviceAccountAdmin", - "roles/logging.logWriter" + "roles/datastore.user", + "roles/secretmanager.admin", + "roles/storage.objectAdmin", + "roles/iam.serviceAccountAdmin", + "roles/logging.logWriter" ]) role = each.key @@ -106,14 +106,12 @@ module "ig_template" { email = google_service_account.service_account.email, scopes = ["cloud-platform"] } - name_prefix = "multichain-testnet-${count.index}" - source_image_family = "cos-113-lts" - source_image_project = "cos-cloud" - machine_type = "n2d-standard-2" + name_prefix = "multichain-testnet-${count.index}" + machine_type = "n2d-standard-2" startup_script = "docker rm watchtower ; docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --debug --interval 30" - source_image = reverse(split("/", module.gce-container[count.index].source_image))[0] + source_image = var.source_image metadata = merge(var.additional_metadata, { "gce-container-declaration" = module.gce-container["${count.index}"].metadata_value }) tags = [ "multichain" diff --git a/infra/multichain-testnet/variables.tf b/infra/multichain-testnet/variables.tf index 974171904..ea550fd0e 100644 --- a/infra/multichain-testnet/variables.tf +++ b/infra/multichain-testnet/variables.tf @@ -20,6 +20,11 @@ variable "image" { default = "europe-west1-docker.pkg.dev/near-cs-testnet/multichain-public/multichain-testnet:latest" } +variable "source_image" { + type = string + default = "projects/cos-cloud/global/images/cos-stable-117-18613-75-37" +} + variable "image_port" { description = "The port the image exposes for HTTP requests" type = number @@ -43,8 +48,8 @@ variable "network" { variable "additional_metadata" { type = map(any) description = "Additional metadata to attach to the instance" - default = { - cos-update-strategy: "update_enabled" + default = { + cos-update-strategy : "update_enabled" } } diff --git a/infra/partner-mainnet/main.tf b/infra/partner-mainnet/main.tf index 8f15b1bb0..9839bb954 100644 --- a/infra/partner-mainnet/main.tf +++ b/infra/partner-mainnet/main.tf @@ -6,7 +6,7 @@ provider "google-beta" { } resource "google_compute_project_metadata_item" "project_logging" { - key = "google-logging-enabled" + key = "google-logging-enabled" value = "true" } module "gce-container" { @@ -82,9 +82,9 @@ resource "google_project_iam_member" "sa-roles" { "roles/logging.logWriter", ]) - role = each.key - member = "serviceAccount:${google_service_account.service_account.email}" - project = var.project_id + role = each.key + member = "serviceAccount:${google_service_account.service_account.email}" + project = var.project_id } resource "google_compute_global_address" "external_ips" { @@ -116,14 +116,12 @@ module "ig_template" { email = google_service_account.service_account.email, scopes = ["cloud-platform"] } - name_prefix = "multichain-partner-mainnet-${count.index}" - source_image_family = "cos-113-lts" - source_image_project = "cos-cloud" - machine_type = "n2d-standard-2" + name_prefix = "multichain-partner-mainnet-${count.index}" + machine_type = "n2d-standard-2" startup_script = "docker rm watchtower ; docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --debug --interval 30" - source_image = reverse(split("/", module.gce-container[count.index].source_image))[0] + source_image = var.source_image metadata = merge(var.additional_metadata, { "gce-container-declaration" = module.gce-container["${count.index}"].metadata_value }) tags = [ "multichain", @@ -214,10 +212,10 @@ resource "google_compute_backend_service" "multichain_backend" { count = length(var.node_configs) name = "multichain-partner-mainnet-backend-service-${count.index}" load_balancing_scheme = "EXTERNAL" - + log_config { - enable = true + enable = true sample_rate = 0.5 } backend { diff --git a/infra/partner-mainnet/network.tf b/infra/partner-mainnet/network.tf index a48189add..c05a91c55 100644 --- a/infra/partner-mainnet/network.tf +++ b/infra/partner-mainnet/network.tf @@ -1,44 +1,44 @@ module "vpc" { - count = var.create_network ? 1 : 0 - source = "terraform-google-modules/network/google" - version = "~> 9.0" + count = var.create_network ? 1 : 0 + source = "terraform-google-modules/network/google" + version = "~> 9.0" - project_id = var.project_id - network_name = var.network - routing_mode = "GLOBAL" + project_id = var.project_id + network_name = var.network + routing_mode = "GLOBAL" - subnets = [ - { - subnet_name = var.subnetwork - subnet_ip = "10.10.10.0/24" - subnet_region = var.region - } - ] + subnets = [ + { + subnet_name = var.subnetwork + subnet_ip = "10.10.10.0/24" + subnet_region = var.region + } + ] - routes = [ + routes = [ + { + name = "egress-internet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + } + ] + + ingress_rules = [ + { + name = "allow-iap-ssh" + description = "this rule allows you to connect to your VM via SSH without port 22 being public" + source_ranges = ["35.235.240.0/20"] + target_tags = ["allow-ssh"] + allow = [ { - name = "egress-internet" - description = "route through IGW to access internet" - destination_range = "0.0.0.0/0" - tags = "egress-inet" - next_hop_internet = "true" + protocol = "tcp", + ports = ["22"] } - ] - - ingress_rules = [ - { - name = "allow-iap-ssh" - description = "this rule allows you to connect to your VM via SSH without port 22 being public" - source_ranges = [ "35.235.240.0/20" ] - target_tags = [ "allow-ssh" ] - allow = [ - { - protocol = "tcp", - ports = ["22"] - } - ] - }, - ] + ] + }, + ] } resource "google_compute_router" "router" { @@ -50,10 +50,10 @@ resource "google_compute_router" "router" { } resource "google_compute_router_nat" "nat" { - count = var.create_network ? 1 : 0 - name = "nat" - router = google_compute_router.router[count.index].name - region = var.region + count = var.create_network ? 1 : 0 + name = "nat" + router = google_compute_router.router[count.index].name + region = var.region nat_ip_allocate_option = "AUTO_ONLY" source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES" } \ No newline at end of file diff --git a/infra/partner-mainnet/terraform-mainnet-example.tfvars b/infra/partner-mainnet/terraform-mainnet-example.tfvars index 58f89c8ac..6a18c6efe 100644 --- a/infra/partner-mainnet/terraform-mainnet-example.tfvars +++ b/infra/partner-mainnet/terraform-mainnet-example.tfvars @@ -1,16 +1,16 @@ -env = "mainnet" -project_id = "" -network = "default" -subnetwork = "default" -image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-prod/multichain-public/multichain-mainnet:latest" -region = "europe-west1" -zone = "europe-west1-b" +env = "mainnet" +project_id = "" +network = "default" +subnetwork = "default" +image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-prod/multichain-public/multichain-mainnet:latest" +region = "europe-west1" +zone = "europe-west1-b" # These will be specific to your node node_configs = [ { # Each node has a unique account ID - account = "{your_near_account_id}" - cipher_pk = "" + account = "{your_near_account_id}" + cipher_pk = "" # These 3 values below should match your secret names in google secrets manager account_sk_secret_id = "multichain-account-sk-mainnet-0" cipher_sk_secret_id = "multichain-cipher-sk-mainnet-0" diff --git a/infra/partner-mainnet/variables.tf b/infra/partner-mainnet/variables.tf index da8c63d12..ee636ded2 100644 --- a/infra/partner-mainnet/variables.tf +++ b/infra/partner-mainnet/variables.tf @@ -20,6 +20,11 @@ variable "image" { default = "us-east1-docker.pkg.dev/pagoda-discovery-platform-prod/multichain-public/multichain-mainnet:latest" } +variable "source_image" { + type = string + default = "projects/cos-cloud/global/images/cos-stable-117-18613-75-37" +} + variable "image_port" { description = "The port the image exposes for HTTP requests" type = number @@ -137,5 +142,5 @@ variable "create_network" { variable "domain" { description = "DNS name for your node" - default = "" + default = "" } diff --git a/infra/partner-testnet/main.tf b/infra/partner-testnet/main.tf index 28367b919..1b4da0a80 100644 --- a/infra/partner-testnet/main.tf +++ b/infra/partner-testnet/main.tf @@ -6,7 +6,7 @@ provider "google-beta" { } resource "google_compute_project_metadata_item" "project_logging" { - key = "google-logging-enabled" + key = "google-logging-enabled" value = "true" } module "gce-container" { @@ -82,7 +82,7 @@ resource "google_project_iam_member" "sa-roles" { "roles/logging.logWriter", ]) - role = each.key + role = each.key member = "serviceAccount:${google_service_account.service_account.email}" project = var.project_id } @@ -103,14 +103,12 @@ module "ig_template" { email = google_service_account.service_account.email, scopes = ["cloud-platform"] } - name_prefix = "multichain-partner-${count.index}" - source_image_family = "cos-stable" - source_image_project = "cos-cloud" - machine_type = "n2d-standard-2" + name_prefix = "multichain-partner-${count.index}" + machine_type = "n2d-standard-2" startup_script = "docker rm watchtower ; docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --debug --interval 30" - source_image = reverse(split("/", module.gce-container[count.index].source_image))[0] + source_image = var.source_image metadata = merge(var.additional_metadata, { "gce-container-declaration" = module.gce-container["${count.index}"].metadata_value }) tags = [ "multichain", diff --git a/infra/partner-testnet/network.tf b/infra/partner-testnet/network.tf index 8f82f6859..247dc314a 100644 --- a/infra/partner-testnet/network.tf +++ b/infra/partner-testnet/network.tf @@ -1,44 +1,44 @@ module "vpc" { - count = var.create_network ? 1 : 0 - source = "terraform-google-modules/network/google" - version = "~> 9.0" + count = var.create_network ? 1 : 0 + source = "terraform-google-modules/network/google" + version = "~> 9.0" - project_id = var.project_id - network_name = var.network - routing_mode = "GLOBAL" + project_id = var.project_id + network_name = var.network + routing_mode = "GLOBAL" - subnets = [ - { - subnet_name = var.subnetwork - subnet_ip = "10.10.10.0/24" - subnet_region = var.region - } - ] + subnets = [ + { + subnet_name = var.subnetwork + subnet_ip = "10.10.10.0/24" + subnet_region = var.region + } + ] - routes = [ + routes = [ + { + name = "egress-internet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + } + ] + + ingress_rules = [ + { + name = "allow-iap-ssh" + description = "this rule allows you to connect to your VM via SSH without port 22 being public" + source_ranges = ["35.235.240.0/20"] + target_tags = ["allow-ssh"] + allow = [ { - name = "egress-internet" - description = "route through IGW to access internet" - destination_range = "0.0.0.0/0" - tags = "egress-inet" - next_hop_internet = "true" + protocol = "tcp", + ports = ["22"] } - ] - - ingress_rules = [ - { - name = "allow-iap-ssh" - description = "this rule allows you to connect to your VM via SSH without port 22 being public" - source_ranges = [ "35.235.240.0/20" ] - target_tags = [ "allow-ssh" ] - allow = [ - { - protocol = "tcp", - ports = ["22"] - } - ] - }, - ] + ] + }, + ] } resource "google_compute_router" "router" { @@ -49,9 +49,9 @@ resource "google_compute_router" "router" { } resource "google_compute_router_nat" "nat" { - name = "nat" - router = google_compute_router.router.name - region = var.region - nat_ip_allocate_option = "AUTO_ONLY" + name = "nat" + router = google_compute_router.router.name + region = var.region + nat_ip_allocate_option = "AUTO_ONLY" source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES" } \ No newline at end of file diff --git a/infra/partner-testnet/terraform-testnet-example.tfvars b/infra/partner-testnet/terraform-testnet-example.tfvars index cb376f12f..6ca49ff8e 100644 --- a/infra/partner-testnet/terraform-testnet-example.tfvars +++ b/infra/partner-testnet/terraform-testnet-example.tfvars @@ -1,16 +1,16 @@ -env = "testnet" -project_id = "" -network = "default" -subnetwork = "default" -image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-prod/multichain-public/multichain-testnet:latest" -region = "europe-west1" -zone = "europe-west1-b" +env = "testnet" +project_id = "" +network = "default" +subnetwork = "default" +image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-prod/multichain-public/multichain-testnet:latest" +region = "europe-west1" +zone = "europe-west1-b" # These will be specific to your node node_configs = [ { # Each node has a unique account ID - account = "{your_near_account_id}" - cipher_pk = "" + account = "{your_near_account_id}" + cipher_pk = "" # These 3 values below should match your secret names in google secrets manager account_sk_secret_id = "multichain-account-sk-testnet-0" cipher_sk_secret_id = "multichain-cipher-sk-testnet-0" diff --git a/infra/partner-testnet/variables.tf b/infra/partner-testnet/variables.tf index 6eee28d77..5e2143f9e 100644 --- a/infra/partner-testnet/variables.tf +++ b/infra/partner-testnet/variables.tf @@ -20,6 +20,11 @@ variable "image" { default = "us-east1-docker.pkg.dev/pagoda-discovery-platform-prod/multichain-public/multichain-testnet:latest" } +variable "source_image" { + type = string + default = "projects/cos-cloud/global/images/cos-stable-117-18613-75-37" +} + variable "image_port" { description = "The port the image exposes for HTTP requests" type = number From f3af774addf4cf2f1ec8b0637d2a2ad6f3b3c9cd Mon Sep 17 00:00:00 2001 From: auto-mausx Date: Thu, 21 Nov 2024 14:11:08 -0700 Subject: [PATCH 2/2] added TF code changes for RPC endpoint and Redis integration --- infra/multichain-mainnet/main.tf | 25 +++++++++++++++++++++++-- infra/multichain-mainnet/variables.tf | 7 ++++++- infra/multichain-testnet/main.tf | 23 +++++++++++++++++++++-- infra/multichain-testnet/variables.tf | 7 ++++++- infra/partner-mainnet/main.tf | 23 +++++++++++++++++++++-- infra/partner-mainnet/variables.tf | 7 ++++++- infra/partner-testnet/main.tf | 23 +++++++++++++++++++++-- infra/partner-testnet/variables.tf | 7 ++++++- 8 files changed, 110 insertions(+), 12 deletions(-) diff --git a/infra/multichain-mainnet/main.tf b/infra/multichain-mainnet/main.tf index 075f377ea..3de0b4ee4 100644 --- a/infra/multichain-mainnet/main.tf +++ b/infra/multichain-mainnet/main.tf @@ -15,8 +15,16 @@ module "gce-container" { container = { image = var.image - args = ["start"] - port = "3000" + + port = "3000" + + volumeMounts = [ + { + mountPath = "/data" + name = "host-path" + readOnly = false + } + ] env = concat(var.static_env, [ { @@ -62,9 +70,22 @@ module "gce-container" { { name = "MPC_ENV", value = var.env + }, + { + name = "MPC_REDIS_URL", + value = var.redis_url } ]) } + + volumes = [ + { + name = "host-path" + hostPath = { + path = "/var/redis" + } + } + ] } resource "google_service_account" "service_account" { diff --git a/infra/multichain-mainnet/variables.tf b/infra/multichain-mainnet/variables.tf index 0d4a699af..98ba6504f 100644 --- a/infra/multichain-mainnet/variables.tf +++ b/infra/multichain-mainnet/variables.tf @@ -94,7 +94,7 @@ variable "static_env" { default = [ { name = "MPC_NEAR_RPC" - value = "https://rpc.mainnet.near.org" + value = "https://rpc.mainnet.fastnear.com" }, { name = "MPC_CONTRACT_ID" @@ -138,4 +138,9 @@ variable "static_env" { variable "domain" { description = "DNS name for your node" default = null +} + +variable "redis_url" { + type = string + default = "redis://127.0.0.1:6379" } \ No newline at end of file diff --git a/infra/multichain-testnet/main.tf b/infra/multichain-testnet/main.tf index 7993d1727..320bc3d6e 100644 --- a/infra/multichain-testnet/main.tf +++ b/infra/multichain-testnet/main.tf @@ -15,8 +15,15 @@ module "gce-container" { container = { image = var.image - args = ["start"] - port = "3000" + + port = "3000" + volumeMounts = [ + { + mountPath = "/data" + name = "host-path" + readOnly = false + } + ] env = concat(var.static_env, [ { @@ -67,8 +74,20 @@ module "gce-container" { name = "MPC_GCP_PROJECT_ID" value = var.project_id }, + { + name = "MPC_REDIS_URL", + value = var.redis_url + } ]) } + volumes = [ + { + name = "host-path" + hostPath = { + path = "/var/redis" + } + } + ] } resource "google_service_account" "service_account" { diff --git a/infra/multichain-testnet/variables.tf b/infra/multichain-testnet/variables.tf index ea550fd0e..1628a7d4a 100644 --- a/infra/multichain-testnet/variables.tf +++ b/infra/multichain-testnet/variables.tf @@ -93,7 +93,7 @@ variable "static_env" { default = [ { name = "MPC_NEAR_RPC" - value = "https://rpc.testnet.near.org" + value = "https://rpc.testnet.fastnear.com" }, { name = "MPC_CONTRACT_ID" @@ -130,3 +130,8 @@ variable "create_network" { default = false description = "Do you want to create a new VPC network (true) or use default GCP network (false)?" } + +variable "redis_url" { + type = string + default = "redis://127.0.0.1:6379" +} \ No newline at end of file diff --git a/infra/partner-mainnet/main.tf b/infra/partner-mainnet/main.tf index 9839bb954..a11b604e8 100644 --- a/infra/partner-mainnet/main.tf +++ b/infra/partner-mainnet/main.tf @@ -16,8 +16,15 @@ module "gce-container" { container = { image = var.image - args = ["start"] - port = "3000" + + port = "3000" + volumeMounts = [ + { + mountPath = "/data" + name = "host-path" + readOnly = false + } + ] env = concat(var.static_env, [ { @@ -63,9 +70,21 @@ module "gce-container" { { name = "MPC_ENV", value = var.env + }, + { + name = "MPC_REDIS_URL", + value = var.redis_url } ]) } + volumes = [ + { + name = "host-path" + hostPath = { + path = "/var/redis" + } + } + ] } resource "google_service_account" "service_account" { diff --git a/infra/partner-mainnet/variables.tf b/infra/partner-mainnet/variables.tf index ee636ded2..363b9bcd4 100644 --- a/infra/partner-mainnet/variables.tf +++ b/infra/partner-mainnet/variables.tf @@ -94,7 +94,7 @@ variable "static_env" { default = [ { name = "MPC_NEAR_RPC" - value = "https://rpc.mainnet.near.org" + value = "https://rpc.mainnet.fastnear.com" }, { name = "MPC_CONTRACT_ID" @@ -144,3 +144,8 @@ variable "domain" { description = "DNS name for your node" default = "" } + +variable "redis_url" { + type = string + default = "redis://127.0.0.1:6379" +} \ No newline at end of file diff --git a/infra/partner-testnet/main.tf b/infra/partner-testnet/main.tf index 1b4da0a80..0aef67bae 100644 --- a/infra/partner-testnet/main.tf +++ b/infra/partner-testnet/main.tf @@ -16,8 +16,15 @@ module "gce-container" { container = { image = var.image - args = ["start"] - port = "3000" + + port = "3000" + volumeMounts = [ + { + mountPath = "/data" + name = "host-path" + readOnly = false + } + ] env = concat(var.static_env, [ { @@ -63,9 +70,21 @@ module "gce-container" { { name = "MPC_ENV", value = var.env + }, + { + name = "MPC_REDIS_URL", + value = var.redis_url } ]) } + volumes = [ + { + name = "host-path" + hostPath = { + path = "/var/redis" + } + } + ] } resource "google_service_account" "service_account" { diff --git a/infra/partner-testnet/variables.tf b/infra/partner-testnet/variables.tf index 5e2143f9e..05141ea58 100644 --- a/infra/partner-testnet/variables.tf +++ b/infra/partner-testnet/variables.tf @@ -91,7 +91,7 @@ variable "static_env" { default = [ { name = "MPC_NEAR_RPC" - value = "https://rpc.testnet.near.org" + value = "https://rpc.testnet.fastnear.com" }, { name = "MPC_CONTRACT_ID" @@ -132,3 +132,8 @@ variable "create_network" { default = false description = "Do you want to create a new VPC network (true) or use default GCP network (false)?" } + +variable "redis_url" { + type = string + default = "redis://127.0.0.1:6379" +} \ No newline at end of file