Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat: added partner code for infrastructure, and updated dev code #493

Merged
merged 4 commits into from
Mar 18, 2024
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions infra/.gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ crash.*.log
*.tfvars.json
!terraform-dev.tfvars
!backend-config-*.tfvars
!terraform-testnet-example.tfvars

# Ignore override files as they are usually used to override resources locally and so
# are not checked in
Expand Down
4 changes: 3 additions & 1 deletion infra/multichain-vm-dev/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ module "gce-container" {
version = "~> 3.0"

container = {
image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-dev/multichain/multichain-dev:latest"
image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-prod/multichain-public/multichain-dev:latest"
args = ["start"]
port = "3000"

Expand Down Expand Up @@ -82,6 +82,8 @@ module "mig_template" {
source_image_project = "cos-cloud"
machine_type = "n2-standard-2"

startup_script = "docker rm watchtower ; docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --debug --interval 30"

source_image = reverse(split("/", module.gce-container[count.index].source_image))[0]
metadata = merge(var.additional_metadata, { "gce-container-declaration" = module.gce-container["${count.index}"].metadata_value })
tags = [
Expand Down
39 changes: 37 additions & 2 deletions infra/multichain-vm-dev/terraform-dev.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,40 @@ node_configs = [
account_sk_secret_id = "multichain-account-sk-dev-2"
cipher_sk_secret_id = "multichain-cipher-sk-dev-2"
sk_share_secret_id = "multichain-sk-share-dev-2"
}
]
},
{
account = "multichain-node-dev-3.testnet"
cipher_pk = "f0bc3ec25105301e0dfaafffb043fafd98b520692610bf09d688b77a3de4f16e"
account_sk_secret_id = "multichain-account-sk-dev-3"
cipher_sk_secret_id = "multichain-cipher-sk-dev-3"
sk_share_secret_id = "multichain-sk-share-dev-3"
},
{
account = "multichain-node-dev-4.testnet"
cipher_pk = "4d4df6855b2b3825ed2b7f4becfbe2ea7c940817bb54eaa5c4baef7c73df426b"
account_sk_secret_id = "multichain-account-sk-dev-4"
cipher_sk_secret_id = "multichain-cipher-sk-dev-4"
sk_share_secret_id = "multichain-sk-share-dev-4"
},
{
account = "multichain-node-dev-5.testnet"
cipher_pk = "9c228aedc6bd9c49f7cbbfebe68a61e2ecb5ba015fde8ec178b798d022fec528"
account_sk_secret_id = "multichain-account-sk-dev-5"
cipher_sk_secret_id = "multichain-cipher-sk-dev-5"
sk_share_secret_id = "multichain-sk-share-dev-5"
},
{
account = "multichain-node-dev-6.testnet"
cipher_pk = "490cdcec451c9d34d186af4b0747f82c3dbc45df0d9a6d4b8cd68a783592073b"
account_sk_secret_id = "multichain-account-sk-dev-6"
cipher_sk_secret_id = "multichain-cipher-sk-dev-6"
sk_share_secret_id = "multichain-sk-share-dev-6"
},
{
account = "multichain-node-dev-7.testnet"
cipher_pk = "5f49047f95ab9705f325d573ea6fcd2bbe681ab1f90b6b0d736669c34b483a07"
account_sk_secret_id = "multichain-account-sk-dev-7"
cipher_sk_secret_id = "multichain-cipher-sk-dev-7"
sk_share_secret_id = "multichain-sk-share-dev-7"
},
]
2 changes: 1 addition & 1 deletion infra/multichain-vm-dev/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ variable "static_env" {
},
{
name = "MPC_RECOVERY_INDEXER_START_BLOCK_HEIGHT"
value = 158767549
value = 159307004
},
{
name = "AWS_DEFAULT_REGION"
Expand Down
198 changes: 198 additions & 0 deletions infra/partner-vm-testnet/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,198 @@
provider "google" {
project = var.project_id
}
provider "google-beta" {
project = var.project_id
}
module "gce-container" {
count = length(var.node_configs)
source = "terraform-google-modules/container-vm/google"
version = "~> 3.0"

container = {
image = "us-east1-docker.pkg.dev/pagoda-discovery-platform-prod/multichain-public/multichain-dev:latest"
args = ["start"]
port = "3000"

env = concat(var.static_env, [
{
name = "MPC_RECOVERY_NODE_ID"
value = "${count.index}"
},
{
name = "MPC_RECOVERY_ACCOUNT_ID"
value = var.node_configs["${count.index}"].account
},
{
name = "MPC_RECOVERY_CIPHER_PK"
value = var.node_configs["${count.index}"].cipher_pk
},
{
name = "MPC_RECOVERY_ACCOUNT_SK"
value = data.google_secret_manager_secret_version.account_sk_secret_id[count.index].secret_data
},
{
name = "MPC_RECOVERY_CIPHER_SK"
value = data.google_secret_manager_secret_version.cipher_sk_secret_id[count.index].secret_data
},
{
name = "AWS_ACCESS_KEY_ID"
value = data.google_secret_manager_secret_version.aws_access_key_secret_id.secret_data
},
{
name = "AWS_SECRET_ACCESS_KEY"
value = data.google_secret_manager_secret_version.aws_secret_key_secret_id.secret_data
},
{
name = "MPC_RECOVERY_LOCAL_ADDRESS"
value = "http://${google_compute_global_address.external_ips[count.index].address}"
},
{
name = "MPC_RECOVERY_SK_SHARE_SECRET_ID"
value = var.node_configs["${count.index}"].sk_share_secret_id
},
{
name = "MPC_RECOVERY_ENV",
value = var.env
}
])
}
}

resource "google_service_account" "service_account" {
account_id = "multichain-${var.env}"
display_name = "Multichain ${var.env} Account"
}

resource "google_project_iam_binding" "sa-roles" {
for_each = toset([
"roles/datastore.user",
"roles/secretmanager.admin",
"roles/storage.objectAdmin",
"roles/iam.serviceAccountAdmin",
])

role = each.key
members = [
"serviceAccount:${google_service_account.service_account.email}"
]
project = var.project_id
}

resource "google_compute_global_address" "external_ips" {
count = length(var.node_configs)
name = "multichain-dev-parnter-${count.index}"
address_type = "EXTERNAL"
}

module "ig_template" {
count = length(var.node_configs)
source = "../modules/mig_template"
network = var.network
subnetwork = var.subnetwork
region = var.region
service_account = {
email = google_service_account.service_account.email,
scopes = ["cloud-platform"]
}
name_prefix = "multichain-partner-${count.index}"
source_image_family = "cos-stable"
source_image_project = "cos-cloud"
machine_type = "n2d-standard-2"

startup_script = "docker rm watchtower ; docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --debug --interval 3600"

source_image = reverse(split("/", module.gce-container[count.index].source_image))[0]
metadata = merge(var.additional_metadata, { "gce-container-declaration" = module.gce-container["${count.index}"].metadata_value })
tags = [
"multichain",
"allow-ssh"
]
labels = {
"container-vm" = module.gce-container[count.index].vm_container_label
}

depends_on = [google_compute_global_address.external_ips]
}


module "instances" {
count = length(var.node_configs)
source = "../modules/instance-from-tpl"
region = var.region
project_id = var.project_id
hostname = "multichain-dev-partner-${count.index}"
network = var.network
subnetwork = var.subnetwork

instance_template = module.ig_template[count.index].self_link_unique

}

resource "google_compute_health_check" "multichain_healthcheck" {
name = "multichain-dev-partner-healthcheck"

http_health_check {
port = 3000
request_path = "/"
}

}

resource "google_compute_global_forwarding_rule" "default" {
count = length(var.node_configs)
name = "multichain-partner-rule-${count.index}"
target = google_compute_target_http_proxy.default[count.index].id
port_range = "80"
load_balancing_scheme = "EXTERNAL"
ip_address = google_compute_global_address.external_ips[count.index].address
}

resource "google_compute_target_http_proxy" "default" {
count = length(var.node_configs)
name = "multichain-partner-target-proxy-${count.index}"
description = "a description"
url_map = google_compute_url_map.default[count.index].id
}

resource "google_compute_url_map" "default" {
count = length(var.node_configs)
name = "multichain-partner-url-map-${count.index}"
default_service = google_compute_backend_service.multichain_backend.id
}

resource "google_compute_backend_service" "multichain_backend" {
name = "multichain-partner-backend-service"
load_balancing_scheme = "EXTERNAL"

backend {
group = google_compute_instance_group.multichain_group.id
}

health_checks = [google_compute_health_check.multichain_healthcheck.id]
}

resource "google_compute_instance_group" "multichain_group" {
name = "multichain-partner-instance-group"
instances = module.instances[*].self_links[0]

zone = "us-central1-a"
named_port {
name = "http"
port = 3000
}
}

resource "google_compute_firewall" "app_port" {
name = "allow-multichain-healthcheck-access"
network = var.network

source_ranges = [ "130.211.0.0/22", "35.191.0.0/16" ]
source_tags = [ "multichain" ]

allow {
protocol = "tcp"
ports = [ "80" ]
}

}
41 changes: 41 additions & 0 deletions infra/partner-vm-testnet/network.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
module "vpc" {
source = "terraform-google-modules/network/google"
version = "~> 9.0"

project_id = var.project_id
network_name = var.network
routing_mode = "GLOBAL"

subnets = [
{
subnet_name = var.subnetwork
subnet_ip = "10.10.10.0/24"
subnet_region = var.region
}
]

routes = [
{
name = "egress-internet"
description = "route through IGW to access internet"
destination_range = "0.0.0.0/0"
tags = "egress-inet"
next_hop_internet = "true"
}
]

ingress_rules = [
{
name = "allow-iap-ssh"
description = "this rule allows you to connect to your VM via SSH without port 22 being public"
source_ranges = [ "35.235.240.0/20" ]
target_tags = [ "allow-ssh" ]
allow = [
{
protocol = "tcp",
ports = ["22"]
}
]
},
]
}
41 changes: 41 additions & 0 deletions infra/partner-vm-testnet/resources.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
terraform {
backend "gcs" {
bucket = "multichain-terraform-dev" # Example: terraform-multichain-state-bucket
prefix = "state/multichain-vm-partner-test" # Example: state/multichain-vm
}

required_providers {
google = {
source = "hashicorp/google"
version = "4.73.0"
}
}
}

# These data blocks grab the values from your GCP secret manager, please adjust secret names as desired
data "google_secret_manager_secret_version" "account_sk_secret_id" {
count = length(var.node_configs)
secret = var.node_configs[0].account_sk_secret_id
project = var.project_id
}

data "google_secret_manager_secret_version" "cipher_sk_secret_id" {
count = length(var.node_configs)
secret = var.node_configs[0].cipher_sk_secret_id
project = var.project_id
}

data "google_secret_manager_secret_version" "sk_share_secret_id" {
count = length(var.node_configs)
secret = var.node_configs[0].sk_share_secret_id
project = var.project_id
}

# This is the AWS access key and secret key for our public S3 bucket with Lake data
data "google_secret_manager_secret_version" "aws_access_key_secret_id" {
secret = "multichain-indexer-aws-access-key"
}

data "google_secret_manager_secret_version" "aws_secret_key_secret_id" {
secret = "multichain-indexer-aws-secret-key"
}
13 changes: 13 additions & 0 deletions infra/partner-vm-testnet/terraform-testnet-example.tfvars
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
env = "testnet"
# These will be specific to your node
node_configs = [
{
# Each node has a unique account ID
account = "multichain-node-testnet-7.testnet"
cipher_pk = "<your_cipher_pk>"
# These 3 values below should match your secret names in google secrets manager
account_sk_secret_id = "multichain-account-sk-testnet-0"
cipher_sk_secret_id = "multichain-cipher-sk-testnet-0"
sk_share_secret_id = "multichain-sk-share-testnet-0"
},
]
Loading
Loading