From dce54c3a566da455b6c12383cc9a810d3808ba54 Mon Sep 17 00:00:00 2001 From: Chase Date: Thu, 31 Oct 2024 10:03:01 +0100 Subject: [PATCH] terraform: migrated to different solution (#537) --- .gitlab-ci.yml | 46 ---- gitlab/functions.yaml | 25 -- gitlab/prod.yaml | 191 --------------- gitlab/staging.yaml | 43 ---- terraform/.terraform.lock.hcl | 59 ----- terraform/data.tf | 44 ---- terraform/kms.tf | 14 -- terraform/main.tf | 136 +---------- .../modules/daemon/cloud-config/daemon.yml | 219 ------------------ terraform/modules/daemon/cloud-config/data.tf | 23 -- .../modules/daemon/cloud-config/outputs.tf | 3 - .../modules/daemon/cloud-config/variables.tf | 64 ----- terraform/modules/daemon/data.tf | 3 - terraform/modules/daemon/firewall.tf | 73 ------ terraform/modules/daemon/iam.tf | 14 -- terraform/modules/daemon/main.tf | 138 ----------- terraform/modules/daemon/network.tf | 77 ------ terraform/modules/daemon/outputs.tf | 11 - terraform/modules/daemon/variables.tf | 88 ------- terraform/modules/prometheus/firewall.tf | 8 +- terraform/modules/prometheus/iam.tf | 8 +- terraform/modules/prometheus/main.tf | 18 +- terraform/modules/prometheus/outputs.tf | 2 +- terraform/modules/prometheus/variables.tf | 15 +- terraform/modules/tor/cloud-init/tor.yaml | 166 ------------- terraform/modules/tor/data.tf | 27 --- terraform/modules/tor/firewall.tf | 55 ----- terraform/modules/tor/iam.tf | 25 -- terraform/modules/tor/main.tf | 62 ----- terraform/modules/tor/v2.pk | 1 - terraform/modules/tor/v3.pk | 1 - terraform/modules/tor/v3.pubk | 1 - terraform/modules/tor/variables.tf | 78 ------- terraform/network-electrs.tf | 143 ------------ terraform/network-onion-electrs.tf | 69 ------ terraform/network-onion.tf | 91 -------- terraform/network.tf | 98 -------- terraform/outputs.tf | 27 --- terraform/variables.tf | 151 +----------- 39 files changed, 29 insertions(+), 2288 deletions(-) delete mode 100644 gitlab/prod.yaml delete mode 100644 gitlab/staging.yaml delete mode 100644 terraform/.terraform.lock.hcl delete mode 100644 terraform/kms.tf delete mode 100644 terraform/modules/daemon/cloud-config/daemon.yml delete mode 100644 terraform/modules/daemon/cloud-config/data.tf delete mode 100644 terraform/modules/daemon/cloud-config/outputs.tf delete mode 100644 terraform/modules/daemon/cloud-config/variables.tf delete mode 100644 terraform/modules/daemon/data.tf delete mode 100644 terraform/modules/daemon/firewall.tf delete mode 100644 terraform/modules/daemon/iam.tf delete mode 100644 terraform/modules/daemon/main.tf delete mode 100644 terraform/modules/daemon/network.tf delete mode 100644 terraform/modules/daemon/outputs.tf delete mode 100644 terraform/modules/daemon/variables.tf delete mode 100644 terraform/modules/tor/cloud-init/tor.yaml delete mode 100644 terraform/modules/tor/data.tf delete mode 100644 terraform/modules/tor/firewall.tf delete mode 100644 terraform/modules/tor/iam.tf delete mode 100644 terraform/modules/tor/main.tf delete mode 100644 terraform/modules/tor/v2.pk delete mode 100644 terraform/modules/tor/v3.pk delete mode 100644 terraform/modules/tor/v3.pubk delete mode 100644 terraform/modules/tor/variables.tf delete mode 100644 terraform/network-electrs.tf delete mode 100644 terraform/network-onion-electrs.tf delete mode 100644 terraform/network-onion.tf delete mode 100644 terraform/network.tf diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5e4eb819..169333c1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -30,49 +30,3 @@ workflow: - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' when: never - when: always - -plan_main: - extends: .tf_setup - stage: deploy - only: - - /^main_v.*/ - script: - - (echo -n "$V3_PK" > terraform/modules/tor/v3.pk) - - (echo -n "$V3_PUBK" > terraform/modules/tor/v3.pubk) - - (cd terraform && terraform init -input=false && - terraform workspace select main && - terraform init -input=false && - terraform plan - -var "prometheus_allowed_source_ip=$PROMETHEUS_ALLOWED_SOURCE_IP" - -var "hosts=$HOSTS" - -var "hosts_onion=$HOSTS_ONION" - -var "cluster_size=$NODE_CLUSTER_SIZE" - -var "instance_type=$NODE_INSTANCE_TYPE" - -var "regions=$REGIONS" - -var "zones=$ZONES" - -var "ssl_certs=$SSL_CERTS" - -var "image_source_project=$IMAGE_SOURCE_PROJECT" - -input=false) - -deploy_main: - extends: .tf_setup - when: manual - only: - - /^main_v.*/ - script: - - (echo -n "$V3_PK" > terraform/modules/tor/v3.pk) - - (echo -n "$V3_PUBK" > terraform/modules/tor/v3.pubk) - - (cd terraform && terraform init -input=false && - terraform workspace select main && - terraform init -input=false && - terraform apply - -var "prometheus_allowed_source_ip=$PROMETHEUS_ALLOWED_SOURCE_IP" - -var "hosts=$HOSTS" - -var "hosts_onion=$HOSTS_ONION" - -var "cluster_size=$NODE_CLUSTER_SIZE" - -var "instance_type=$NODE_INSTANCE_TYPE" - -var "regions=$REGIONS" - -var "zones=$ZONES" - -var "ssl_certs=$SSL_CERTS" - -var "image_source_project=$IMAGE_SOURCE_PROJECT" - -input=false -auto-approve) diff --git a/gitlab/functions.yaml b/gitlab/functions.yaml index 1a0e9239..50ccdc9f 100644 --- a/gitlab/functions.yaml +++ b/gitlab/functions.yaml @@ -12,28 +12,3 @@ extends: .dind_setup rules: - if: $CI_COMMIT_BRANCH - -.tf_setup: - stage: deploy - before_script: - - curl -s "${DOCKERHUB_ESPLORA_URL}" | grep -q "${CI_COMMIT_SHA}" || - (echo "No such image blockstream/esplora:${CI_COMMIT_SHA}. Needs to be built."; exit 1) - - TMPF=$(mktemp) || exit 1 - - echo $GCLOUD_KEY > $TMPF - - export GOOGLE_APPLICATION_CREDENTIALS=$TMPF - - gcloud auth activate-service-account --key-file=$TMPF - - gcloud auth list - - gcloud --version - -.k8s_setup: - stage: deploy - when: manual - image: blockstream/kubectl:v1.24.8 - before_script: - - curl -s "${DOCKERHUB_ESPLORA_URL}" | grep -q "${CI_COMMIT_SHA}" || - (echo "No such image blockstream/esplora:${CI_COMMIT_SHA}. Needs to be built."; exit 1) - - kubectl --server=$KUBE_SERVER_US --token=$KUBE_TOKEN_US version - script: - - | - kubectl --v=8 --server=$KUBE_SERVER_US --token=$KUBE_TOKEN_US \ - -n $KUBE_NAMESPACE set image $KUBE_WORKLOAD $KUBE_CONTAINER=$IMAGE:$CI_COMMIT_SHA diff --git a/gitlab/prod.yaml b/gitlab/prod.yaml deleted file mode 100644 index ea8d1e9d..00000000 --- a/gitlab/prod.yaml +++ /dev/null @@ -1,191 +0,0 @@ -plan_bitcoin_mainnet: - extends: .tf_setup - only: - - /^bitcoin_mainnet.*/ - script: - - (cd terraform && terraform init -input=false && - terraform workspace select bitcoin-mainnet && - terraform init -input=false && - terraform plan - -var "docker_tag_explorer=blockstream/esplora:$CI_COMMIT_SHA" - -var "cluster_size=$NODE_CLUSTER_SIZE_BTCM" - -var "instance_type=$NODE_INSTANCE_TYPE_BTCM" - -var "regions=$BTC_MAINNET_REGIONS" - -var "zones=$ZONES" - -var "min_ready_sec=300" - -var "initial_delay_sec=1200" - -var "image_source_project=$IMAGE_SOURCE_PROJECT" - -var "mempooldat=$MEMPOOLDAT" - -var "fullurl=https://blockstream.info/_sync" - -input=false) - -deploy_bitcoin_mainnet: - extends: - - .tf_setup - - .dind_setup - when: manual - only: - - /^bitcoin_mainnet.*/ - script: - - docker pull blockstream/esplora:$CI_COMMIT_SHA - - docker tag blockstream/esplora:$CI_COMMIT_SHA blockstream/esplora:builder-bitcoin-mainnet - - docker push blockstream/esplora:builder-bitcoin-mainnet - - (cd terraform && terraform init -input=false && - terraform workspace select bitcoin-mainnet && - terraform init -input=false && - terraform apply - -var "docker_tag_explorer=blockstream/esplora:$CI_COMMIT_SHA" - -var "cluster_size=$NODE_CLUSTER_SIZE_BTCM" - -var "instance_type=$NODE_INSTANCE_TYPE_BTCM" - -var "regions=$BTC_MAINNET_REGIONS" - -var "zones=$ZONES" - -var "min_ready_sec=300" - -var "initial_delay_sec=1200" - -var "image_source_project=$IMAGE_SOURCE_PROJECT" - -var "mempooldat=$MEMPOOLDAT" - -var "fullurl=https://blockstream.info/_sync" - -input=false -auto-approve) - -plan_bitcoin_testnet: - extends: .tf_setup - only: - - /^bitcoin_testnet.*/ - script: - - (cd terraform && terraform init -input=false && - terraform workspace select bitcoin-testnet && - terraform init -input=false && - terraform plan - -var "docker_tag_explorer=blockstream/esplora:$CI_COMMIT_SHA" - -var "cluster_size=$NODE_CLUSTER_SIZE_BTCT" - -var "instance_type=$NODE_INSTANCE_TYPE_BTCT" - -var "regions=$REGIONS" - -var "zones=$ZONES" - -var "min_ready_sec=60" - -var "initial_delay_sec=600" - -var "image_source_project=$IMAGE_SOURCE_PROJECT" - -var "mempooldat=$MEMPOOLDAT" - -var "fullurl=https://blockstream.info/testnet/_sync" - -input=false) - -deploy_bitcoin_testnet: - extends: - - .tf_setup - - .dind_setup - when: manual - only: - - /^bitcoin_testnet.*/ - script: - - docker pull blockstream/esplora:$CI_COMMIT_SHA - - docker tag blockstream/esplora:$CI_COMMIT_SHA blockstream/esplora:builder-bitcoin-testnet - - docker push blockstream/esplora:builder-bitcoin-testnet - - (cd terraform && terraform init -input=false && - terraform workspace select bitcoin-testnet && - terraform init -input=false && - terraform apply - -var "docker_tag_explorer=blockstream/esplora:$CI_COMMIT_SHA" - -var "cluster_size=$NODE_CLUSTER_SIZE_BTCT" - -var "instance_type=$NODE_INSTANCE_TYPE_BTCT" - -var "regions=$REGIONS" - -var "zones=$ZONES" - -var "min_ready_sec=60" - -var "initial_delay_sec=600" - -var "image_source_project=$IMAGE_SOURCE_PROJECT" - -var "mempooldat=$MEMPOOLDAT" - -var "fullurl=https://blockstream.info/testnet/_sync" - -input=false -auto-approve) - -plan_liquid_mainnet: - extends: .tf_setup - only: - - /^liquid_mainnet.*/ - script: - - (cd terraform && terraform init -input=false && - terraform workspace select liquid-mainnet && - terraform init -input=false && - terraform plan - -var "docker_tag_explorer=blockstream/esplora:$CI_COMMIT_SHA" - -var "cluster_size=$NODE_CLUSTER_SIZE_LQM" - -var "instance_type=$NODE_INSTANCE_TYPE_LQM" - -var "regions=$REGIONS" - -var "zones=$ZONES" - -var "min_ready_sec=60" - -var "initial_delay_sec=900" - -var "image_source_project=$IMAGE_SOURCE_PROJECT" - -var "mempooldat=$MEMPOOLDAT" - -var "fullurl=https://blockstream.info/liquid/_sync" - -input=false) - -deploy_liquid_mainnet: - extends: - - .tf_setup - - .dind_setup - when: manual - only: - - /^liquid_mainnet.*/ - script: - - docker pull blockstream/esplora:$CI_COMMIT_SHA - - docker tag blockstream/esplora:$CI_COMMIT_SHA blockstream/esplora:builder-liquid-mainnet - - docker push blockstream/esplora:builder-liquid-mainnet - - (cd terraform && terraform init -input=false && - terraform workspace select liquid-mainnet && - terraform init -input=false && - terraform apply - -var "docker_tag_explorer=blockstream/esplora:$CI_COMMIT_SHA" - -var "cluster_size=$NODE_CLUSTER_SIZE_LQM" - -var "instance_type=$NODE_INSTANCE_TYPE_LQM" - -var "regions=$REGIONS" - -var "zones=$ZONES" - -var "min_ready_sec=60" - -var "initial_delay_sec=900" - -var "image_source_project=$IMAGE_SOURCE_PROJECT" - -var "mempooldat=$MEMPOOLDAT" - -var "fullurl=https://blockstream.info/liquid/_sync" - -input=false -auto-approve) - -plan_liquid_testnet: - extends: .tf_setup - only: - - /^liquid_testnet.*/ - script: - - (cd terraform && terraform init -input=false && - terraform workspace select liquid-testnet && - terraform init -input=false && - terraform plan - -var "docker_tag_explorer=blockstream/esplora:$CI_COMMIT_SHA" - -var "cluster_size=$NODE_CLUSTER_SIZE_LQT" - -var "instance_type=$NODE_INSTANCE_TYPE_LQT" - -var "regions=$REGIONS" - -var "zones=$ZONES" - -var "min_ready_sec=60" - -var "initial_delay_sec=600" - -var "image_source_project=$IMAGE_SOURCE_PROJECT" - -var "mempooldat=$MEMPOOLDAT" - -var "fullurl=https://blockstream.info/liquidtestnet/_sync" - -input=false) - -deploy_liquid_testnet: - extends: - - .tf_setup - - .dind_setup - when: manual - only: - - /^liquid_testnet.*/ - script: - - docker pull blockstream/esplora:$CI_COMMIT_SHA - - docker tag blockstream/esplora:$CI_COMMIT_SHA blockstream/esplora:builder-liquid-testnet - - docker push blockstream/esplora:builder-liquid-testnet - - (cd terraform && terraform init -input=false && - terraform workspace select liquid-testnet && - terraform init -input=false && - terraform apply - -var "docker_tag_explorer=blockstream/esplora:$CI_COMMIT_SHA" - -var "cluster_size=$NODE_CLUSTER_SIZE_LQT" - -var "instance_type=$NODE_INSTANCE_TYPE_LQT" - -var "regions=$REGIONS" - -var "zones=$ZONES" - -var "min_ready_sec=60" - -var "initial_delay_sec=600" - -var "image_source_project=$IMAGE_SOURCE_PROJECT" - -var "mempooldat=$MEMPOOLDAT" - -var "fullurl=https://blockstream.info/liquidtestnet/_sync" - -input=false -auto-approve) diff --git a/gitlab/staging.yaml b/gitlab/staging.yaml deleted file mode 100644 index bcae7090..00000000 --- a/gitlab/staging.yaml +++ /dev/null @@ -1,43 +0,0 @@ -deploy_staging_bitcoin_mainnet: - extends: .k8s_setup - only: - - /^staging_bitcoin_mainnet.*/ - variables: - KUBE_SERVER_US: $GKE_STAGING_SERVER_US - KUBE_TOKEN_US: $GKE_STAGING_TOKEN_US - KUBE_NAMESPACE: $GKE_STAGING_NAMESPACE - KUBE_WORKLOAD: $GKE_STAGING_WORKLOAD_BTCM - KUBE_CONTAINER: $GKE_STAGING_CONTAINER - -deploy_staging_bitcoin_testnet: - extends: .k8s_setup - only: - - /^staging_bitcoin_testnet.*/ - variables: - KUBE_SERVER_US: $GKE_STAGING_SERVER_US - KUBE_TOKEN_US: $GKE_STAGING_TOKEN_US - KUBE_NAMESPACE: $GKE_STAGING_NAMESPACE - KUBE_WORKLOAD: $GKE_STAGING_WORKLOAD_BTCT - KUBE_CONTAINER: $GKE_STAGING_CONTAINER - -deploy_staging_liquid_mainnet: - extends: .k8s_setup - only: - - /^staging_liquid_mainnet.*/ - variables: - KUBE_SERVER_US: $GKE_STAGING_SERVER_US - KUBE_TOKEN_US: $GKE_STAGING_TOKEN_US - KUBE_NAMESPACE: $GKE_STAGING_NAMESPACE - KUBE_WORKLOAD: $GKE_STAGING_WORKLOAD_LIQM - KUBE_CONTAINER: $GKE_STAGING_CONTAINER - -deploy_staging_liquid_testnet: - extends: .k8s_setup - only: - - /^staging_liquid_testnet.*/ - variables: - KUBE_SERVER_US: $GKE_STAGING_SERVER_US - KUBE_TOKEN_US: $GKE_STAGING_TOKEN_US - KUBE_NAMESPACE: $GKE_STAGING_NAMESPACE - KUBE_WORKLOAD: $GKE_STAGING_WORKLOAD_LIQT - KUBE_CONTAINER: $GKE_STAGING_CONTAINER diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl deleted file mode 100644 index 04607ae6..00000000 --- a/terraform/.terraform.lock.hcl +++ /dev/null @@ -1,59 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "4.52.0" - constraints = "~> 4.52.0" - hashes = [ - "h1:Nlb8C/liQ7fnT4sNXSjTGxTlwzw/w28K96kp3TI7DWo=", - "zh:1e36ac7c1be43cbb1d05fe1e5497dd058d1d87e03f848fd200bb043b1d6883f9", - "zh:40a023e6e2f4f3137a156ba368815de5294be1c9d8049945768211d1868a5e0c", - "zh:4bb0e3e97c95b32de5ccba13c3092fd929b95a646245ebe6829bb014863d8da0", - "zh:59d11a98a80105273511343321b1d1af7a9e39c8474a6563761c8e7e8075dbb3", - "zh:5c080d5368e898625f640a3397e8ab5f565a2a0c965642ecc124098f42c343a8", - "zh:72fd8356a90941ec6e2ec1e838b00c1946eba7aabfe9fb25e32258e49d42e368", - "zh:750f28b778dfecb0bed1d0b4df40a5e91fff16eb3ca4de64bed7c9945fea4e36", - "zh:7e28085c105b96687bf6491f72e9ca915496352749a7af1a65013f7e5e89452b", - "zh:83c8ecd116387032f7c4a1d9d4d921529746ce6e81d0766c9a0780c0b2e12993", - "zh:bfd2d4cb2daba199db49a33ff507c808a3c94a657e4597b8bd6f2de51dc7a729", - "zh:d9fd24b3d492013bca0021f29bfb670b76f01df5fd45f62c61eec53adac1b47d", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/google-beta" { - version = "4.52.0" - constraints = "~> 4.52.0" - hashes = [ - "h1:i4uHclZ2qCEV7EsWrE3Q8TTyLd1D6VM1euIyXuTRHyg=", - "zh:1528818baef6a408a82eb3540ff283a31e1ce53963f3374cd59f9914eda2ac49", - "zh:1632f06171efa17da7cad6eef062f6850c22f1a9b7ec89183fd67d5d835c4a83", - "zh:390ccad840a63de2b1bbc3cd963be2fea8402a21b0e67a0a944ebd7f9fa82231", - "zh:49a5952e7768792dedb4f11c114c7a385f04be103bb382c0bb0788c3f2c57edb", - "zh:55c663c74ac9d6037cfad70eacde7122a349f249d17befaf871d8298c9a25179", - "zh:629d12a80cc38f7c39cb8f1609c11acb0a42d176dac5cbb55c61aaa97bbeefe0", - "zh:67f87da40561a91bc5f43b71435798483ccfbb5dbaf637fbfb7de83827c2d214", - "zh:7ab62c3cad88bf29a8860f41b58a1789b76efb1c232ec59f8e2ee136b20d5fa6", - "zh:cb18e59d54b07892a32f02a49377aeb6da52ffb6b8d61ed2ea441ba9f618bbd1", - "zh:e3b37042c19757473783b79dc1d919d6621f91f46f54ceaa8df27b2dc4a1a541", - "zh:f098ba551787dadbcc21ddf3df17733c7f745ddbce24ed1c489226887193321e", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/template" { - version = "2.2.0" - hashes = [ - "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=", - "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386", - "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53", - "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603", - "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16", - "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776", - "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451", - "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae", - "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde", - "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d", - "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2", - ] -} diff --git a/terraform/data.tf b/terraform/data.tf index 24ba10f3..481032b4 100644 --- a/terraform/data.tf +++ b/terraform/data.tf @@ -12,47 +12,3 @@ data "terraform_remote_state" "main" { prometheus_service_account = "" } } - -data "terraform_remote_state" "bitcoin-mainnet" { - backend = "gcs" - - config = { - bucket = "terraform-bs-source" - prefix = "green-address-explorer" - } - - workspace = "bitcoin-mainnet" -} - -data "terraform_remote_state" "bitcoin-testnet" { - backend = "gcs" - - config = { - bucket = "terraform-bs-source" - prefix = "green-address-explorer" - } - - workspace = "bitcoin-testnet" -} - -data "terraform_remote_state" "liquid-mainnet" { - backend = "gcs" - - config = { - bucket = "terraform-bs-source" - prefix = "green-address-explorer" - } - - workspace = "liquid-mainnet" -} - -data "terraform_remote_state" "liquid-testnet" { - backend = "gcs" - - config = { - bucket = "terraform-bs-source" - prefix = "green-address-explorer" - } - - workspace = "liquid-testnet" -} diff --git a/terraform/kms.tf b/terraform/kms.tf deleted file mode 100644 index e71ac6c4..00000000 --- a/terraform/kms.tf +++ /dev/null @@ -1,14 +0,0 @@ -resource "google_kms_key_ring" "esplora-key-ring" { - project = var.project - name = "esplora-store-keyring" - location = var.kms_location - - count = local.create_main -} - -resource "google_kms_crypto_key" "esplora-crypto-key" { - name = "esplora-store-crypto-key" - key_ring = google_kms_key_ring.esplora-key-ring[0].id - - count = local.create_main -} diff --git a/terraform/main.tf b/terraform/main.tf index c0d61b97..84abed0a 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -23,137 +23,15 @@ provider "google-beta" { module "prometheus" { source = "./modules/prometheus" - name = "explorer" - network = "default" - zones = var.zones - region = var.regions[0] - instances = 1 - machine_type = var.instance_type - retention = "2d" - project = var.project - docker_tag = var.docker_tag_prometheus - docker_tag_node_exporter = var.docker_tag_node_exporter - allowed_source_ip = var.prometheus_allowed_source_ip - prometheus_service_account = terraform.workspace != "main" ? data.terraform_remote_state.main.outputs.prometheus_service_account : "" - - create_resources = local.create_main -} - -module "tor" { - source = "./modules/tor" - - name = "explorer-tor" + name = "explorer" network = "default" - zones = var.zones[0] - region = var.regions[0] + zone = var.zone + region = var.region instances = 1 + machine_type = var.instance_type + retention = "2d" project = var.project - tor_machine_type = var.instance_type - tor_lb = element(concat(google_compute_global_address.onion-lb.*.address, tolist([""])), 0) - docker_tag = var.docker_tag_tor - hosts_onion = var.hosts_onion - kms_key = element(concat(google_kms_crypto_key.esplora-crypto-key.*.name, tolist([""])), 0) - kms_key_link = element(concat(google_kms_crypto_key.esplora-crypto-key.*.id, tolist([""])), 0) - kms_key_ring = element(concat(google_kms_key_ring.esplora-key-ring.*.name, tolist([""])), 0) - kms_location = var.kms_location - service_account_prom = terraform.workspace == "main" ? module.prometheus.service_account : data.terraform_remote_state.main.outputs.prometheus_service_account + docker_tag = var.docker_tag_prometheus docker_tag_node_exporter = var.docker_tag_node_exporter - - create_resources = local.create_main -} - -module "bitcoin-testnet" { - source = "./modules/daemon" - - regions = [var.regions[0]] - name = "bitcoin-testnet" - daemon = "bitcoin" - mempooldat = var.mempooldat - fullurl = var.fullurl - network = "testnet" - disk_type = var.disk_type - instance_type = var.instance_type - size = var.cluster_size - project = var.project - service_account_prom = terraform.workspace == "main" ? module.prometheus.service_account : data.terraform_remote_state.main.outputs.prometheus_service_account - docker_tag_node_exporter = var.docker_tag_node_exporter - docker_tag_process_exporter = var.docker_tag_process_exporter - docker_tag_explorer = var.docker_tag_explorer - min_ready_sec = var.min_ready_sec - initial_delay_sec = var.initial_delay_sec - image_source_project = var.image_source_project - - create_resources = local.create_bitcoin_testnet -} - -module "bitcoin-mainnet" { - source = "./modules/daemon" - - regions = var.regions - name = "bitcoin-mainnet" - daemon = "bitcoin" - network = "mainnet" - disk_type = var.disk_type - mempooldat = var.mempooldat - fullurl = var.fullurl - instance_type = var.instance_type - size = var.cluster_size - project = var.project - service_account_prom = terraform.workspace == "main" ? module.prometheus.service_account : data.terraform_remote_state.main.outputs.prometheus_service_account - docker_tag_node_exporter = var.docker_tag_node_exporter - docker_tag_process_exporter = var.docker_tag_process_exporter - docker_tag_explorer = var.docker_tag_explorer - min_ready_sec = var.min_ready_sec - initial_delay_sec = var.initial_delay_sec - image_source_project = var.image_source_project - - create_resources = local.create_bitcoin_mainnet -} - -module "liquid-mainnet" { - source = "./modules/daemon" - - regions = [var.regions[0]] - name = "liquid-mainnet" - daemon = "liquid" - network = "mainnet" - disk_type = var.disk_type - mempooldat = var.mempooldat - fullurl = var.fullurl - instance_type = var.instance_type - size = var.cluster_size - project = var.project - service_account_prom = terraform.workspace == "main" ? module.prometheus.service_account : data.terraform_remote_state.main.outputs.prometheus_service_account - docker_tag_node_exporter = var.docker_tag_node_exporter - docker_tag_process_exporter = var.docker_tag_process_exporter - docker_tag_explorer = var.docker_tag_explorer - min_ready_sec = var.min_ready_sec - initial_delay_sec = var.initial_delay_sec - image_source_project = var.image_source_project - - create_resources = local.create_liquid_mainnet -} - -module "liquid-testnet" { - source = "./modules/daemon" - - regions = [var.regions[0]] - name = "liquid-testnet" - daemon = "liquid" - network = "testnet" - disk_type = var.disk_type - mempooldat = var.mempooldat - fullurl = var.fullurl - instance_type = var.instance_type - size = var.cluster_size - project = var.project - service_account_prom = terraform.workspace == "main" ? module.prometheus.service_account : data.terraform_remote_state.main.outputs.prometheus_service_account - docker_tag_node_exporter = var.docker_tag_node_exporter - docker_tag_process_exporter = var.docker_tag_process_exporter - docker_tag_explorer = var.docker_tag_explorer - min_ready_sec = var.min_ready_sec - initial_delay_sec = var.initial_delay_sec - image_source_project = var.image_source_project - - create_resources = local.create_liquid_testnet + allowed_source_ip = var.prometheus_allowed_source_ip } diff --git a/terraform/modules/daemon/cloud-config/daemon.yml b/terraform/modules/daemon/cloud-config/daemon.yml deleted file mode 100644 index 058f3f6c..00000000 --- a/terraform/modules/daemon/cloud-config/daemon.yml +++ /dev/null @@ -1,219 +0,0 @@ -users: - - name: bs - uid: 2000 - -write_files: - - path: /home/bs/prep_disk.sh - permissions: 0644 - owner: root - content: | - #!/bin/bash - - INSTANCE_NAME=$(curl http://metadata.google.internal/computeMetadata/v1/instance/name -H 'Metadata-Flavor: Google') - ZONE=$(curl http://metadata.google.internal/computeMetadata/v1/instance/zone -H 'Metadata-Flavor: Google') - - if ! mount | grep -q /mnt/disks/data - then - echo "creating and attaching disk" - disk=$(docker run --rm --name create-disk-from-image --tmpfs /tmp ${docker_tag_gcloud} gcloud compute disks create $${INSTANCE_NAME}-data --type ${disk_type} --image-project ${image_source_project} --image-family ${name} --zone $${ZONE}) - docker run --rm --name attach-disk --tmpfs /tmp ${docker_tag_gcloud} gcloud compute instances attach-disk $${INSTANCE_NAME} --disk $${INSTANCE_NAME}-data --zone $${ZONE} --device-name=data - docker run --rm --name set-disk-auto-delete --tmpfs /tmp ${docker_tag_gcloud} gcloud compute instances set-disk-auto-delete $${INSTANCE_NAME} --disk $${INSTANCE_NAME}-data --zone $${ZONE} - mkdir -p /mnt/disks/data - mount -o "rw,noatime,discard,nobarrier,nodev" /dev/disk/by-id/google-data /mnt/disks/data - fi - - - path: /home/bs/insert_instance_list.sh - permissions: 0644 - owner: root - content: | - #!/bin/bash - - # Exit if not bitcoin. - if [ "${daemon}" != "bitcoin" ] - then - echo "[insert-instance-list] bitcoin only, this is ${daemon}, exiting!" - exit 0 - fi - - # Sleep until `getblockchaininfo` works. - while ! docker exec ${container_name} cli getblockchaininfo > /dev/null 2>&1 - do - echo "[insert-instance-list] waiting for explorer to be ready" - sleep 5 - done - - HEALTHY_INSTANCES=$(docker run --rm --name backend-service-list --tmpfs /tmp ${docker_tag_gcloud} gcloud compute backend-services get-health --global ${name}-explorer-backend-service --filter="backend~.*\/${name}-explorer-ig-.* AND status.healthStatus[].healthState=HEALTHY" --format="value(status.healthStatus[].ipAddress)" | tr ';' "\n") - - if [ "${network}" == "testnet" ]; then - PORT=18333 - else - PORT=8333 - fi - - # Addnode each instance's internal IP. - for ip in $HEALTHY_INSTANCES - do - IFS='/' read -r -a parts <<< $instance - # ZONE=$${parts[8]} - ID=$${parts[10]} - docker exec ${container_name} cli addnode $ip:$PORT add - echo "[insert-instance-list] added $ip:$PORT to ${container_name}" - done - - - path: /home/bs/truncate-err-log.sh - permissions: 0644 - owner: root - content: | - #!/bin/bash - - # Path to the file inside the container - FILE="/var/log/nginx/error.log" - # Container name - CONTAINER="${container_name}" - # Maximum file size in bytes (20GB) - MAXSIZE=$((20 * 1024 * 1024 * 1024)) - - # Check if the container is running - if docker ps | grep -q "$CONTAINER"; then - # Get the file size inside the container - FILESIZE=$(docker exec "$CONTAINER" stat -c %s "$FILE") - # Compare the file size with the maximum allowed size - if [ "$FILESIZE" -gt "$MAXSIZE" ]; then - echo "Truncating $FILE in $CONTAINER..." - docker exec "$CONTAINER" truncate -s 0 "$FILE" - else - echo "$FILE in $CONTAINER is within size limit: $((FILESIZE / 1024 / 1024 / 1024)) GB." - fi - else - echo "Container $CONTAINER is not running." - fi - - - path: /etc/systemd/system/truncate-err-log.service - permissions: 0644 - owner: root - content: | - [Unit] - Description=Check and truncate Nginx error.log file in container if larger than 20GB - - [Service] - Type=oneshot - ExecStart=/bin/bash /home/bs/truncate-err-log.sh - - - path: /etc/systemd/system/truncate-err-log.timer - permissions: 0644 - owner: root - content: | - [Unit] - Description=Timer for truncating Nginx error.log file in container - - [Timer] - # Run every 12h - OnCalendar=*-*-* 00/12:00:00 - AccuracySec=1h - - [Install] - WantedBy=timers.target - - - path: /etc/systemd/system/explorer.service - permissions: 0644 - owner: root - content: | - [Unit] - Description=explorer - Wants=docker.service - After=docker.service - - [Service] - Restart=always - RestartSec=1 - TimeoutStartSec=1200 - Environment=HOME=/home/bs - ExecStartPre=/usr/bin/docker pull ${docker_tag} - ExecStartPre=/usr/bin/docker pull ${docker_tag_gcloud} - ExecStartPre=/bin/bash /home/bs/prep_disk.sh - ExecStartPre=/sbin/iptables -A INPUT -m multiport -p tcp --dports 80,4224,18333,8333,50001 -j ACCEPT - ExecStart=/usr/bin/docker run \ - --network=host \ - --pid=host \ - --name=${container_name} \ - --tmpfs /tmp/ \ - --log-opt max-size=25g \ - --log-opt max-file=3 \ - -v /mnt/disks/data:/data:rw \ - --ulimit nofile=524288:524288 \ - "${docker_tag}" bash -c '/srv/explorer/run.sh ${daemon}-${network}-blockstream explorer nonverbose ${mempooldat} ${fullurl}' - ExecStartPost=-/bin/bash /home/bs/insert_instance_list.sh - ExecStop=/usr/bin/docker stop ${container_name} - ExecStopPost=/usr/bin/docker rm ${container_name} - ExecStopPost=/sbin/iptables -D INPUT -m multiport -p tcp --dports 80,4224,18333,8333,50001 -j ACCEPT - - [Install] - WantedBy=multi-user.target - - - path: /etc/systemd/system/node-exporter.service - permissions: 0644 - owner: root - content: | - [Unit] - Description=prometheus node-exporter - Wants=docker.service - After=docker.service - - [Service] - Restart=always - RestartSec=1 - Environment=HOME=/home/bs - ExecStartPre=/usr/bin/docker pull ${docker_tag_node_exporter} - ExecStartPre=/sbin/iptables -A INPUT -m tcp -p tcp --dport 9100 -j ACCEPT - ExecStart=/usr/bin/docker run \ - --name=node-exporter \ - --network=host \ - --read-only \ - -v /proc:/host/proc:ro \ - -v /sys:/host/sys:ro \ - -v /:/rootfs:ro \ - -v metrics:/metrics:ro \ - -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro \ - "${docker_tag_node_exporter}" --path.procfs /host/proc --path.sysfs /host/sys --collector.textfile.directory /metrics --collector.filesystem.ignored-mount-points "^/(sys|proc|dev|host|etc($|/))" --collector.systemd - ExecStop=/usr/bin/docker stop node-exporter - ExecStopPost=/usr/bin/docker rm node-exporter - ExecStopPost=/sbin/iptables -D INPUT -m tcp -p tcp --dport 9100 -j ACCEPT - - [Install] - WantedBy=multi-user.target - - - path: /etc/systemd/system/process-exporter.service - permissions: 0644 - owner: root - content: | - [Unit] - Description=prometheus process-exporter - Wants=docker.service - After=docker.service - - [Service] - Restart=always - RestartSec=1 - Environment=HOME=/home/bs - ExecStartPre=/usr/bin/docker pull ${docker_tag_process_exporter} - ExecStartPre=/sbin/iptables -A INPUT -m tcp -p tcp --dport 9256 -j ACCEPT - ExecStart=/usr/bin/docker run \ - --name=process-exporter \ - --pid=host \ - --read-only \ - -v /proc:/host/proc:ro \ - -p 9256:9256 \ - "${docker_tag_process_exporter}" --procfs /host/proc -procnames electrs,bitcoind,elementsd,liquidd,tor,nginx - ExecStop=/usr/bin/docker stop process-exporter - ExecStopPost=/usr/bin/docker rm process-exporter - ExecStopPost=/sbin/iptables -D INPUT -m tcp -p tcp --dport 9256 -j ACCEPT - - [Install] - WantedBy=multi-user.target - -runcmd: - - systemctl daemon-reload - - systemctl enable --now truncate-err-log.timer - - systemctl enable --now explorer.service - - systemctl enable --now node-exporter.service - - systemctl enable --now process-exporter.service diff --git a/terraform/modules/daemon/cloud-config/data.tf b/terraform/modules/daemon/cloud-config/data.tf deleted file mode 100644 index dbe28c46..00000000 --- a/terraform/modules/daemon/cloud-config/data.tf +++ /dev/null @@ -1,23 +0,0 @@ -data "template_cloudinit_config" "daemon" { - gzip = false - base64_encode = false - - part { - content_type = "text/cloud-config" - content = templatefile("${path.module}/daemon.yml", { - docker_tag = var.docker_tag - daemon = var.daemon - network = var.network - container_name = var.container_name - name = var.name - docker_tag_node_exporter = var.docker_tag_node_exporter - docker_tag_process_exporter = var.docker_tag_process_exporter - docker_tag_gcloud = var.docker_tag_gcloud - image_source_project = var.image_source_project - mempooldat = var.mempooldat - fullurl = var.fullurl - region = var.region - disk_type = var.disk_type - }) - } -} diff --git a/terraform/modules/daemon/cloud-config/outputs.tf b/terraform/modules/daemon/cloud-config/outputs.tf deleted file mode 100644 index c0d12a68..00000000 --- a/terraform/modules/daemon/cloud-config/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "template" { - value = data.template_cloudinit_config.daemon -} diff --git a/terraform/modules/daemon/cloud-config/variables.tf b/terraform/modules/daemon/cloud-config/variables.tf deleted file mode 100644 index c1158cbe..00000000 --- a/terraform/modules/daemon/cloud-config/variables.tf +++ /dev/null @@ -1,64 +0,0 @@ -variable "docker_tag" { - type = string - default = "" -} - -variable "daemon" { - type = string - default = "" -} - -variable "network" { - type = string - default = "" -} - -variable "container_name" { - type = string - default = "" -} - -variable "name" { - type = string - default = "" -} - -variable "docker_tag_node_exporter" { - type = string - default = "" -} - -variable "docker_tag_process_exporter" { - type = string - default = "" -} - -variable "docker_tag_gcloud" { - type = string - default = "" -} - -variable "image_source_project" { - type = string - default = "" -} - -variable "mempooldat" { - type = string - default = "" -} - -variable "fullurl" { - type = string - default = "" -} - -variable "region" { - type = string - default = "" -} - -variable "disk_type" { - type = string - default = "" -} diff --git a/terraform/modules/daemon/data.tf b/terraform/modules/daemon/data.tf deleted file mode 100644 index 95e40645..00000000 --- a/terraform/modules/daemon/data.tf +++ /dev/null @@ -1,3 +0,0 @@ -data "google_compute_network" "default" { - name = "default" -} diff --git a/terraform/modules/daemon/firewall.tf b/terraform/modules/daemon/firewall.tf deleted file mode 100644 index d625ac4d..00000000 --- a/terraform/modules/daemon/firewall.tf +++ /dev/null @@ -1,73 +0,0 @@ -resource "google_compute_firewall" "http-healthcheck" { - name = "${var.name}-healthcheck-access" - network = data.google_compute_network.default.self_link - - count = var.create_resources - - allow { - protocol = "tcp" - ports = ["80", "443", "50001"] - } - - source_ranges = ["130.211.0.0/22", "35.191.0.0/16", "10.0.0.0/8"] - - target_service_accounts = [ - google_service_account.daemon[0].email, - ] -} - -resource "google_compute_firewall" "all-traffic" { - name = "${var.name}-all-traffic-access" - network = data.google_compute_network.default.self_link - - count = var.create_resources - - allow { - protocol = "tcp" - ports = ["443", "50001"] - } - - source_ranges = ["0.0.0.0/0"] - - target_service_accounts = [ - google_service_account.daemon[0].email, - ] -} - -resource "google_compute_firewall" "prom-traffic" { - name = "daemon-${var.name}-prometheus-access" - network = data.google_compute_network.default.self_link - - count = var.create_resources - - allow { - protocol = "tcp" - ports = ["4224", "9100"] - } - - source_service_accounts = [ - var.service_account_prom, - ] - - target_service_accounts = [ - google_service_account.daemon[0].email, - ] -} - -resource "google_compute_firewall" "internal_daemon_traffic" { - name = "${var.name}-internal-daemon-access" - network = data.google_compute_network.default.self_link - - count = var.create_resources - - allow { - protocol = "tcp" - ports = ["18333", "8333"] - } - - source_ranges = ["10.0.0.0/8"] - - target_service_accounts = [ - google_service_account.daemon[0].email, - ] -} diff --git a/terraform/modules/daemon/iam.tf b/terraform/modules/daemon/iam.tf deleted file mode 100644 index ba1ae77e..00000000 --- a/terraform/modules/daemon/iam.tf +++ /dev/null @@ -1,14 +0,0 @@ -resource "google_service_account" "daemon" { - account_id = var.name - display_name = "${var.daemon} ${var.network}" - - count = var.create_resources -} - -resource "google_project_iam_member" "daemon" { - project = var.project - role = "roles/editor" - member = "serviceAccount:${google_service_account.daemon[0].email}" - - count = var.create_resources -} diff --git a/terraform/modules/daemon/main.tf b/terraform/modules/daemon/main.tf deleted file mode 100644 index 027940e0..00000000 --- a/terraform/modules/daemon/main.tf +++ /dev/null @@ -1,138 +0,0 @@ -# Instance health check -resource "google_compute_health_check" "daemon" { - name = "${var.name}-explorer-health-check" - timeout_sec = 30 - check_interval_sec = 60 - unhealthy_threshold = 5 - - count = var.create_resources - - http_health_check { - port = 80 - request_path = ( - var.name == "bitcoin-mainnet" ? "/api/blocks/tip/hash" - : var.name == "bitcoin-testnet" ? "/testnet/api/blocks/tip/hash" - : var.name == "liquid-testnet" ? "/liquidtestnet/api/blocks/tip/hash" - : "/liquid/api/blocks/tip/hash") - } -} - -# Create regional instance group -resource "google_compute_region_instance_group_manager" "daemon" { - provider = google-beta - name = "${var.name}-explorer-ig-${each.value}" - for_each = var.create_resources ? toset(var.regions) : [] - - base_instance_name = "${var.name}-explorer-${each.value}" - - version { - instance_template = google_compute_instance_template.daemon[each.value].self_link - name = "original" - } - - region = each.value - target_size = var.size - - update_policy { - type = "PROACTIVE" - minimal_action = "REPLACE" - max_surge_fixed = 3 - max_unavailable_fixed = 0 - min_ready_sec = var.min_ready_sec - } - - auto_healing_policies { - health_check = google_compute_health_check.daemon[0].self_link - initial_delay_sec = var.initial_delay_sec - } - - named_port { - name = "electrs" - port = 50001 - } - - named_port { - name = "http" - port = 80 - } - - lifecycle { - ignore_changes = [ - name, - base_instance_name, - ] - } -} - -module "daemon_template" { - source = "./cloud-config" - - for_each = var.create_resources ? toset(var.regions) : [] - - docker_tag = var.docker_tag_explorer - daemon = var.daemon - network = var.network - container_name = "${var.name}-explorer" - name = var.name - docker_tag_node_exporter = var.docker_tag_node_exporter - docker_tag_process_exporter = var.docker_tag_process_exporter - docker_tag_gcloud = var.docker_tag_gcloud - image_source_project = var.image_source_project - mempooldat = var.mempooldat - fullurl = var.fullurl - disk_type = var.disk_type - region = each.value -} - -## Create instance template -resource "google_compute_instance_template" "daemon" { - name_prefix = "${var.name}-explorer-template-" - description = "This template is used to create ${var.name} instances." - machine_type = var.instance_type - for_each = var.create_resources ? toset(var.regions) : [] - - labels = { - type = "explorer" - name = var.name - network = var.network - region = each.value - } - - scheduling { - automatic_restart = true - on_host_maintenance = "MIGRATE" - } - - disk { - source_image = var.boot-image - disk_type = var.disk_type - auto_delete = true - boot = true - disk_size_gb = var.name == "bitcoin-mainnet" ? "150" : "100" - } - - network_interface { - network = data.google_compute_network.default.self_link - - access_config {} - } - - metadata = { - google-logging-enabled = "true" - user-data = module.daemon_template[each.value].template.rendered - } - - service_account { - email = google_service_account.daemon[0].email - scopes = [ - "compute-rw", - "storage-ro", - "https://www.googleapis.com/auth/logging.write", - "https://www.googleapis.com/auth/monitoring.write", - ] - } - - lifecycle { - create_before_destroy = true - } -} diff --git a/terraform/modules/daemon/network.tf b/terraform/modules/daemon/network.tf deleted file mode 100644 index 75d9850e..00000000 --- a/terraform/modules/daemon/network.tf +++ /dev/null @@ -1,77 +0,0 @@ -# Health checks -resource "google_compute_http_health_check" "daemon" { - name = "${var.name}-explorer-http-health-check" - request_path = ( - var.name == "bitcoin-mainnet" ? "/api/blocks/tip/hash" - : var.name == "bitcoin-testnet" ? "/testnet/api/blocks/tip/hash" - : var.name == "liquid-testnet" ? "/liquidtestnet/api/blocks/tip/hash" - : "/liquid/api/blocks/tip/hash" - ) - - timeout_sec = 20 - check_interval_sec = 30 - - count = var.create_resources -} - -resource "google_compute_health_check" "daemon-electrs" { - name = "${var.name}-explorer-health-check-electrs-tcp" - timeout_sec = 20 - check_interval_sec = 30 - - tcp_health_check { - port = "80" - } - - count = var.create_resources -} - -# Backend services -resource "google_compute_backend_service" "daemon" { - name = "${var.name}-explorer-backend-service" - protocol = "HTTP" - port_name = "http" - timeout_sec = 3600 - enable_cdn = false - - security_policy = var.name == "bitcoin-mainnet" ? "https://www.googleapis.com/compute/v1/projects/${var.project}/global/securityPolicies/esplora-block-rule" : "" # TODO: add to TF - - cdn_policy { - cache_key_policy { - include_host = true - include_protocol = true - include_query_string = true - } - } - - dynamic "backend" { - for_each = google_compute_region_instance_group_manager.daemon - iterator = group - content { - group = group.value.instance_group - max_utilization = 0.8 - } - } - - health_checks = [google_compute_http_health_check.daemon[0].self_link] - count = var.create_resources -} - -resource "google_compute_backend_service" "daemon-electrs" { - name = "${var.name}-explorer-backend-service-electrs" - protocol = "TCP" - port_name = "electrs" - timeout_sec = 60 - - dynamic "backend" { - for_each = google_compute_region_instance_group_manager.daemon - iterator = group - content { - group = group.value.instance_group - max_utilization = 0.8 - } - } - - health_checks = [google_compute_health_check.daemon-electrs[0].self_link] - count = var.create_resources -} diff --git a/terraform/modules/daemon/outputs.tf b/terraform/modules/daemon/outputs.tf deleted file mode 100644 index 293e49a6..00000000 --- a/terraform/modules/daemon/outputs.tf +++ /dev/null @@ -1,11 +0,0 @@ -output "backend_service" { - value = element(concat(google_compute_backend_service.daemon.*.self_link, tolist([""])), 0) -} - -output "backend_service_electrs" { - value = element(concat(google_compute_backend_service.daemon-electrs.*.self_link, tolist([""])), 0) -} - -output "service_account" { - value = element(concat(google_service_account.daemon.*.email, tolist([""])), 0) -} diff --git a/terraform/modules/daemon/variables.tf b/terraform/modules/daemon/variables.tf deleted file mode 100644 index 7c5610c1..00000000 --- a/terraform/modules/daemon/variables.tf +++ /dev/null @@ -1,88 +0,0 @@ -variable "create_resources" { - type = string -} - -variable "project" { - type = string - default = "green-address-explorer" -} - -variable "name" { - type = string -} - -variable "daemon" { - type = string -} - -variable "network" { - type = string -} - -variable "regions" { - type = list(any) -} - -variable "instance_type" { - type = string - default = "" -} - -variable "size" { - type = string -} - -variable "boot-image" { - type = string - default = "cos-cloud/cos-stable" -} - -variable "service_account_prom" { - type = string -} - -variable "docker_tag_node_exporter" { - type = string -} - -variable "docker_tag_process_exporter" { - type = string -} - -variable "docker_tag_explorer" { - type = string -} - -variable "docker_tag_gcloud" { - type = string - default = "google/cloud-sdk@sha256:ff12e5d576a0754bcc25073e8bad8ae07623af66fa4c4f4a037ca33f46855028" -} - -variable "min_ready_sec" { - type = string - default = "1800" -} - -variable "initial_delay_sec" { - type = string - default = "1800" -} - -variable "image_source_project" { - type = string -} - -variable "mempooldat" { - type = string - default = "" -} - -variable "fullurl" { - type = string - default = "" -} - -variable "disk_type" { - type = string - default = "" -} diff --git a/terraform/modules/prometheus/firewall.tf b/terraform/modules/prometheus/firewall.tf index 247fc0da..7ad25d42 100644 --- a/terraform/modules/prometheus/firewall.tf +++ b/terraform/modules/prometheus/firewall.tf @@ -2,8 +2,6 @@ resource "google_compute_firewall" "all-traffic" { name = "prometheus-${var.name}-all-traffic-access" network = data.google_compute_network.default.self_link - count = var.create_resources - allow { protocol = "tcp" ports = ["80"] @@ -12,6 +10,10 @@ resource "google_compute_firewall" "all-traffic" { source_ranges = var.allowed_source_ip target_service_accounts = [ - google_service_account.prometheus[0].email, + google_service_account.prometheus.email, ] + + lifecycle { + ignore_changes = [source_ranges] + } } diff --git a/terraform/modules/prometheus/iam.tf b/terraform/modules/prometheus/iam.tf index ab5f0274..3e2c55ba 100644 --- a/terraform/modules/prometheus/iam.tf +++ b/terraform/modules/prometheus/iam.tf @@ -1,14 +1,10 @@ resource "google_service_account" "prometheus" { account_id = "prometheus-${var.name}" display_name = "prometheus-${var.name}" - - count = var.create_resources } resource "google_project_iam_member" "prometheus" { project = var.project - role = "roles/editor" - member = "serviceAccount:${google_service_account.prometheus[0].email}" - - count = var.create_resources + role = "roles/viewer" + member = "serviceAccount:${google_service_account.prometheus.email}" } diff --git a/terraform/modules/prometheus/main.tf b/terraform/modules/prometheus/main.tf index 87b82aef..81fe7e07 100644 --- a/terraform/modules/prometheus/main.tf +++ b/terraform/modules/prometheus/main.tf @@ -1,36 +1,32 @@ resource "google_compute_disk" "prometheus-data" { - count = var.create_resources > 0 ? var.instances : 0 + count = var.instances name = "prometheus-${var.name}-data-disk-${count.index}" project = var.project type = "pd-standard" - zone = var.zones[count.index] + zone = var.zone size = var.size } resource "google_compute_address" "prometheus-address" { - count = var.create_resources > 0 ? var.instances : 0 + count = var.instances name = "prometheus-${var.name}-address-${count.index}" project = var.project region = var.region } resource "google_compute_address" "prometheus-internal-address" { - count = var.create_resources > 0 ? var.instances : 0 + count = var.instances name = "prometheus-${var.name}-internal-address-${count.index}" project = var.project region = var.region address_type = "INTERNAL" } -locals { - service_account = terraform.workspace == "main" ? element(concat(google_service_account.prometheus.*.email, tolist([""])), 0) : var.prometheus_service_account -} - resource "google_compute_instance" "prometheus-server" { - count = var.create_resources > 0 ? var.instances : 0 + count = var.instances name = "prometheus-${var.name}-${count.index}" machine_type = var.machine_type - zone = var.zones[count.index] + zone = var.zone project = var.project allow_stopping_for_update = true @@ -41,7 +37,7 @@ resource "google_compute_instance" "prometheus-server" { } service_account { - email = local.service_account + email = google_service_account.prometheus.email scopes = [ "compute-rw", diff --git a/terraform/modules/prometheus/outputs.tf b/terraform/modules/prometheus/outputs.tf index da7f79d8..8ce0caf2 100644 --- a/terraform/modules/prometheus/outputs.tf +++ b/terraform/modules/prometheus/outputs.tf @@ -1,3 +1,3 @@ output "service_account" { - value = element(concat(google_service_account.prometheus.*.email, tolist([""])), 0) + value = google_service_account.prometheus.email } diff --git a/terraform/modules/prometheus/variables.tf b/terraform/modules/prometheus/variables.tf index f1787998..bbe68d89 100644 --- a/terraform/modules/prometheus/variables.tf +++ b/terraform/modules/prometheus/variables.tf @@ -1,7 +1,3 @@ -variable "create_resources" { - type = string -} - variable "project" { type = string } @@ -19,9 +15,9 @@ variable "region" { type = string } -variable "zones" { - type = list(any) - default = ["us-central1-a"] +variable "zone" { + type = string + default = "us-central1-a" } variable "instances" { @@ -59,8 +55,3 @@ variable "allowed_source_ip" { type = list(any) description = "Which IPs are allowed to access the instance?" } - -variable "prometheus_service_account" { - type = string - default = "" -} diff --git a/terraform/modules/tor/cloud-init/tor.yaml b/terraform/modules/tor/cloud-init/tor.yaml deleted file mode 100644 index b381ff7a..00000000 --- a/terraform/modules/tor/cloud-init/tor.yaml +++ /dev/null @@ -1,166 +0,0 @@ -users: - - name: bs - uid: 2000 - -write_files: - - path: /home/bs/tor_v3/hidden_service_v3/hs_ed25519_public_key.enc.b64 - permissions: 0600 - owner: root - content: | - ${v3_pubk} - - - path: /home/bs/tor_v3/hidden_service_v3/hs_ed25519_secret_key.enc.b64 - permissions: 0600 - owner: root - content: | - ${v3_pk} - - - path: /home/bs/torrcv3 - permissions: 0644 - owner: root - content: | - DataDirectory /home/tor/tor - PidFile /var/run/tor/tor.pid - - ControlSocket /var/run/tor/control GroupWritable RelaxDirModeCheck - ControlSocketsGroupWritable 1 - - CookieAuthentication 1 - CookieAuthFileGroupReadable 1 - CookieAuthFile /var/run/tor/control.authcookie - - Log [*]notice stderr - SOCKSPort 0 - - HiddenServiceNonAnonymousMode 1 - HiddenServiceSingleHopMode 1 - HiddenServiceDir /home/tor/tor/hidden_service_v3/ - HiddenServiceVersion 3 - HiddenServicePort 80 ${tor_lb}:80 - HiddenServicePort 110 ${tor_lb}:110 - HiddenServicePort 143 ${tor_lb}:143 - HiddenServicePort 195 ${tor_lb}:195 - HiddenServicePort 587 ${tor_lb}:587 - - - path: /home/bs/tor_v3/hidden_service_v3/hostname - permissions: 0600 - owner: root - content: | - ${v3_host} - - - path: /etc/systemd/system/decrypt.service - permissions: 0644 - owner: root - content: | - [Unit] - Description=decrypt secrets against KMS - Wants=gcr-online.target - After=gcr-online.target - - [Service] - Type=oneshot - RemainAfterExit=true - Environment=HOME=/home/bs - ExecStartPre=/usr/bin/docker-credential-gcr configure-docker - ExecStartPre=/usr/bin/docker pull ${docker_tag_gcloud} - ExecStart=/usr/bin/docker run \ - --name=decrypt \ - --rm \ - -v /home/bs/tor_v3/hidden_service_v3/:/root/secrets:rw \ - "${docker_tag_gcloud}" gcloud kms decrypt \ - --location=${kms_location} \ - --keyring=${kms_key_ring} \ - --key=${kms_key} \ - --ciphertext-file=/root/secrets/hs_ed25519_public_key.enc \ - --plaintext-file=/root/secrets/hs_ed25519_public_key - ExecStart=/usr/bin/docker run \ - --name=decrypt \ - --rm \ - -v /home/bs/tor_v3/hidden_service_v3/:/root/secrets:rw \ - "${docker_tag_gcloud}" gcloud kms decrypt \ - --location=${kms_location} \ - --keyring=${kms_key_ring} \ - --key=${kms_key} \ - --ciphertext-file=/root/secrets/hs_ed25519_secret_key.enc \ - --plaintext-file=/root/secrets/hs_ed25519_secret_key - ExecStartPost=-/bin/rm /home/bs/tor_v3/hidden_service_v3/hs_ed25519_public_key.enc /home/bs/tor_v3/hidden_service_v3/hs_ed25519_public_key.enc.b64 - ExecStartPost=-/bin/rm /home/bs/tor_v3/hidden_service_v3/hs_ed25519_secret_key.enc /home/bs/tor_v3/hidden_service_v3/hs_ed25519_secret_key.enc.b64 - - - - path: /etc/systemd/system/torv3.service - permissions: 0644 - owner: root - content: | - [Unit] - Description=Tor V3 node - Wants=gcr-online.target docker.service decrypt.service - After=gcr-online.service docker.service decrypt.service - - [Service] - Restart=always - RestartSec=1 - Environment=HOME=/home/bs - ExecStartPre=/usr/bin/docker-credential-gcr configure-docker - ExecStartPre=/usr/bin/docker pull ${docker_tag} - ExecStartPre=-/bin/chown -R bs:bs /home/bs/tor_v3/ - ExecStartPre=-/bin/chmod -R 2700 /home/bs/tor_v3/ - ExecStartPre=-/bin/chmod 0644 /home/bs/tor_v3/hidden_service_v3/hs_ed25519_public_key - ExecStartPre=-/bin/chmod 0600 /home/bs/tor_v3/hidden_service_v3/hs_ed25519_secret_key - ExecStartPre=/sbin/iptables -A INPUT -m multiport -p tcp --dports 110,143,195 -j ACCEPT - ExecStart=/usr/bin/docker run \ - --network=host \ - --pid=host \ - --name=torv3 \ - --tmpfs /tmp/ \ - -v /home/bs/torrcv3:/home/tor/torrc:ro \ - -v /home/bs/tor_v3:/home/tor/tor:rw \ - "${docker_tag}" tor -f /home/tor/torrc - ExecStop=/usr/bin/docker rm -f torv3 - ExecStopPost=/sbin/iptables -D INPUT -m multiport -p tcp --dports 110,143,195 -j ACCEPT - - [Install] - WantedBy=multi-user.target - - - path: /etc/systemd/system/node-exporter.service - permissions: 0644 - owner: root - content: | - [Unit] - Description=prometheus node-exporter - Wants=gcr-online.target docker.service - After=gcr-online.service docker.service - - [Service] - Restart=always - RestartSec=1 - Environment=HOME=/home/exec - ExecStartPre=/usr/bin/docker-credential-gcr configure-docker - ExecStartPre=/usr/bin/docker pull ${docker_tag_node_exporter} - ExecStartPre=/sbin/iptables -A INPUT -m tcp -p tcp --dport 9100 -j ACCEPT - ExecStart=/usr/bin/docker run \ - --name=node-exporter \ - --network=host \ - --read-only \ - -v /proc:/host/proc:ro \ - -v /sys:/host/sys:ro \ - -v /:/rootfs:ro \ - -v metrics:/metrics:ro \ - -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro \ - "${docker_tag_node_exporter}" --path.procfs /host/proc --path.sysfs /host/sys --collector.textfile.directory /metrics --collector.filesystem.ignored-mount-points "^/(sys|proc|dev|host|etc($|/))" --collector.systemd - ExecStop=/usr/bin/docker stop node-exporter - ExecStopPost=/usr/bin/docker rm node-exporter - ExecStopPost=/sbin/iptables -D INPUT -m tcp -p tcp --dport 9100 -j ACCEPT - - [Install] - WantedBy=multi-user.target - -runcmd: - - systemctl daemon-reload - - base64 -d /home/bs/tor_v3/hidden_service_v3/hs_ed25519_public_key.enc.b64 > /home/bs/tor_v3/hidden_service_v3/hs_ed25519_public_key.enc - - base64 -d /home/bs/tor_v3/hidden_service_v3/hs_ed25519_secret_key.enc.b64 > /home/bs/tor_v3/hidden_service_v3/hs_ed25519_secret_key.enc - - systemctl enable torv3.service - - systemctl enable decrypt.service - - systemctl start decrypt.service - - systemctl start torv3.service - - systemctl enable node-exporter.service - - systemctl start node-exporter.service diff --git a/terraform/modules/tor/data.tf b/terraform/modules/tor/data.tf deleted file mode 100644 index 6928d937..00000000 --- a/terraform/modules/tor/data.tf +++ /dev/null @@ -1,27 +0,0 @@ -data "google_compute_network" "default" { - name = "default" -} - -data "template_cloudinit_config" "tor" { - gzip = false - base64_encode = false - - part { - content_type = "text/cloud-config" - content = templatefile("${path.module}/cloud-init/tor.yaml", { - tor_lb = var.tor_lb - v2_host = var.hosts_onion[0] - v3_host = var.hosts_onion[1] - v2_pk = file("${path.module}/v2.pk") - v3_pk = file("${path.module}/v3.pk") - v3_pubk = file("${path.module}/v3.pubk") - - docker_tag = var.docker_tag - docker_tag_gcloud = var.docker_tag_gcloud - kms_key = var.kms_key - kms_key_ring = var.kms_key_ring - kms_location = var.kms_location - docker_tag_node_exporter = var.docker_tag_node_exporter - }) - } -} diff --git a/terraform/modules/tor/firewall.tf b/terraform/modules/tor/firewall.tf deleted file mode 100644 index 4dabcac0..00000000 --- a/terraform/modules/tor/firewall.tf +++ /dev/null @@ -1,55 +0,0 @@ -resource "google_compute_firewall" "tor-healthcheck" { - name = "${var.name}-healthcheck" - network = data.google_compute_network.default.self_link - - count = var.create_resources - - allow { - protocol = "tcp" - ports = ["9050"] - } - - source_ranges = ["130.211.0.0/22", "35.191.0.0/16", "10.0.0.0/8"] - - target_service_accounts = [ - google_service_account.tor[0].email, - ] -} - -resource "google_compute_firewall" "prom-traffic" { - name = "tor-${var.name}-prometheus-access" - network = data.google_compute_network.default.self_link - - count = var.create_resources - - allow { - protocol = "tcp" - ports = ["9100"] - } - - source_service_accounts = [ - var.service_account_prom, - ] - - target_service_accounts = [ - google_service_account.tor[0].email, - ] -} - -resource "google_compute_firewall" "all-traffic" { - name = "tor-${var.name}-all-traffic-access" - network = data.google_compute_network.default.self_link - - count = var.create_resources - - allow { - protocol = "tcp" - ports = ["110", "143", "195"] - } - - source_ranges = ["0.0.0.0/0"] - - target_service_accounts = [ - google_service_account.tor[0].email, - ] -} diff --git a/terraform/modules/tor/iam.tf b/terraform/modules/tor/iam.tf deleted file mode 100644 index 95301188..00000000 --- a/terraform/modules/tor/iam.tf +++ /dev/null @@ -1,25 +0,0 @@ -resource "google_service_account" "tor" { - account_id = var.name - display_name = var.name - - count = var.create_resources -} - -resource "google_project_iam_member" "tor" { - project = var.project - role = "roles/editor" - member = "serviceAccount:${google_service_account.tor[0].email}" - - count = var.create_resources -} - -resource "google_kms_crypto_key_iam_binding" "crypto-key" { - crypto_key_id = var.kms_key_link - role = "roles/cloudkms.cryptoKeyDecrypter" - - count = var.create_resources - - members = [ - "serviceAccount:${google_service_account.tor[0].email}", - ] -} diff --git a/terraform/modules/tor/main.tf b/terraform/modules/tor/main.tf deleted file mode 100644 index f07675a9..00000000 --- a/terraform/modules/tor/main.tf +++ /dev/null @@ -1,62 +0,0 @@ -resource "google_compute_instance_group_manager" "tor" { - name = "${var.name}-ig" - count = var.create_resources > 0 ? var.instances : 0 - zone = var.zones - - base_instance_name = var.name - target_size = var.instances - - version { - instance_template = google_compute_instance_template.tor[0].self_link - name = "original" - } -} - -resource "google_compute_instance_template" "tor" { - name_prefix = "${var.name}-template-" - description = "This template is used to create ${var.name} instances." - machine_type = var.tor_machine_type - count = var.create_resources - - labels = { - type = "tor" - name = var.name - network = var.network - } - - disk { - source_image = var.boot_image - boot = true - auto_delete = true - disk_type = "pd-ssd" - device_name = "boot" - disk_size_gb = "20" - } - - network_interface { - network = data.google_compute_network.default.self_link - - access_config {} - } - - metadata = { - google-logging-enabled = "true" - user-data = data.template_cloudinit_config.tor.rendered - } - - service_account { - email = google_service_account.tor[0].email - - scopes = [ - "https://www.googleapis.com/auth/cloudkms", - "compute-ro", - "storage-ro", - "https://www.googleapis.com/auth/logging.write", - "https://www.googleapis.com/auth/monitoring.write", - ] - } - - lifecycle { - create_before_destroy = true - } -} diff --git a/terraform/modules/tor/v2.pk b/terraform/modules/tor/v2.pk deleted file mode 100644 index 6522bcb6..00000000 --- a/terraform/modules/tor/v2.pk +++ /dev/null @@ -1 +0,0 @@ -overwritten_by_ci \ No newline at end of file diff --git a/terraform/modules/tor/v3.pk b/terraform/modules/tor/v3.pk deleted file mode 100644 index 6522bcb6..00000000 --- a/terraform/modules/tor/v3.pk +++ /dev/null @@ -1 +0,0 @@ -overwritten_by_ci \ No newline at end of file diff --git a/terraform/modules/tor/v3.pubk b/terraform/modules/tor/v3.pubk deleted file mode 100644 index 6522bcb6..00000000 --- a/terraform/modules/tor/v3.pubk +++ /dev/null @@ -1 +0,0 @@ -overwritten_by_ci \ No newline at end of file diff --git a/terraform/modules/tor/variables.tf b/terraform/modules/tor/variables.tf deleted file mode 100644 index 25760c25..00000000 --- a/terraform/modules/tor/variables.tf +++ /dev/null @@ -1,78 +0,0 @@ -variable "boot_image" { - type = string - default = "cos-cloud/cos-stable" -} - -variable "project" { - type = string -} - -variable "name" { - type = string -} - -variable "network" { - type = string - default = "default" -} - -variable "region" { - type = string -} - -variable "zones" { - type = string -} - -variable "instances" { - type = string -} - -variable "tor_machine_type" { - type = string -} - -variable "tor_lb" { - type = string -} - -variable "create_resources" { - type = string -} - -variable "docker_tag" { - type = string -} - -variable "docker_tag_gcloud" { - type = string - default = "google/cloud-sdk@sha256:b0d0555efef6a566f42fc4f0d89be9e1d74aff4565e27bbd206405f759d3f2b0" -} - -variable "hosts_onion" { - default = ["", ""] -} - -variable "kms_key_link" { - type = string -} - -variable "kms_key" { - type = string -} - -variable "kms_key_ring" { - type = string -} - -variable "kms_location" { - type = string -} - -variable "docker_tag_node_exporter" { - type = string -} - -variable "service_account_prom" { - type = string -} diff --git a/terraform/network-electrs.tf b/terraform/network-electrs.tf deleted file mode 100644 index 53fa8957..00000000 --- a/terraform/network-electrs.tf +++ /dev/null @@ -1,143 +0,0 @@ -# SSL Forwarding Rules -resource "google_compute_global_forwarding_rule" "mainnet-electrs-tls" { - name = "explorer-forwarding-rule-mainnet-electrs-tls" - target = google_compute_target_ssl_proxy.mainnet-electrs-tls-proxy[0].self_link - port_range = "700" - ip_protocol = "TCP" - ip_address = google_compute_global_address.client-lb[0].address - - count = local.create_main -} - -resource "google_compute_global_forwarding_rule" "testnet-electrs-tls" { - name = "explorer-forwarding-rule-testnet-electrs-tls" - target = google_compute_target_ssl_proxy.testnet-electrs-tls-proxy[0].self_link - port_range = "993" - ip_protocol = "TCP" - ip_address = google_compute_global_address.client-lb[0].address - - count = local.create_main -} - -resource "google_compute_global_forwarding_rule" "liquid-electrs-tls" { - name = "explorer-forwarding-rule-liquid-electrs-tls" - target = google_compute_target_ssl_proxy.liquid-electrs-tls-proxy[0].self_link - port_range = "995" - ip_protocol = "TCP" - ip_address = google_compute_global_address.client-lb[0].address - - count = local.create_main -} - -resource "google_compute_global_forwarding_rule" "liquidtestnet-electrs-tls" { - name = "explorer-forwarding-rule-liquidtestnet-electrs-tls" - target = google_compute_target_ssl_proxy.liquidtestnet-electrs-tls-proxy[0].self_link - port_range = "465" - ip_protocol = "TCP" - ip_address = google_compute_global_address.client-lb[0].address - - count = local.create_main -} - -# TCP Forwarding Rules -resource "google_compute_global_forwarding_rule" "mainnet-electrs-tcp" { - name = "explorer-forwarding-rule-mainnet-electrs-tcp" - target = google_compute_target_tcp_proxy.mainnet-electrs-tcp-proxy[0].self_link - port_range = "110" - ip_protocol = "TCP" - ip_address = google_compute_global_address.client-lb[0].address - - count = local.create_main -} - -resource "google_compute_global_forwarding_rule" "testnet-electrs-tcp" { - name = "explorer-forwarding-rule-testnet-electrs-tcp" - target = google_compute_target_tcp_proxy.testnet-electrs-tcp-proxy[0].self_link - port_range = "143" - ip_protocol = "TCP" - ip_address = google_compute_global_address.client-lb[0].address - - count = local.create_main -} - -resource "google_compute_global_forwarding_rule" "liquid-electrs-tcp" { - name = "explorer-forwarding-rule-liquid-electrs-tcp" - target = google_compute_target_tcp_proxy.liquid-electrs-tcp-proxy[0].self_link - port_range = "195" - ip_protocol = "TCP" - ip_address = google_compute_global_address.client-lb[0].address - - count = local.create_main -} - -resource "google_compute_global_forwarding_rule" "liquidtestnet-electrs-tcp" { - name = "explorer-forwarding-rule-liquidtestnet-electrs-tcp" - target = google_compute_target_tcp_proxy.liquidtestnet-electrs-tcp-proxy[0].self_link - port_range = "587" - ip_protocol = "TCP" - ip_address = google_compute_global_address.client-lb[0].address - - count = local.create_main -} - -#SSL Proxies -resource "google_compute_target_ssl_proxy" "mainnet-electrs-tls-proxy" { - name = "explorer-mainnet-electrs-tls-proxy" - backend_service = data.terraform_remote_state.bitcoin-mainnet.outputs.daemon_backend_service_electrs["bitcoin-mainnet"] - ssl_certificates = [var.ssl_certs[2]] - - count = local.create_main -} - -resource "google_compute_target_ssl_proxy" "testnet-electrs-tls-proxy" { - name = "explorer-testnet-electrs-tls-proxy" - backend_service = data.terraform_remote_state.bitcoin-testnet.outputs.daemon_backend_service_electrs["bitcoin-testnet"] - ssl_certificates = [var.ssl_certs[2]] - - count = local.create_main -} - -resource "google_compute_target_ssl_proxy" "liquid-electrs-tls-proxy" { - name = "explorer-liquid-electrs-tls-proxy" - backend_service = data.terraform_remote_state.liquid-mainnet.outputs.daemon_backend_service_electrs["liquid-mainnet"] - ssl_certificates = [var.ssl_certs[2]] - - count = local.create_main -} - -resource "google_compute_target_ssl_proxy" "liquidtestnet-electrs-tls-proxy" { - name = "explorer-liquidtestnet-electrs-tls-proxy" - backend_service = data.terraform_remote_state.liquid-testnet.outputs.daemon_backend_service_electrs["liquid-testnet"] - ssl_certificates = [var.ssl_certs[2]] - - count = local.create_main -} - -# TCP Proxies -resource "google_compute_target_tcp_proxy" "mainnet-electrs-tcp-proxy" { - name = "explorer-mainnet-electrs-tcp-proxy" - backend_service = data.terraform_remote_state.bitcoin-mainnet.outputs.daemon_backend_service_electrs["bitcoin-mainnet"] - - count = local.create_main -} - -resource "google_compute_target_tcp_proxy" "testnet-electrs-tcp-proxy" { - name = "explorer-testnet-electrs-tcp-proxy" - backend_service = data.terraform_remote_state.bitcoin-testnet.outputs.daemon_backend_service_electrs["bitcoin-testnet"] - - count = local.create_main -} - -resource "google_compute_target_tcp_proxy" "liquid-electrs-tcp-proxy" { - name = "explorer-liquid-electrs-tcp-proxy" - backend_service = data.terraform_remote_state.liquid-mainnet.outputs.daemon_backend_service_electrs["liquid-mainnet"] - - count = local.create_main -} - -resource "google_compute_target_tcp_proxy" "liquidtestnet-electrs-tcp-proxy" { - name = "explorer-liquidtestnet-electrs-tcp-proxy" - backend_service = data.terraform_remote_state.liquid-testnet.outputs.daemon_backend_service_electrs["liquid-testnet"] - - count = local.create_main -} diff --git a/terraform/network-onion-electrs.tf b/terraform/network-onion-electrs.tf deleted file mode 100644 index 30ec2547..00000000 --- a/terraform/network-onion-electrs.tf +++ /dev/null @@ -1,69 +0,0 @@ -# TCP Forwarding Rules -resource "google_compute_global_forwarding_rule" "mainnet-electrs-tcp-onion" { - name = "explorer-forwarding-rule-mainnet-electrs-tcp-onion" - target = google_compute_target_tcp_proxy.mainnet-electrs-tcp-proxy-onion[0].self_link - port_range = "110" - ip_protocol = "TCP" - ip_address = google_compute_global_address.onion-lb[0].address - - count = local.create_main -} - -resource "google_compute_global_forwarding_rule" "testnet-electrs-tcp-onion" { - name = "explorer-forwarding-rule-testnet-electrs-tcp-onion" - target = google_compute_target_tcp_proxy.testnet-electrs-tcp-proxy-onion[0].self_link - port_range = "143" - ip_protocol = "TCP" - ip_address = google_compute_global_address.onion-lb[0].address - - count = local.create_main -} - -resource "google_compute_global_forwarding_rule" "liquid-electrs-tcp-onion" { - name = "explorer-forwarding-rule-liquid-electrs-tcp-onion" - target = google_compute_target_tcp_proxy.liquid-electrs-tcp-proxy-onion[0].self_link - port_range = "195" - ip_protocol = "TCP" - ip_address = google_compute_global_address.onion-lb[0].address - - count = local.create_main -} - -resource "google_compute_global_forwarding_rule" "liquidtestnet-electrs-tcp-onion" { - name = "explorer-forwarding-rule-liquidtestnet-electrs-tcp-onion" - target = google_compute_target_tcp_proxy.liquidtestnet-electrs-tcp-proxy-onion[0].self_link - port_range = "587" - ip_protocol = "TCP" - ip_address = google_compute_global_address.onion-lb[0].address - - count = local.create_main -} - -# TCP Proxies -resource "google_compute_target_tcp_proxy" "mainnet-electrs-tcp-proxy-onion" { - name = "explorer-mainnet-electrs-tcp-proxy-onion" - backend_service = data.terraform_remote_state.bitcoin-mainnet.outputs.daemon_backend_service_electrs["bitcoin-mainnet"] - - count = local.create_main -} - -resource "google_compute_target_tcp_proxy" "testnet-electrs-tcp-proxy-onion" { - name = "explorer-testnet-electrs-tcp-proxy-onion" - backend_service = data.terraform_remote_state.bitcoin-testnet.outputs.daemon_backend_service_electrs["bitcoin-testnet"] - - count = local.create_main -} - -resource "google_compute_target_tcp_proxy" "liquid-electrs-tcp-proxy-onion" { - name = "explorer-liquid-electrs-tcp-proxy-onion" - backend_service = data.terraform_remote_state.liquid-mainnet.outputs.daemon_backend_service_electrs["liquid-mainnet"] - - count = local.create_main -} - -resource "google_compute_target_tcp_proxy" "liquidtestnet-electrs-tcp-proxy-onion" { - name = "explorer-liquidtestnet-electrs-tcp-proxy-onion" - backend_service = data.terraform_remote_state.liquid-testnet.outputs.daemon_backend_service_electrs["liquid-testnet"] - - count = local.create_main -} diff --git a/terraform/network-onion.tf b/terraform/network-onion.tf deleted file mode 100644 index 1a01b23a..00000000 --- a/terraform/network-onion.tf +++ /dev/null @@ -1,91 +0,0 @@ -resource "google_compute_global_address" "onion-lb" { - name = "explorer-address-onion-lb" - project = var.project - - count = local.create_main -} - -resource "google_compute_global_forwarding_rule" "rule-onion" { - name = "explorer-onion-forwarding-rule" - target = google_compute_target_http_proxy.onion-proxy[0].self_link - port_range = "80" - ip_protocol = "TCP" - ip_address = google_compute_global_address.onion-lb[0].address - - count = local.create_main -} - -resource "google_compute_target_http_proxy" "onion-proxy" { - name = "explorer-onion-proxy" - url_map = google_compute_url_map.onion-proxy[0].self_link - - count = local.create_main -} - -resource "google_compute_url_map" "onion-proxy" { - name = "explorer-onion-urlmap" - default_service = google_compute_backend_bucket.onion_deadhole_backend[0].self_link - - count = local.create_main - - host_rule { - hosts = ["*"] - path_matcher = "deadpaths" - } - - path_matcher { - name = "deadpaths" - default_service = google_compute_backend_bucket.onion_deadhole_backend[0].self_link - - path_rule { - paths = ["/*"] - service = google_compute_backend_bucket.onion_deadhole_backend[0].self_link - } - } - - host_rule { - hosts = var.hosts_onion - path_matcher = "allpaths" - } - - path_matcher { - name = "allpaths" - default_service = data.terraform_remote_state.bitcoin-mainnet.outputs.daemon_backend_service["bitcoin-mainnet"] - - path_rule { - paths = ["/*"] - service = data.terraform_remote_state.bitcoin-mainnet.outputs.daemon_backend_service["bitcoin-mainnet"] - } - - path_rule { - paths = ["/testnet", "/testnet/*"] - service = data.terraform_remote_state.bitcoin-testnet.outputs.daemon_backend_service["bitcoin-testnet"] - } - - path_rule { - paths = ["/liquid", "/liquid/*"] - service = data.terraform_remote_state.liquid-mainnet.outputs.daemon_backend_service["liquid-mainnet"] - } - - path_rule { - paths = ["/liquidtestnet", "/liquidtestnet/*"] - service = data.terraform_remote_state.liquid-testnet.outputs.daemon_backend_service["liquid-testnet"] - } - } -} - -resource "google_compute_backend_bucket" "onion_deadhole_backend" { - name = "onion-deadhole-backend-bucket" - description = "Unmatched hosts end up in this deadhole" - bucket_name = google_storage_bucket.onion_deadhole[0].name - enable_cdn = false - - count = local.create_main -} - -resource "google_storage_bucket" "onion_deadhole" { - name = "onion-deadhole-bucket" - location = "EU" - - count = local.create_main -} diff --git a/terraform/network.tf b/terraform/network.tf deleted file mode 100644 index 49e7d645..00000000 --- a/terraform/network.tf +++ /dev/null @@ -1,98 +0,0 @@ -resource "google_compute_global_address" "client-lb" { - name = "explorer-address-client-lb" - project = var.project - - count = local.create_main -} - -resource "google_compute_global_forwarding_rule" "rule-https" { - name = "explorer-https-forwarding-rule" - target = google_compute_target_https_proxy.https-proxy[0].self_link - port_range = "443" - ip_protocol = "TCP" - ip_address = google_compute_global_address.client-lb[0].address - - count = local.create_main -} - -resource "google_compute_global_forwarding_rule" "rule-http" { - name = "explorer-http-forwarding-rule" - target = google_compute_target_http_proxy.http-proxy[0].self_link - port_range = "80" - ip_protocol = "TCP" - ip_address = google_compute_global_address.client-lb[0].address - - count = local.create_main -} - -resource "google_compute_target_https_proxy" "https-proxy" { - name = "explorer-https-proxy" - url_map = google_compute_url_map.https-proxy[0].self_link - ssl_certificates = var.ssl_certs - - count = local.create_main -} - -resource "google_compute_target_http_proxy" "http-proxy" { - name = "explorer-http-proxy" - url_map = google_compute_url_map.http-proxy[0].self_link - - count = local.create_main -} - -resource "google_compute_url_map" "http-proxy" { - name = "explorer-http-urlmap" - default_service = data.terraform_remote_state.bitcoin-mainnet.outputs.daemon_backend_service["bitcoin-mainnet"] - - count = local.create_main - - host_rule { - hosts = var.hosts - path_matcher = "allpaths" - } - - path_matcher { - name = "allpaths" - default_service = data.terraform_remote_state.bitcoin-mainnet.outputs.daemon_backend_service["bitcoin-mainnet"] - - path_rule { - paths = ["/*"] - url_redirect { - https_redirect = true - strip_query = false - } - } - } -} - -resource "google_compute_url_map" "https-proxy" { - name = "explorer-https-urlmap" - default_service = data.terraform_remote_state.bitcoin-mainnet.outputs.daemon_backend_service["bitcoin-mainnet"] - - count = local.create_main - - host_rule { - hosts = var.hosts - path_matcher = "allpaths" - } - - path_matcher { - name = "allpaths" - default_service = data.terraform_remote_state.bitcoin-mainnet.outputs.daemon_backend_service["bitcoin-mainnet"] - - path_rule { - paths = ["/testnet", "/testnet/*"] - service = data.terraform_remote_state.bitcoin-testnet.outputs.daemon_backend_service["bitcoin-testnet"] - } - - path_rule { - paths = ["/liquid", "/liquid/*"] - service = data.terraform_remote_state.liquid-mainnet.outputs.daemon_backend_service["liquid-mainnet"] - } - - path_rule { - paths = ["/liquidtestnet", "/liquidtestnet/*"] - service = data.terraform_remote_state.liquid-testnet.outputs.daemon_backend_service["liquid-testnet"] - } - } -} diff --git a/terraform/outputs.tf b/terraform/outputs.tf index dd89bb3e..55733cb1 100644 --- a/terraform/outputs.tf +++ b/terraform/outputs.tf @@ -1,30 +1,3 @@ output "prometheus_service_account" { value = module.prometheus.service_account } - -output "daemon_backend_service" { - value = { - bitcoin-mainnet = module.bitcoin-mainnet.backend_service - bitcoin-testnet = module.bitcoin-testnet.backend_service - liquid-mainnet = module.liquid-mainnet.backend_service - liquid-testnet = module.liquid-testnet.backend_service - } -} - -output "daemon_backend_service_electrs" { - value = { - bitcoin-mainnet = module.bitcoin-mainnet.backend_service_electrs - bitcoin-testnet = module.bitcoin-testnet.backend_service_electrs - liquid-mainnet = module.liquid-mainnet.backend_service_electrs - liquid-testnet = module.liquid-testnet.backend_service_electrs - } -} - -output "service_accounts" { - value = { - bitcoin-mainnet = module.bitcoin-mainnet.service_account - bitcoin-testnet = module.bitcoin-testnet.service_account - liquid-mainnet = module.liquid-mainnet.service_account - liquid-testnet = module.liquid-testnet.service_account - } -} diff --git a/terraform/variables.tf b/terraform/variables.tf index 9e4eb8ca..edbcafcd 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -1,53 +1,3 @@ -locals { - context_variables = { - "main" = { - create_main = 1 - create_bitcoin_mainnet = 0 - create_bitcoin_testnet = 0 - create_liquid_mainnet = 0 - create_liquid_testnet = 0 - } - - "bitcoin-mainnet" = { - create_main = 0 - create_bitcoin_mainnet = 1 - create_bitcoin_testnet = 0 - create_liquid_mainnet = 0 - create_liquid_testnet = 0 - } - - "bitcoin-testnet" = { - create_main = 0 - create_bitcoin_mainnet = 0 - create_bitcoin_testnet = 1 - create_liquid_mainnet = 0 - create_liquid_testnet = 0 - } - - "liquid-mainnet" = { - create_main = 0 - create_bitcoin_mainnet = 0 - create_bitcoin_testnet = 0 - create_liquid_mainnet = 1 - create_liquid_testnet = 0 - } - - "liquid-testnet" = { - create_main = 0 - create_bitcoin_mainnet = 0 - create_bitcoin_testnet = 0 - create_liquid_mainnet = 0 - create_liquid_testnet = 1 - } - } - - create_main = lookup(local.context_variables[terraform.workspace], "create_main") - create_bitcoin_mainnet = lookup(local.context_variables[terraform.workspace], "create_bitcoin_mainnet") - create_bitcoin_testnet = lookup(local.context_variables[terraform.workspace], "create_bitcoin_testnet") - create_liquid_mainnet = lookup(local.context_variables[terraform.workspace], "create_liquid_mainnet") - create_liquid_testnet = lookup(local.context_variables[terraform.workspace], "create_liquid_testnet") -} - variable "project" { type = string default = "green-address-explorer" @@ -55,57 +5,17 @@ variable "project" { variable "region" { type = string - default = "overwritten_by_ci" -} - -variable "machine_type" { - type = string - default = "overwritten_by_ci" + default = "us-central1" } -variable "cluster_size" { +variable "zone" { type = string - default = "overwritten_by_ci" -} - -# lists overwritten by ci -variable "regions" { - type = list(any) - default = [""] -} - -variable "ssl_certs" { - type = list(any) - default = [] -} - -variable "zones" { - type = list(any) - default = [""] + default = "" } variable "instance_type" { type = string - default = "" -} - -variable "hosts" { - type = list(any) - default = [""] -} - -variable "hosts_onion" { - type = list(any) - default = ["", ""] -} - -# some hardcoded vars and misc -variable "docker_tag_nginx" { - type = string - - # docker inspect --format='{{index .RepoDigests 0}}' nginx:alpine - - default = "nginx@sha256:ae5da813f8ad7fa785d7668f0b018ecc8c3a87331527a61d83b3b5e816a0f03c" + default = "e2-medium" } variable "docker_tag_node_exporter" { @@ -115,23 +25,6 @@ variable "docker_tag_node_exporter" { default = "prom/node-exporter@sha256:a990408ed288669bbad5b5b374fe1584e54825cde4a911c1a3d6301a907a030c" } -variable "docker_tag_process_exporter" { - type = string - - # docker inspect --format='{{index .RepoDigests 0}}' ncabatoff/process-exporter:0.7.4 - default = "ncabatoff/process-exporter@sha256:80f89e0c882cb3bba2fa577e090198bc60127b40e52c65443a657637fc24b0bd" -} - -variable "docker_tag_explorer" { - type = string - default = "overwritten_by_ci" -} - -variable "docker_tag_tor" { - type = string - default = "blockstream/tor:0.4.8.10" -} - variable "docker_tag_prometheus" { type = string @@ -139,44 +32,8 @@ variable "docker_tag_prometheus" { default = "prom/prometheus@sha256:ccc801f38fdac43f0ed3e1b0220777e976828d6558f8ef3baad9028e0d1797ae" } -variable "min_ready_sec" { - type = string - description = "How long should autoscaling wait before executing another action?" - default = "900" -} - -variable "initial_delay_sec" { - type = string - description = "How long should the instance group healthcheck wait before checking instances?" - default = "1800" -} - variable "prometheus_allowed_source_ip" { type = list(any) description = "The IPs that are allowed to access the prometheus instance." default = [] } - -variable "kms_location" { - default = "us-central1" -} - -variable "disk_type" { - type = string - default = "pd-balanced" -} - -variable "image_source_project" { - type = string - default = "" -} - -variable "mempooldat" { - type = string - default = "" -} - -variable "fullurl" { - type = string - default = "" -}