github.com/filecoin-project/bacalhau@v0.3.23-0.20230228154132-45c989550ace/dashboard/terraform/main.tf

github.com/filecoin-project/bacalhau@v0.3.23-0.20230228154132-45c989550ace/dashboard/terraform/main.tf (about)

     1  provider "google" {
     2    project = var.gcp_project
     3    region  = var.region
     4    zone    = var.zone
     5  }
     6  
     7  terraform {
     8    backend "gcs" {
     9      # this bucket lives in the bacalhau-cicd google project
    10      # https://console.cloud.google.com/storage/browser/bacalhau-global-storage;tab=objects?project=bacalhau-cicd
    11      bucket = "bacalhau-global-storage"
    12      prefix = "terraform/dashboard/state"
    13    }
    14  }
    15  
    16  // A single Google Cloud Engine instance
    17  resource "google_compute_instance" "dashboard_vm" {
    18    name         = "dashboard-vm-${terraform.workspace}-${count.index}"
    19    count        = 1
    20    machine_type = var.machine_type
    21    zone         = var.zone
    22  
    23    boot_disk {
    24      initialize_params {
    25        image = "ubuntu-os-cloud/ubuntu-2204-lts"
    26        size  = var.boot_disk_size_gb
    27      }
    28    }
    29  
    30    metadata_startup_script = <<-EOF
    31  #!/bin/bash
    32  set -euo pipefail
    33  IFS=$'\n\t'
    34  
    35  sudo mkdir -p /terraform_node
    36  sudo tee /terraform_node/install-node.sh > /dev/null <<'EOI'
    37  ${file("${path.module}/remote_files/scripts/install-node.sh")}
    38  EOI
    39  
    40  sudo bash /terraform_node/install-node.sh 2>&1 | tee -a /tmp/bacalhau.log
    41  EOF
    42  
    43    network_interface {
    44      network    = google_compute_network.dashboard_network[0].name
    45      subnetwork = ""
    46      access_config {
    47        nat_ip = google_compute_address.ipv4_address[count.index].address
    48      }
    49    }
    50  
    51    lifecycle {
    52      ignore_changes = [attached_disk]
    53    }
    54    #   service_account {
    55    #     scopes = ["cloud-platform"]
    56    #   }
    57    allow_stopping_for_update = true
    58  }
    59  
    60  resource "google_compute_address" "ipv4_address" {
    61    region = var.region
    62    name  = "bacalhau-dashboard-ipv4-address-${count.index}"
    63    count = 1
    64    lifecycle {
    65      prevent_destroy = true
    66    }
    67  }
    68  
    69  output "public_ip_address" {
    70    value = google_compute_instance.dashboard_vm.*.network_interface.0.access_config.0.nat_ip
    71  }
    72  
    73  resource "google_compute_disk" "dashboard_disk" {
    74    name     = "dashboard-disk-${terraform.workspace}-${count.index}"
    75    count    = 1
    76    type     = "pd-ssd"
    77    zone     = var.zone
    78    size     = var.volume_size_gb
    79    lifecycle {
    80      prevent_destroy = true
    81    }
    82  }
    83  
    84  resource "google_compute_disk_resource_policy_attachment" "attachment" {
    85    name  = google_compute_resource_policy.dashboard_disks_backups[count.index].name
    86    disk  = google_compute_disk.dashboard_disk[count.index].name
    87    zone  = var.zone
    88    count = 1
    89  }
    90  
    91  resource "google_compute_resource_policy" "dashboard_disks_backups" {
    92    name   = "dashboard-disk-backups-${terraform.workspace}-${count.index}"
    93    region = var.region
    94    count  = 1
    95    snapshot_schedule_policy {
    96      schedule {
    97        daily_schedule {
    98          days_in_cycle = 1
    99          start_time    = "23:00"
   100        }
   101      }
   102      retention_policy {
   103        max_retention_days    = 30
   104        on_source_disk_delete = "KEEP_AUTO_SNAPSHOTS"
   105      }
   106      snapshot_properties {
   107        labels = {
   108          dashboard_backup = "true"
   109        }
   110        # this only works with Windows and looks like it's non-negotiable with gcp
   111        guest_flush = false
   112      }
   113    }
   114  }
   115  
   116  resource "google_compute_attached_disk" "default" {
   117    disk     = google_compute_disk.dashboard_disk[count.index].self_link
   118    instance = google_compute_instance.dashboard_vm[count.index].self_link
   119    count    = 1
   120    zone     = var.zone
   121  }
   122  
   123  resource "google_compute_firewall" "dashboard_firewall" {
   124    name    = "dashboard-ingress-firewall-${terraform.workspace}"
   125    network = google_compute_network.dashboard_network[0].name
   126  
   127    allow {
   128      protocol = "icmp"
   129    }
   130  
   131    allow {
   132      protocol = "tcp"
   133      ports = [
   134        "80",
   135        "443"
   136      ]
   137    }
   138  
   139    source_ranges = var.ingress_cidrs
   140  }
   141  
   142  resource "google_compute_firewall" "dashboard_ssh_firewall" {
   143    name    = "dashboard-ssh-firewall-${terraform.workspace}"
   144    network = google_compute_network.dashboard_network[0].name
   145  
   146    allow {
   147      protocol = "icmp"
   148    }
   149  
   150    allow {
   151      protocol = "tcp"
   152      // Port 22   - Provides ssh access to the bacalhau server, for debugging 
   153      ports = ["22"]
   154    }
   155  
   156    source_ranges = var.ssh_access_cidrs
   157  }
   158  
   159  resource "google_compute_network" "dashboard_network" {
   160    name                    = "dashboard-network-${terraform.workspace}"
   161    auto_create_subnetworks = true
   162    count                   = 1
   163  }