Add base terraform deployment

Author: jpraynaud

mithril-infra/main.backend.tf

@@ -0,0 +1,5 @@
+terraform {
+  backend "gcs" {
+
+  }
+}

mithril-infra/main.dns.tf

@@ -0,0 +1,19 @@
+resource "google_dns_managed_zone" "mithril-api-zone" {
+  name        = "${local.environment_name}-dns"
+  dns_name    = "${local.environment_name_short}.${var.mithril_api_domain}."
+  description = "DNS zone to manage Mithril API"
+  visibility  = "public"
+}
+
+resource "google_dns_record_set" "mithril-aggregator-endpoint" {
+  name         = "aggregator.${google_dns_managed_zone.mithril-api-zone.dns_name}"
+  managed_zone = google_dns_managed_zone.mithril-api-zone.name
+  type         = "A"
+  ttl          = 300
+  rrdatas      = [google_compute_address.mithril-external-address.address]
+}
+
+locals {
+  mithril_aggregator_host         = trimsuffix(google_dns_record_set.mithril-aggregator-endpoint.name, ".")
+  mithril_aggregator_endpoint_url = format("https://%s/aggregator", local.mithril_aggregator_host)
+}

mithril-infra/main.firewall.tf

@@ -0,0 +1,12 @@
+resource "google_compute_firewall" "mithril-vm-firewall" {
+  name    = "${local.environment_name}-firewall"
+  network = google_compute_network.vpc_network.id
+
+  allow {
+    protocol = "tcp"
+    ports    = ["22", "80", "443"]
+  }
+
+  source_ranges = ["0.0.0.0/0"]
+  target_tags   = [local.environment_name]
+}

mithril-infra/main.vm.tf

@@ -0,0 +1,52 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "3.5.0"
+    }
+  }
+}
+
+provider "google" {
+  credentials = file(var.google_service_credentials_json)
+  project     = local.google_project_id
+  region      = var.google_region
+  zone        = var.google_zone
+}
+
+resource "google_compute_network" "vpc_network" {
+  name = "${local.environment_name}-network"
+}
+
+resource "google_compute_instance" "vm_instance" {
+  name         = "${local.environment_name}-vm"
+  machine_type = var.google_machine_type
+  tags         = ["mithril", local.environment_name, var.environment_prefix, var.cardano_network]
+
+  allow_stopping_for_update = true
+
+  metadata = {
+    sshKeys = file("./assets/ssh_keys")
+  }
+
+  metadata_startup_script = file("./assets/startup-vm.sh")
+
+  boot_disk {
+    initialize_params {
+      size  = 200
+      image = "ubuntu-os-cloud/ubuntu-2204-lts"
+    }
+  }
+
+  network_interface {
+    network = google_compute_network.vpc_network.name
+    access_config {
+      nat_ip = google_compute_address.mithril-external-address.address
+    }
+  }
+}
+
+resource "google_compute_address" "mithril-external-address" {
+  name = "${local.environment_name}-ip"
+}
+

mithril-infra/output.tf

@@ -0,0 +1,19 @@
+output "google_project" {
+  value = local.google_project_id
+}
+
+output "aggregator_endpoint" {
+  value = local.mithril_aggregator_endpoint_url
+}
+
+output "external-ip" {
+  value = google_compute_address.mithril-external-address.address
+}
+
+output "api_subdomain" {
+  value = google_dns_managed_zone.mithril-api-zone.dns_name
+}
+
+output "name_servers" {
+  value = google_dns_managed_zone.mithril-api-zone.name_servers
+}

mithril-infra/variables.tf

@@ -0,0 +1,75 @@
+variable "environment_prefix" {
+  type        = string
+  description = "The environment prefix to deploy: testing, pre-release or release"
+}
+
+variable "environment_suffix" {
+  type        = string
+  description = "The environment suffix to deploy"
+}
+
+variable "cardano_network" {
+  type        = string
+  description = "The Cardano network name to attach: preview, preprod or mainnet"
+}
+
+locals {
+  environment_name_short = format("%s%s", "${var.environment_prefix}-${var.cardano_network}", var.environment_suffix != "" ? "-${var.environment_suffix}" : "")
+  environment_name       = "mithril-${local.environment_name_short}"
+}
+
+variable "google_region" {
+  type        = string
+  description = "The region on GCP"
+}
+
+variable "google_zone" {
+  type        = string
+  description = "The zone on GCP"
+}
+
+variable "google_machine_type" {
+  type        = string
+  description = "The machine type on which to run the VM on GCP"
+}
+
+variable "google_service_credentials_json" {
+  type        = string
+  description = "The credentials of the GCP service account"
+}
+
+variable "google_application_credentials_json" {
+  type        = string
+  description = "Service account JSON key file used by aggregator to upload files to gcloud storage"
+}
+
+locals {
+  google_service_credentials_json_decoded = jsondecode(file(var.google_service_credentials_json))
+  google_service_account_private_key      = local.google_service_credentials_json_decoded.private_key
+  google_project_id                       = local.google_service_credentials_json_decoded.project_id
+}
+
+variable "mithril_api_domain" {
+  type        = string
+  description = "The Mithril api (sub)domain name of service to deploy"
+}
+
+variable "mithril_image_id" {
+  type        = string
+  description = "The Mithril image tag of service to deploy"
+}
+
+variable "mithril_genesis_verification_key_url" {
+  type        = string
+  description = "The url of the Mithril genesis verification key used by to verify a genesis certificate"
+}
+variable "mithril_genesis_secret_key" {
+  type        = string
+  description = "The Mithril genesis secret key used by the aggregator to bootstrap a genesis certificate (test only)"
+}
+
+variable "mithril_signers" {
+  type = map(object({
+    pool_id = string
+  }))
+}