port fleet to AWS EC2

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-01-27 15:09:21 +01:00 · 2020-01-27 15:09:21 +01:00 · 14b623c4b4
parent aeb4345600
commit 14b623c4b4
6 changed files with 105 additions and 100 deletions
--- a/11
+++ b/11
@ -58,12 +58,11 @@ secrets:
 	echo "Saving secrets to: terraform.tfvars"
 	@echo -e "\
 # secrets extracted from password-store\n\
-cloudflare_token    = \"$(shell pass cloud/Cloudflare/token)\"\n\
-cloudflare_email    = \"$(shell pass cloud/Cloudflare/email)\"\n\
-cloudflare_account  = \"$(shell pass cloud/Cloudflare/account)\"\n\
-digitalocean_token  = \"$(shell pass cloud/DigitalOcean/token)\"\n\
-alicloud_access_key = \"$(shell pass cloud/Alibaba/access-key)\"\n\
-alicloud_secret_key = \"$(shell pass cloud/Alibaba/secret-key)\"\n\
+cloudflare_token   = \"$(shell pass cloud/Cloudflare/token)\"\n\
+cloudflare_email   = \"$(shell pass cloud/Cloudflare/email)\"\n\
+cloudflare_account = \"$(shell pass cloud/Cloudflare/account)\"\n\
+aws_access_key     = \"$(shell pass cloud/AWS/Nimbus/access-key)\"\n\
+aws_secret_key     = \"$(shell pass cloud/AWS/Nimbus/secret-key)\"\n\
 " > terraform.tfvars

 cleanup:
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -17,6 +17,12 @@ bootstrap__root_pass: '{{lookup("passwordstore", "hosts/admin-pass")}}'
 # Consul Encryption
 consul_encryption_key: '{{lookup("passwordstore", "services/consul/encryption-key")}}'

+# Disable Consul, AWS has no Consul cluster
+bootstrap__consul_enabled: false
+
+# Disable Tinc, since it won't work without Consul
+bootstrap__tinc_enabled: false
+
 # Disable Watchtower cleanup to avoid removal errors
 bootstrap__watchtower_cleanup_flag: false

--- a/main.tf
+++ b/main.tf
@ -1,7 +1,10 @@
 /* PROVIDERS ------------------------------------*/

-provider "digitalocean" {
-  token = var.digitalocean_token
+provider "aws" {
+  version    = "~> 2.0"
+  region     = var.aws_zone
+  access_key = var.aws_access_key
+  secret_key = var.aws_secret_key
 }

 provider "cloudflare" {
@ -10,33 +13,14 @@ provider "cloudflare" {
  account_id = var.cloudflare_account
 }

-provider "google" {
-  credentials = file("google-cloud.json")
-  project     = "russia-servers"
-  region      = "us-central1"
-}
-
-provider "alicloud" {
-  access_key = var.alicloud_access_key
-  secret_key = var.alicloud_secret_key
-  region     = var.alicloud_region
-}
-
 /* DATA -----------------------------------------*/

 terraform {
-  backend "consul" {
-    address = "https://consul.statusim.net:8400"
-    lock    = true
-
-    /* KV store has a limit of 512KB */
-    gzip = true
-
-    /* WARNING This needs to be changed for every repo. */
-    path      = "terraform/nimbus/"
-    ca_file   = "ansible/files/consul-ca.crt"
-    cert_file = "ansible/files/consul-client.crt"
-    key_file  = "ansible/files/consul-client.key"
+  backend "s3" {
+    bucket  = "tf-state-infra-nimbus"
+    key     = "infra-dapps"
+    region  = "eu-central-1"
+    encrypt = true
  }
 }

@ -55,60 +39,9 @@ locals {
  }
 }

+/* ACCESS KEY ------------------------------------------------------*/

-/* RESOURCES ------------------------------------*/
-
-module "nimbus-master" {
-  source     = "github.com/status-im/infra-tf-digital-ocean"
-
-  name       = "master"
-  env        = "nimbus"
-  group      = "nimbus-master"
-  size       = "s-4vcpu-8gb"
-  host_count = 1
-  domain     = var.domain
-  open_ports = [
-    "80", /* HTTP */
-    "443", /* HTTPS */
-    "9000-9010", /* Nimbus ports */
-    "9100-9110", /* Nimbus ports */
-  ]
+resource "aws_key_pair" "jakubgs" {
+  key_name   = "jakubgs"
+  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA6mutbRHO8VvZ61MYvjIVv1Re9NiJGE1piTQq4IFwXOvAi1HkXkMlsjmzYt+CEv0HmMGCHmdrw5xpqnDTWg18lM5RYLzrAv9hBOQ10IC+8FH2XWDKoyz+PBQsNEbbJ23QQtu0O5mpsOzI/KBT9CkiYUYlEBwHI0vNqsdHDLwv3Yt7PhauguXDHpYnwH/OseVHLBg2+/3aJIfOMVVRnhptQGYAhTNUZ9F1EwvQETMhM/vEsk8+o9B3tK/Ii/RD2EtVUlpRG4q6QTFbssLMImUfcdoggHsfCqjq3apUs8bR81oN9UVoYiP8tn5sWIUyRBxIEzXpqa4rx04KY8xNYqeZ jakub@status.im"
 }
-
-module "nimbus-nodes" {
-  source     = "github.com/status-im/infra-tf-digital-ocean"
-
-  name       = "node"
-  env        = "nimbus"
-  group      = "nimbus-slaves"
-  size       = "s-4vcpu-8gb"
-  domain     = var.domain
-  host_count = var.hosts_count
-  open_ports = [
-    "80", /* HTTP */
-    "443", /* HTTPS */
-    "9000-9010", /* beacon node */
-    "9100-9110", /* beacon node */
-  ]
-}
-
-/* DNS ------------------------------------------*/
-
-resource "cloudflare_record" "nimbus-test-stats" {
-  zone_id = local.zones["status.im"]
-  name    = "nimbus-test-stats"
-  type    = "A"
-  proxied = true
-  value   = module.nimbus-master.public_ips[count.index]
-  count   = length(module.nimbus-master.public_ips)
-}
-
-resource "cloudflare_record" "serenity-testnets" {
-  zone_id = local.zones["status.im"]
-  name    = "serenity-testnets"
-  type    = "A"
-  proxied = true
-  value   = module.nimbus-master.public_ips[count.index]
-  count   = length(module.nimbus-master.public_ips)
-}
-
--- a/nimbus.tf
+++ b/nimbus.tf
@ -0,0 +1,71 @@
+/* RESOURCES ------------------------------------*/
+
+module "nimbus-master" {
+  source = "github.com/status-im/infra-tf-amazon-web-services"
+
+  name   = "master"
+  env    = "nimbus"
+  group  = "nimbus-master"
+  domain = var.domain
+
+  /* Scaling */
+  instance_type = "t3a.medium"
+  data_vol_size = 50
+  host_count    = 1
+
+  /* Firewall */
+  open_tcp_ports = [
+    "80",        /* HTTP */
+    "443",       /* HTTPS */
+    "9000-9010", /* Nimbus ports */
+    "9100-9110", /* Nimbus ports */
+  ]
+
+  /* Plumbing */
+  keypair_name = aws_key_pair.jakubgs.key_name
+}
+
+module "nimbus-nodes" {
+  source = "github.com/status-im/infra-tf-amazon-web-services"
+
+  name   = "node"
+  env    = "nimbus"
+  group  = "nimbus-slaves"
+  domain = var.domain
+
+  /* Scaling */
+  instance_type = "t3a.medium"
+  data_vol_size = 50
+  host_count    = var.hosts_count
+
+  /* Firewall */
+  open_tcp_ports = [
+    "80",        /* HTTP */
+    "443",       /* HTTPS */
+    "9000-9010", /* beacon node */
+    "9100-9110", /* beacon node */
+  ]
+  
+  /* Plumbing */
+  keypair_name = aws_key_pair.jakubgs.key_name
+}
+
+/* DNS ------------------------------------------*/
+
+resource "cloudflare_record" "nimbus-test-stats" {
+  zone_id = local.zones["status.im"]
+  name    = "nimbus-test-stats"
+  type    = "A"
+  proxied = true
+  value   = module.nimbus-master.public_ips[count.index]
+  count   = length(module.nimbus-master.public_ips)
+}
+
+resource "cloudflare_record" "serenity-testnets" {
+  zone_id = local.zones["status.im"]
+  name    = "serenity-testnets"
+  type    = "A"
+  proxied = true
+  value   = module.nimbus-master.public_ips[count.index]
+  count   = length(module.nimbus-master.public_ips)
+}
--- a/variables.tf
+++ b/variables.tf
@ -12,21 +12,17 @@ variable "cloudflare_account" {
  description = "ID of the CloudFlare organization."
 }

-variable "digitalocean_token" {
-  description = "Token for interacting with DigitalOcean API."
+variable "aws_access_key" {
+  description = "Access key for the AWS API."
 }

-variable "alicloud_access_key" {
-  description = "Alibaba Cloud API access key."
+variable "aws_secret_key" {
+  description = "Secret key for the AWS API."
 }

-variable "alicloud_secret_key" {
-  description = "Alibaba Cloud API secret key."
-}
-
-variable "alicloud_region" {
-  description = "Alibaba Cloud hosting region."
-  default     = "cn-hongkong"
+variable "aws_zone" {
+  description = "Name of the AWS Availability Zone."
+  default     = "eu-central-1"
 }

 /* GENERAL --------------------------------------*/
--- a/versions.tf
+++ b/versions.tf
@ -1,7 +1,7 @@
 terraform {
  required_version = ">= 0.12"
  required_providers {
-    cloudflare   = " = 2.3.0"
-    digitalocean = " = 1.12.0"
+    cloudflare = " = 2.3.0"
+    aws        = " = 2.46.0"
  }
 }