terraform: add boot nodes

2025-02-03 10:53:58 +00:00 · 2023-09-18 12:13:52 +02:00 · 2023-09-18 12:13:52 +02:00 · 4fb54295a6
commit 4fb54295a6
parent e1453c3f98
5 changed files with 88 additions and 8 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -2,8 +2,11 @@
 # Root password
 bootstrap__root_pass: '{{lookup("bitwarden", "root-pass")}}'
 # Consul
-bootstrap__consul_encryption_key: '{{lookup("bitwarden", "consul/cluster", field="encryption-key")}}'
-bootstarp__consul_agent_acl_token: '{{lookup("bitwarden", "consul/acl-tokens", field="agent-default")}}'
+bootstrap__consul_encryption_key:   '{{lookup("bitwarden", "consul/cluster", field="encryption-key")}}'
+bootstarp__consul_agent_acl_token:  '{{lookup("bitwarden", "consul/acl-tokens", field="agent-default")}}'
+bootstrap__consul_certs_ca_crt:     '{{lookup("bitwarden", "consul/certs",      file="ca.pem")}}'
+bootstrap__consul_certs_client_crt: '{{lookup("bitwarden", "consul/certs",      file="client.pem")}}'
+bootstrap__consul_certs_client_key: '{{lookup("bitwarden", "consul/certs",      file="client-key.pem")}}'
 # SSHGuard
 bootstrap__sshguard_whitelist_extra: ['{{lookup("bitwarden", "sshguard/whitelist", field="jakubgs-home")}}']
 # Wireguard
--- a/ansible/inventory/test
+++ b/ansible/inventory/test
@ -0,0 +1,38 @@
+# NOTE: This file is generated by terraform.py
+# For emergency use when Consul fails
+[all]
+boot-01.ac-cn-hongkong-c.shards.test hostname=boot-01.ac-cn-hongkong-c.shards.test ansible_host=8.218.23.76 env=shards stage=test data_center=ac-cn-hongkong-c region=cn-hongkong-c dns_entry=boot-01.ac-cn-hongkong-c.shards.test.statusim.net
+boot-01.do-ams3.shards.test hostname=boot-01.do-ams3.shards.test ansible_host=167.99.19.47 env=shards stage=test data_center=do-ams3 region=ams3 dns_entry=boot-01.do-ams3.shards.test.statusim.net
+boot-01.gc-us-central1-a.shards.test hostname=boot-01.gc-us-central1-a.shards.test ansible_host=34.135.13.87 env=shards stage=test data_center=gc-us-central1-a region=us-central1-a dns_entry=boot-01.gc-us-central1-a.shards.test.statusim.net
+boot-02.ac-cn-hongkong-c.shards.test hostname=boot-02.ac-cn-hongkong-c.shards.test ansible_host=8.218.174.108 env=shards stage=test data_center=ac-cn-hongkong-c region=cn-hongkong-c dns_entry=boot-02.ac-cn-hongkong-c.shards.test.statusim.net
+boot-02.do-ams3.shards.test hostname=boot-02.do-ams3.shards.test ansible_host=178.128.143.241 env=shards stage=test data_center=do-ams3 region=ams3 dns_entry=boot-02.do-ams3.shards.test.statusim.net
+boot-02.gc-us-central1-a.shards.test hostname=boot-02.gc-us-central1-a.shards.test ansible_host=34.31.14.239 env=shards stage=test data_center=gc-us-central1-a region=us-central1-a dns_entry=boot-02.gc-us-central1-a.shards.test.statusim.net
+
+[ac-cn-hongkong-c]
+boot-01.ac-cn-hongkong-c.shards.test
+boot-02.ac-cn-hongkong-c.shards.test
+
+[boot]
+boot-01.ac-cn-hongkong-c.shards.test
+boot-01.do-ams3.shards.test
+boot-01.gc-us-central1-a.shards.test
+boot-02.ac-cn-hongkong-c.shards.test
+boot-02.do-ams3.shards.test
+boot-02.gc-us-central1-a.shards.test
+
+[do-ams3]
+boot-01.do-ams3.shards.test
+boot-02.do-ams3.shards.test
+
+[gc-us-central1-a]
+boot-01.gc-us-central1-a.shards.test
+boot-02.gc-us-central1-a.shards.test
+
+[shards.test]
+boot-01.ac-cn-hongkong-c.shards.test
+boot-01.do-ams3.shards.test
+boot-01.gc-us-central1-a.shards.test
+boot-02.ac-cn-hongkong-c.shards.test
+boot-02.do-ams3.shards.test
+boot-02.gc-us-central1-a.shards.test
+
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -1,30 +1,32 @@
 ---
 - name: infra-role-bootstrap-linux
  src: git@github.com:status-im/infra-role-bootstrap-linux.git
-  version: 50eda0808cceaaad2a5c5cdb4493935f2e3a637d
  scm: git

 - name: infra-role-wireguard
  src: git@github.com:status-im/infra-role-wireguard.git
-  version: b711bbabd2dc3d9ce8b1c3a6e5bc785901db9d09
  scm: git

 - name: open-ports
  src: git@github.com:status-im/infra-role-open-ports.git
-  version: 24dc30dbdf85e6758cb6924074b2f7a0f4541524
  scm: git

 - name: swap-file
  src: git@github.com:status-im/infra-role-swap-file.git
-  version: 3fb0fb8d313ab388df1b38d516e2ff88b72a2cf7
  scm: git

 - name: consul-service
  src: git@github.com:status-im/infra-role-consul-service.git
-  version: 2b3d4e53856d6cc91ae5c5a342fd12f2bb96aa88
+  version: 4d7c9c606f5e039a22c34ba93961d05056c0e002
  scm: git

 - name: systemd-timer
  src: git@github.com:status-im/infra-role-systemd-timer.git
-  version: c6bbc3d1b4b0ba603d82fa06cd17297d12523182
+  version: 24b9f3c82b0f2cc89211e40b0abce07e983e67c1
+  scm: git
+
+- name: nim-waku
+  src: git@github.com:status-im/infra-role-nim-waku.git
+  # TODO: update hash and find a working image to support topic argument change
+  version: 8044c33ffb92b3ee73cba677a090330ff638b70c
  scm: git
--- a/hosts_boot.tf
+++ b/hosts_boot.tf
@ -0,0 +1,29 @@
+module "boot" {
+  source = "github.com/status-im/infra-tf-multi-provider"
+
+  /* node type */
+  name   = "boot"
+  group  = "boot"
+  env    = "shards"
+  stage  = terraform.workspace
+  domain = var.domain
+
+  /* scaling */
+  host_count = local.ws["boot_hosts_count"]
+
+  /* instance sizes */
+  do_type = local.ws["do_type"] /* DigitalOcean */
+  ac_type = local.ws["ac_type"] /* Alibaba Cloud */
+  gc_type = local.ws["gc_type"] /* Google Cloud */
+
+  /* data volumes */
+  ac_data_vol_size = local.ws["data_vol_size"]
+  do_data_vol_size = local.ws["data_vol_size"]
+  gc_data_vol_size = local.ws["data_vol_size"]
+
+  /* firewall */
+  open_udp_ports = [
+    "9000", /* discovery v5 */
+  ]
+}
+
--- a/workspaces.tf
+++ b/workspaces.tf
@ -10,6 +10,14 @@ locals {
  env = {
    defaults = {
      /* Default settings for all fleets/workspaces. */
+
+      boot_hosts_count = 2
+
+      do_type = "s-1vcpu-2gb" /* DigitalOcean */
+      ac_type = "ecs.t5-lc1m2.small" /* Alibaba Cloud */
+      gc_type = "g1-small" /* Google Cloud */
+
+      data_vol_size = 40
    }

    test = {